Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

URL:Mal svchost.exe (Avast! alert at internet connection) [Solved]

Started by olivercatroya , Feb 25 2015 03:07 PM
svchost.exe reddie.net blackfight.info epifactory.com malware avast

  • This topic is locked This topic is locked

#1
olivercatroya
Posted 25 February 2015 - 03:07 PM

olivercatroya

    Member

  • Member
  • PipPip
  • 11 posts

Hi everyone,

I really need help. I've been spending all day trying to solve this problem! (I'm italian so there might be some mistakes... please be patient! :) )

 

The pc that i'm trying to fix is not mine, so I don't know exactly what could have caused the problem. Anyway, I initially started a scan with Malwarebytes Anti-Malware: I put in quarantene every PUP and malware found (the number of PUP found was incredible, 820!). Then I cleaned all with CCleaner and programmed a Boot-time scan with Avast!.

After all this, everything seemed to be ok, but when I tried to connect to the internet with Wifi, a lot of Avast! alerts came out, first with a dll from reddie.net, then another dll from blackfight.info and then another dll from epifactory.com, all with:

 

Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
 
I tried AdwCleaner, JRT, HijackThis... none of them seemed to work.
I've seen a lot of similar threads relating to this issue, but there does not appear to be any universal solution.
 
Many thanks!
 
Here's the OTL log.
 
 
 
OTL logfile created on: 25/02/2015 21:30:13 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mony\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
3,89 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,51% Memory free
4,58 Gb Paging File | 2,94 Gb Available in Paging File | 64,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914,69 Gb Total Space | 866,38 Gb Free Space | 94,72% Space Free | Partition Type: NTFS
Drive E: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT
 
Computer Name: AMORE | User Name: Mony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/25 21:28:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mony\Desktop\OTL.exe
PRC - [2015/02/25 15:55:10 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/02/25 15:54:06 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015/02/25 15:53:33 | 000,104,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/12/19 21:59:52 | 000,090,880 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
PRC - [2014/12/19 21:59:52 | 000,089,344 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
PRC - [2014/12/19 21:47:54 | 002,480,384 | ---- | M] (Acer) -- C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
PRC - [2014/12/19 14:16:59 | 009,191,168 | ---- | M] (Acer Cloud Technology) -- C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
PRC - [2014/12/19 14:15:49 | 002,713,856 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
PRC - [2014/02/22 09:00:27 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2013/09/04 00:53:48 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/09/04 00:53:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/01 02:40:36 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/07/16 18:21:38 | 000,235,008 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2012/07/14 00:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/25 15:54:12 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/12/19 22:00:22 | 000,279,296 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\libcurl.dll
MOD - [2014/12/19 21:59:52 | 000,090,880 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
MOD - [2014/12/19 21:59:52 | 000,089,344 | ---- | M] () -- C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
MOD - [2014/12/19 21:48:20 | 000,119,552 | ---- | M] () -- C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
MOD - [2014/12/19 21:48:14 | 000,203,008 | ---- | M] () -- C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
MOD - [2014/08/15 18:19:58 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5bd3374f05d46ba0563f44d032209f08\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2015/02/25 15:54:06 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2015/02/25 15:53:33 | 000,104,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2015/01/13 23:20:30 | 002,711,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/12/06 02:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/10/31 05:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/22 04:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/09/22 04:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/08/16 04:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/16 01:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/16 01:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 08:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/06/20 09:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/06/20 09:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/03/14 07:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 06:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 08:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 16:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 10:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 10:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 10:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 10:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/12/10 08:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/06 06:00:00 | 000,101,192 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2013/08/22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/03 03:33:16 | 000,448,040 | ---- | M] (Acer Incorporate) [On_Demand | Running] -- C:\Program Files\Acer\Acer Quick Access\RMSvc.exe -- (RMSvc)
SRV:64bit: - [2013/08/03 03:33:14 | 000,457,768 | ---- | M] (Acer Incorporate) [On_Demand | Running] -- C:\Program Files\Acer\Acer Quick Access\QASvc.exe -- (QASvc)
SRV:64bit: - [2013/08/03 02:47:44 | 000,457,768 | ---- | M] (Acer Incorporate) [Auto | Running] -- C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe -- (LMSvc)
SRV:64bit: - [2013/07/06 01:19:04 | 000,663,592 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2013/05/12 02:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/12 02:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/12/19 14:15:49 | 002,713,856 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2014/08/16 04:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/03/14 07:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/09/12 11:03:03 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/07 10:52:20 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2013/09/04 00:53:48 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/09/04 00:53:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/01 02:40:36 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/07/16 18:21:38 | 000,235,008 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2012/07/14 00:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/04/24 23:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2015/02/25 15:54:58 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2015/02/25 15:54:18 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2015/02/25 15:54:18 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/02/25 15:54:18 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/02/25 15:54:18 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/02/25 15:54:18 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/02/25 15:54:18 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/02/25 15:54:17 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/02/25 15:53:52 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2015/02/25 15:53:34 | 000,449,936 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/12/12 01:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2014/10/13 03:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/10/13 03:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/13 03:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/10 02:58:57 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/09/22 04:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/09/22 04:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/09/22 03:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/08/15 01:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 16:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 16:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 12:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/06/20 09:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/06/20 09:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/06/20 09:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/06/20 09:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/06/20 09:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/06/20 09:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/06/20 09:09:34 | 000,070,600 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014/05/01 14:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/20 04:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 13:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 21:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 16:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 16:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 16:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 16:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 13:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/04 19:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/10/26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/14 15:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/09 18:41:07 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/09/09 18:35:40 | 004,170,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/07 10:29:14 | 000,594,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/09/07 10:29:14 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013/09/07 10:29:14 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013/09/07 10:29:14 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013/09/07 10:29:14 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013/09/07 10:29:14 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013/09/07 10:29:14 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013/09/07 10:29:14 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013/09/06 06:00:02 | 000,370,504 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2013/09/04 00:53:44 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/22 23:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 23:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 20:11:03 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/16 05:13:30 | 003,859,968 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/01 02:40:36 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/07/30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/26 10:01:48 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2013/07/25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/19 23:26:32 | 000,082,128 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2013/07/17 10:59:00 | 000,021,360 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMDriver.sys -- (LMDriver)
DRV:64bit: - [2013/07/17 10:59:00 | 000,014,680 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioShim.sys -- (RadioShim)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{A519781D-B9C6-478F-9D2A-EAEF63ACF46D}: "URL" = http://www.bing.com/...=IE10TR&pc=ACJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://it.search.ya...p={searchTerms}
IE - HKLM\..\SearchScopes\{A519781D-B9C6-478F-9D2A-EAEF63ACF46D}: "URL" = http://www.bing.com/...=IE10TR&pc=ACJB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B95C555-8043-46CD-A9DA-18E1E0DE94B0}: "URL" = https://it.search.ya...p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/02/25 15:58:00 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/08/22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (SuaveerAAddON) - {da2bb3d2-c4d7-4165-8875-e27a91b1d6c7} - C:\Program Files (x86)\SuaveerAAddON\B9EAGe4IvMbGm7.x64.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe ()
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe (Acer Incorporated)
O4 - HKCU..\Run: [AcerPortal] C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88109A36-A53C-4045-9969-7FF119D9EBFD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/25 21:29:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mony\Desktop\OTL.exe
[2015/02/25 21:19:01 | 000,000,000 | ---D | C] -- C:\Users\Mony\AppData\Local\SvchostViewer
[2015/02/25 21:09:32 | 000,000,000 | ---D | C] -- C:\Users\Mony\Desktop\backups
[2015/02/25 21:03:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Mony\Desktop\HijackThis.exe
[2015/02/25 20:37:28 | 001,388,274 | ---- | C] (Thisisu) -- C:\Users\Mony\Desktop\JRT.exe
[2015/02/25 20:00:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/02/25 16:01:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2015/02/25 16:01:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2015/02/25 15:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/02/25 15:54:29 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2015/02/25 15:54:22 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/02/25 15:54:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/02/25 15:53:34 | 000,449,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2015/02/25 15:45:49 | 000,000,000 | R--D | C] -- C:\Users\Mony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2015/02/25 15:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/02/25 15:40:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/02/25 15:33:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2015/02/25 14:52:30 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/25 14:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/25 14:52:06 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/25 14:52:06 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/25 14:52:06 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/25 14:52:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/25 14:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Users\Mony\AppData\Local\*.tmp files -> C:\Users\Mony\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2021/10/21 14:36:56 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\RTKHDRC.dat
[2021/10/04 08:34:42 | 000,000,712 | ---- | M] () -- C:\Windows\SysNative\drivers\RTMICEQ0.dat
[2015/02/25 21:28:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mony\Desktop\OTL.exe
[2015/02/25 21:02:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Mony\Desktop\HijackThis.exe
[2015/02/25 20:47:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/25 20:46:18 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/25 20:45:04 | 000,481,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/25 20:44:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/02/25 20:44:44 | 3343,089,664 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/25 20:35:42 | 001,388,274 | ---- | M] (Thisisu) -- C:\Users\Mony\Desktop\JRT.exe
[2015/02/25 20:03:06 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/02/25 20:01:00 | 001,813,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/25 20:01:00 | 000,803,564 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2015/02/25 20:01:00 | 000,722,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/25 20:01:00 | 000,156,688 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2015/02/25 20:01:00 | 000,135,592 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/25 19:58:02 | 002,126,848 | ---- | M] () -- C:\Users\Mony\Desktop\adwcleaner_4.111.exe
[2015/02/25 18:39:08 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/25 18:28:57 | 000,000,020 | ---- | M] () -- C:\Users\Mony\AppData\Roaming\appdataFr3.bin
[2015/02/25 15:54:58 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2015/02/25 15:54:18 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2015/02/25 15:54:18 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/02/25 15:54:18 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/02/25 15:54:18 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/02/25 15:54:18 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/02/25 15:54:18 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/02/25 15:54:18 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/02/25 15:54:17 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/02/25 15:54:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/02/25 15:53:52 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2015/02/25 15:53:34 | 000,449,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2015/02/25 15:38:04 | 000,000,270 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/17 17:48:09 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\abDocs.lnk
[2015/02/17 17:42:12 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Acer Portal.lnk
[2015/02/17 17:25:05 | 000,000,040 | ---- | M] () -- C:\Users\Mony\AppData\Roaming\WB.CFG
[2015/02/17 17:01:15 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[1 C:\Users\Mony\AppData\Local\*.tmp files -> C:\Users\Mony\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/25 21:18:26 | 000,120,832 | ---- | C] () -- C:\Users\Mony\Desktop\Svchost Viewer.exe
[2015/02/25 20:44:52 | 000,481,680 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/25 19:59:48 | 002,126,848 | ---- | C] () -- C:\Users\Mony\Desktop\adwcleaner_4.111.exe
[2015/02/25 18:26:07 | 000,001,276 | ---- | C] () -- C:\Users\Mony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
[2015/02/25 15:38:04 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/02/25 15:04:39 | 000,391,526 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2015/02/17 17:48:09 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\abDocs.lnk
[2015/02/17 17:41:02 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Acer Portal.lnk
[2015/02/17 17:38:29 | 000,000,020 | ---- | C] () -- C:\Users\Mony\AppData\Roaming\appdataFr3.bin
[2015/02/17 17:25:05 | 000,000,040 | ---- | C] () -- C:\Users\Mony\AppData\Roaming\WB.CFG
[2014/06/29 18:36:01 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/06/27 19:49:09 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/12/18 19:39:06 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/10/15 16:14:58 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/10/15 16:14:57 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/15 16:14:57 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/05/12 02:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/12/18 20:04:14 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/31 01:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 23:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/02 14:12:15 | 000,000,000 | ---D | M] -- C:\Users\Mony\AppData\Roaming\acer
[2014/08/25 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mony\AppData\Roaming\AVAST Software
[2014/08/25 16:02:21 | 000,000,000 | ---D | M] -- C:\Users\Mony\AppData\Roaming\Dropbox
[2014/08/25 16:02:20 | 000,000,000 | ---D | M] -- C:\Users\Mony\AppData\Roaming\DropboxMaster
[2014/10/23 21:27:30 | 000,000,000 | -H-D | M] -- C:\Users\Mony\AppData\Roaming\GoldenGate
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Mony\SkyDrive:ms-properties
 
< End of report >

 


  • 0

Advertisements

#2
Nevan
Posted 25 February 2015 - 03:23 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, olivercatroya. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

Let's get started :)

 
First, I'd like to have another look at your system. Please, do the following:

FRST Scan
  • Download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content

  • 0

#3
olivercatroya
Posted 25 February 2015 - 04:02 PM

olivercatroya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Here's the FRST.txt log content:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Mony (administrator) on AMORE on 25-02-2015 22:53:09
Running from C:\Users\Mony\Desktop
Loaded Profiles: UpdatusUser & Mony (Available profiles: UpdatusUser & Mony)
Platform: Windows 8.1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\CredentialUIBroker.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-25] (AVAST Software)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [326224 2013-08-01] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4243315743-900808837-3033948658-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-4243315743-900808837-3033948658-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-4243315743-900808837-3033948658-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://it.search.ya...p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4243315743-900808837-3033948658-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4243315743-900808837-3033948658-1002 -> {0B95C555-8043-46CD-A9DA-18E1E0DE94B0} URL = https://it.search.ya...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4243315743-900808837-3033948658-1002 -> {A519781D-B9C6-478F-9D2A-EAEF63ACF46D} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: SuaveerAAddON -> {da2bb3d2-c4d7-4165-8875-e27a91b1d6c7} -> C:\Program Files (x86)\SuaveerAAddON\B9EAGe4IvMbGm7.x64.dll No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.it/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-29]
CHR Extension: (Google Drive) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-29]
CHR Extension: (YouTube) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-29]
CHR Extension: (Google Search) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29]
CHR Extension: (Gmail) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-02-25] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-06] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-03] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-03] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 LCgbEmCfO; "C:\ProgramData\QmtRGfeMuUY\LCgbEmCfO.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-25] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-02-25] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-25] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-02-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-25] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 22:53 - 2015-02-25 22:53 - 00019250 _____ () C:\Users\Mony\Desktop\FRST.txt
2015-02-25 22:52 - 2015-02-25 22:53 - 00000000 ____D () C:\FRST
2015-02-25 22:52 - 2015-02-25 22:50 - 02087936 _____ (Farbar) C:\Users\Mony\Desktop\FRST64.exe
2015-02-25 21:42 - 2015-02-25 21:42 - 00121044 _____ () C:\Users\Mony\Desktop\OTL.Txt
2015-02-25 21:42 - 2015-02-25 21:42 - 00058164 _____ () C:\Users\Mony\Desktop\Extras.Txt
2015-02-25 21:29 - 2015-02-25 21:28 - 00602112 _____ (OldTimer Tools) C:\Users\Mony\Desktop\OTL.exe
2015-02-25 21:19 - 2015-02-25 21:19 - 00000000 ____D () C:\Users\Mony\AppData\Local\SvchostViewer
2015-02-25 21:18 - 2010-05-20 16:34 - 00120832 _____ () C:\Users\Mony\Desktop\Svchost Viewer.exe
2015-02-25 21:09 - 2015-02-25 21:09 - 00000000 ____D () C:\Users\Mony\Desktop\backups
2015-02-25 21:06 - 2015-02-25 21:06 - 00009739 _____ () C:\Users\Mony\Desktop\hijackthis.log
2015-02-25 21:03 - 2015-02-25 21:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mony\Desktop\HijackThis.exe
2015-02-25 20:44 - 2015-02-25 20:45 - 00481680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-25 20:37 - 2015-02-25 20:35 - 01388274 _____ (Thisisu) C:\Users\Mony\Desktop\JRT.exe
2015-02-25 20:12 - 2015-02-25 20:12 - 00000197 _____ () C:\Windows\system32\2015-02-25-19-12-38.010-AvastVBoxSVC.exe-2680.log
2015-02-25 20:07 - 2015-02-25 20:07 - 00000197 _____ () C:\Windows\system32\2015-02-25-19-07-03.046-AvastVBoxSVC.exe-2564.log
2015-02-25 20:00 - 2015-02-25 20:09 - 00000000 ____D () C:\AdwCleaner
2015-02-25 19:59 - 2015-02-25 19:58 - 02126848 _____ () C:\Users\Mony\Desktop\adwcleaner_4.111.exe
2015-02-25 19:38 - 2015-02-25 19:39 - 00000197 _____ () C:\Windows\system32\2015-02-25-18-38-45.081-AvastVBoxSVC.exe-2832.log
2015-02-25 18:32 - 2015-02-25 18:33 - 00000247 _____ () C:\Windows\system32\2015-02-25-17-32-56.077-aswFe.exe-4972.log
2015-02-25 18:27 - 2015-02-25 18:32 - 00000247 _____ () C:\Windows\system32\2015-02-25-17-27-31.026-aswFe.exe-3816.log
2015-02-25 18:27 - 2015-02-25 18:27 - 00000197 _____ () C:\Windows\system32\2015-02-25-17-27-18.020-AvastVBoxSVC.exe-2836.log
2015-02-25 18:26 - 2015-02-25 18:26 - 00001276 _____ () C:\Users\Mony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2015-02-25 18:21 - 2015-02-25 18:21 - 00000247 _____ () C:\Windows\system32\2015-02-25-17-21-52.044-aswFe.exe-2532.log
2015-02-25 18:21 - 2015-02-25 18:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-17-21-49.042-AvastVBoxSVC.exe-3488.log
2015-02-25 16:01 - 2015-02-25 16:01 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-25 16:01 - 2015-02-25 16:01 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-25 15:55 - 2015-02-25 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-25 15:54 - 2015-02-25 15:54 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-25 15:54 - 2015-02-25 15:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-25 15:54 - 2015-02-25 15:53 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-02-25 15:53 - 2015-02-25 15:53 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-02-25 15:40 - 2015-02-25 15:40 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-25 15:40 - 2015-02-25 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-25 15:40 - 2015-02-25 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-25 15:38 - 2015-02-25 15:38 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2015-02-25 15:33 - 2015-02-25 15:33 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-25 15:19 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 15:19 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 15:19 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 15:19 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 15:19 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-25 15:18 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 15:10 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-02-25 15:10 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-25 15:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-02-25 15:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-02-25 15:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-02-25 15:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-02-25 15:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-02-25 15:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-02-25 15:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-02-25 15:04 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-25 15:04 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-25 15:04 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-25 15:04 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-02-25 15:04 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-25 15:04 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-25 15:04 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-02-25 15:04 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-02-25 15:04 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-02-25 15:04 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-02-25 15:04 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-02-25 15:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-25 15:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-25 15:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-25 15:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-25 15:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-25 15:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-25 15:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-25 15:01 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-25 14:57 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-02-25 14:57 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-02-25 14:56 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-25 14:56 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-25 14:52 - 2015-02-25 18:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 14:52 - 2015-02-25 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 14:52 - 2015-02-25 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 14:52 - 2015-02-25 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 14:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 14:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 14:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 18:39 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-17 18:39 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-17 18:39 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-17 18:39 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-17 18:39 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-17 18:39 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-17 18:39 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-17 18:39 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-17 18:39 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-17 18:39 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-17 18:39 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-17 18:39 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-17 18:38 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-17 18:38 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-17 18:38 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-17 18:38 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 18:38 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-17 18:38 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-17 18:38 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-17 18:38 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-17 18:38 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-17 18:38 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-17 18:38 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-17 18:38 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-17 18:38 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-17 18:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-17 18:38 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-17 18:38 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-17 18:38 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-17 18:38 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-17 18:38 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-17 18:38 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-17 18:38 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-17 18:38 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-17 18:38 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-17 18:38 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-17 18:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-17 18:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-17 18:38 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-17 18:38 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-17 18:38 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-17 18:38 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-17 18:38 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-17 18:38 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-17 18:38 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-17 18:38 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-17 18:38 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-17 18:38 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-17 18:38 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-17 18:38 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-17 18:38 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-17 18:38 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-17 18:38 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-17 18:38 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-17 18:38 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-17 18:38 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2015-02-17 18:38 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-17 18:38 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-17 18:38 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-17 18:38 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-17 18:38 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-17 18:38 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-17 18:38 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-17 18:38 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-17 18:38 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-17 18:38 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-17 18:38 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-17 18:38 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-02-17 18:38 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-17 18:38 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-02-17 18:38 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-02-17 18:38 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-17 18:38 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-17 18:38 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-17 18:38 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-17 18:38 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-17 18:38 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-17 18:38 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-17 18:38 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-17 18:38 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2015-02-17 18:38 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-17 18:38 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-17 18:38 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-02-17 18:38 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-17 18:38 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-02-17 18:38 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-17 18:38 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-02-17 18:38 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-17 18:38 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-17 18:38 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-02-17 18:38 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-02-17 18:38 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-02-17 17:48 - 2015-02-17 17:48 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-02-17 17:42 - 2015-02-17 17:42 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-02-17 17:41 - 2015-02-17 17:42 - 00002100 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-02-17 17:39 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-17 17:39 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-17 17:39 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-17 17:39 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-17 17:39 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-17 17:39 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-17 17:39 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-17 17:39 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-17 17:39 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-17 17:38 - 2015-02-25 18:28 - 00000020 _____ () C:\Users\Mony\AppData\Roaming\appdataFr3.bin
2015-02-17 17:38 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-17 17:37 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-17 17:37 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-02-17 17:37 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-02-17 17:37 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-17 17:37 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-17 17:37 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-02-17 17:37 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-02-17 17:37 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-02-17 17:37 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-02-17 17:37 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2015-02-17 17:37 - 2014-08-31 01:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-02-17 17:37 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-17 17:37 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-17 17:37 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2015-02-17 17:37 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2015-02-17 17:37 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-02-17 17:37 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2015-02-17 17:37 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-02-17 17:37 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-17 17:37 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-17 17:37 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-02-17 17:37 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-02-17 17:37 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-02-17 17:37 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-02-17 17:37 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-02-17 17:36 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-17 17:34 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-17 17:34 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-17 17:34 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-17 17:34 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-17 17:34 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-17 17:34 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-17 17:34 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-02-17 17:34 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-17 17:34 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-02-17 17:34 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-02-17 17:34 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-02-17 17:33 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-17 17:33 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-17 17:33 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-17 17:33 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-17 17:33 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-17 17:33 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-17 17:33 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-17 17:33 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-02-17 17:33 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-17 17:33 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-17 17:33 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-17 17:33 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-17 17:33 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-17 17:33 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-17 17:33 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-17 17:33 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-17 17:33 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-02-17 17:33 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-02-17 17:28 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-17 17:28 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-17 17:27 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-02-17 17:27 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-17 17:27 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-17 17:27 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-02-17 17:27 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-17 17:27 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-17 17:27 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-17 17:27 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-17 17:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-02-17 17:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-02-17 17:27 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-02-17 17:27 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-02-17 17:27 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-17 17:27 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-17 17:27 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-17 17:27 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-02-17 17:27 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-02-17 17:27 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-02-17 17:27 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-17 17:27 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-17 17:27 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-17 17:27 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-02-17 17:27 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-02-17 17:27 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-17 17:27 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-17 17:27 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-17 17:27 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-17 17:27 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-17 17:27 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-02-17 17:27 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-02-17 17:27 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-02-17 17:27 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-02-17 17:27 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-02-17 17:27 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-02-17 17:27 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-02-17 17:27 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-02-17 17:27 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2015-02-17 17:27 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-02-17 17:27 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2015-02-17 17:27 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2015-02-17 17:27 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-02-17 17:27 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2015-02-17 17:27 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2015-02-17 17:27 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-02-17 17:27 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2015-02-17 17:27 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-17 17:27 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-02-17 17:27 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-02-17 17:27 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2015-02-17 17:27 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-17 17:27 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-02-17 17:27 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-02-17 17:27 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2015-02-17 17:27 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-17 17:27 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-02-17 17:27 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-02-17 17:27 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-17 17:27 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-02-17 17:27 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-17 17:27 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-17 17:25 - 2015-02-17 17:25 - 00000040 _____ () C:\Users\Mony\AppData\Roaming\WB.CFG
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2021-10-21 14:36 - 2013-12-18 19:38 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-18 19:38 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-02-25 22:50 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Mony\AppData\Local\CrashDumps
2015-02-25 22:49 - 2013-12-18 19:18 - 01515875 _____ () C:\Windows\WindowsUpdate.log
2015-02-25 22:48 - 2014-06-29 12:43 - 00001166 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-25 22:48 - 2014-06-27 18:55 - 00000000 __RDO () C:\Users\Mony\SkyDrive
2015-02-25 22:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-25 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-25 21:10 - 2014-06-27 18:20 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{425858F3-237C-4DF8-B896-82D133DF564F}
2015-02-25 21:04 - 2014-06-26 00:45 - 00000000 ____D () C:\Users\Mony\AppData\Local\VirtualStore
2015-02-25 20:45 - 2013-08-22 15:46 - 00023225 _____ () C:\Windows\setupact.log
2015-02-25 20:45 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 20:37 - 2014-06-26 00:51 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243315743-900808837-3033948658-1002
2015-02-25 20:15 - 2013-10-15 15:21 - 00267662 _____ () C:\Windows\PFRO.log
2015-02-25 20:09 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-25 20:03 - 2014-06-29 12:46 - 00001308 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-25 20:03 - 2014-06-29 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-25 20:01 - 2013-12-18 20:06 - 00803564 _____ () C:\Windows\system32\perfh010.dat
2015-02-25 20:01 - 2013-12-18 20:06 - 00156688 _____ () C:\Windows\system32\perfc010.dat
2015-02-25 20:01 - 2013-10-15 15:30 - 01813012 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-25 19:34 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-25 19:34 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-25 19:33 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 18:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2015-02-25 15:56 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-25 15:54 - 2014-08-25 15:49 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-25 15:54 - 2014-08-25 15:40 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-25 15:33 - 2014-07-11 19:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-02-25 15:32 - 2014-06-29 15:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-25 15:25 - 2014-07-07 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-25 14:47 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini
2015-02-25 14:46 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-02-17 17:48 - 2013-10-15 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-02-17 17:48 - 2013-10-15 15:42 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-02-17 17:46 - 2014-06-26 00:47 - 00000000 ____D () C:\Users\Mony\AppData\Local\clear.fi
2015-02-17 17:39 - 2013-10-15 16:14 - 00000000 ___HD () C:\OEM
2015-02-17 17:01 - 2014-06-29 12:43 - 00004142 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-17 17:01 - 2014-06-29 12:43 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-17 17:01 - 2014-06-29 12:43 - 00001170 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 17:49 - 2014-06-29 15:39 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-02-17 17:38 - 2015-02-25 18:28 - 0000020 _____ () C:\Users\Mony\AppData\Roaming\appdataFr3.bin
2015-02-17 17:25 - 2015-02-17 17:25 - 0000040 _____ () C:\Users\Mony\AppData\Roaming\WB.CFG
2014-10-23 19:21 - 2014-10-23 19:21 - 0612241 _____ (CMI Limited) C:\Users\Mony\AppData\Local\nsj4191.tmp
2013-12-18 19:39 - 2013-12-18 19:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Mony\AppData\Local\Temp\Quarantine.exe
C:\Users\Mony\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-25 18:49
 
==================== End Of Log ============================

 

 

and the Addition.txt log content:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Mony at 2015-02-25 22:54:26
Running from C:\Users\Mony\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2008.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versione 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Graphics Driver 326.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.49 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
24-09-2014 18:09:43 Windows Update
23-10-2014 18:30:42 Windows Update
17-02-2015 17:42:25 avast! antivirus system restore point
25-02-2015 15:23:07 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2366FCC0-8749-4C54-8D20-9C758CD7D134} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.)
Task: {273E690B-ED52-4013-8A5E-C3D6CE0A26D1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {3539A6BB-913E-4C36-AD42-3EB78BB876D0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {3565504F-05E6-4B62-BE3C-B133CAE6146C} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-03] (Acer Incorporate)
Task: {59ED7F87-8EAB-4D0D-9E05-C1985A0C7736} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.)
Task: {662F105F-FD04-486D-90B6-7C1C0C00CACA} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {68D781C5-E5BD-4A89-B843-6F2A635A7507} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {80821F43-EE57-499B-AD75-94843C86B698} - \avayvxvaxc No Task File <==== ATTENTION
Task: {81C5280C-EDD3-4A73-92F2-490CFCA30CD9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {974BCC3E-5D90-469E-A60F-BAB0E0F84119} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-06] (Acer Incorporated)
Task: {A3F1000C-8B17-4FE6-9931-2D7BA28373A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {AD08E39C-0C7B-4967-BB35-46A3CFA32521} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {C02D0241-79F0-4A82-A65E-74993A71DA2D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {DBD87915-DCE1-44BE-B3AE-29DAD30BFAD3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-25] (Microsoft Corporation)
Task: {E7F6E306-CDA2-4D8A-BA7C-0F172557E377} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {F7CCCEF0-23DE-49F1-9382-D7E8E3B64DBC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-25] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-08-10 17:44 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-18 19:32 - 2013-08-01 02:40 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-18 19:33 - 2013-08-01 14:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-25 15:27 - 2015-02-25 15:27 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-07 10:48 - 2013-09-07 10:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 10:45 - 2013-09-07 10:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 10:52 - 2013-09-07 10:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-02-25 20:32 - 2015-02-25 20:32 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15022503\algo.dll
2013-12-18 19:31 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-02-25 15:54 - 2015-02-25 15:54 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mony\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "BacKGround Agent"
HKLM\...\StartupApproved\Run32: => "3D BubbleSound"
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\StartupApproved\StartupFolder: => "Invia a OneNote.lnk"
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\StartupApproved\Run: => "Gameo"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4243315743-900808837-3033948658-500 - Administrator - Disabled)
Guest (S-1-5-21-4243315743-900808837-3033948658-501 - Limited - Disabled)
Mony (S-1-5-21-4243315743-900808837-3033948658-1002 - Administrator - Enabled) => C:\Users\Mony
UpdatusUser (S-1-5-21-4243315743-900808837-3033948658-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/25/2015 10:50:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: AcerPortal.exe, versione: 3.0.4.2002, timestamp: 0x54942c87
Nome del modulo che ha generato l'errore: SHELL32.dll, versione: 6.3.9600.17331, timestamp: 0x54023318
Codice eccezione: 0xc0000005
Offset errore 0x001bf5f0
ID processo che ha generato l'errore: 0x1338
Ora di avvio dell'applicazione che ha generato l'errore: 0xAcerPortal.exe0
Percorso dell'applicazione che ha generato l'errore: AcerPortal.exe1
Percorso del modulo che ha generato l'errore: AcerPortal.exe2
ID segnalazione: AcerPortal.exe3
Nome completo pacchetto che ha generato l'errore: AcerPortal.exe4
ID applicazione relativo al pacchetto che ha generato l'errore: AcerPortal.exe5
 
Error: (02/25/2015 08:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: AcerPortal.exe, versione: 3.0.4.2002, timestamp: 0x54942c87
Nome del modulo che ha generato l'errore: SHELL32.dll, versione: 6.3.9600.17331, timestamp: 0x54023318
Codice eccezione: 0xc0000005
Offset errore 0x001bf5f0
ID processo che ha generato l'errore: 0x1154
Ora di avvio dell'applicazione che ha generato l'errore: 0xAcerPortal.exe0
Percorso dell'applicazione che ha generato l'errore: AcerPortal.exe1
Percorso del modulo che ha generato l'errore: AcerPortal.exe2
ID segnalazione: AcerPortal.exe3
Nome completo pacchetto che ha generato l'errore: AcerPortal.exe4
ID applicazione relativo al pacchetto che ha generato l'errore: AcerPortal.exe5
 
 
System errors:
=============
Error: (02/25/2015 08:45:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Il servizio LCgbEmCfO non è stato avviato per il seguente errore: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/25/2015 10:50:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0133801d0514518264490C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll5698b62a-bd38-11e4-8289-201a0648b182
 
Error: (02/25/2015 08:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0115401d05134010e1bf8C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll4022af3a-bd27-11e4-8289-40f02f340636
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 49%
Total physical RAM: 3985.27 MB
Available physical RAM: 2013.96 MB
Total Pagefile: 4689.27 MB
Available Pagefile: 2453.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.69 GB) (Free:867.06 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E60CE184)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 70707573)
No partition Table on disk 1.
 
==================== End Of Log ============================

 

 

 

UPDATE: I turned on the pc, and this time the dll comes from reduled.info, with 12 alerts. It seems to change every time I restart the pc...


  • 0

#4
Nevan
Posted 26 February 2015 - 06:31 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, olivercatroya.

Please tell me if this gets rid of your problem.

Step #1
Removing McAfee
  • Download McAfee Consumer Products Removal tool to your Desktop and launch it.
  • When prompted, type the Captcha information.
  • When you see the message CleanUp Successful, restart your computer.
Note: If you see the Cleanup Unsuccessful message, click View logs and post the log that appears in your next reply.

 
Step #2
FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   3.66KB   273 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Things that should appear in your next post:
  • Fixlog.txt log content
  • Please tell me if you still are getting alerts from Avast. Any other visible problems?

  • 0

#5
olivercatroya
Posted 26 February 2015 - 12:47 PM

olivercatroya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Perfect!
 
I removed correctly McAfee and run the fix, now everything works properly!
 
Here's the Fixlog.txt content:
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Mony at 2015-02-26 13:58:27 Run:1
Running from C:\Users\Mony\Desktop
Loaded Profiles: UpdatusUser & Mony (Available profiles: UpdatusUser & Mony)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4243315743-900808837-3033948658-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://it.search.ya...p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4243315743-900808837-3033948658-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4243315743-900808837-3033948658-1002 -> {0B95C555-8043-46CD-A9DA-18E1E0DE94B0} URL = https://it.search.ya...p={SearchTerms}
SearchScopes: HKU\S-1-5-21-4243315743-900808837-3033948658-1002 -> {A519781D-B9C6-478F-9D2A-EAEF63ACF46D} URL = 
BHO: SuaveerAAddON -> {da2bb3d2-c4d7-4165-8875-e27a91b1d6c7} -> C:\Program Files (x86)\SuaveerAAddON\B9EAGe4IvMbGm7.x64.dll No File
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
S2 LCgbEmCfO; "C:\ProgramData\QmtRGfeMuUY\LCgbEmCfO.exe" [X]
C:\ProgramData\QmtRGfeMuUY
2014-10-23 19:21 - 2014-10-23 19:21 - 0612241 _____ (CMI Limited) C:\Users\Mony\AppData\Local\nsj4191.tmp
Task: {80821F43-EE57-499B-AD75-94843C86B698} - \avayvxvaxc No Task File <==== ATTENTION
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
Hosts:
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state off
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-4243315743-900808837-3033948658-1002\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-4243315743-900808837-3033948658-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKU\S-1-5-21-4243315743-900808837-3033948658-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B95C555-8043-46CD-A9DA-18E1E0DE94B0}" => Key deleted successfully.
HKCR\CLSID\{0B95C555-8043-46CD-A9DA-18E1E0DE94B0} => Key not found. 
"HKU\S-1-5-21-4243315743-900808837-3033948658-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A519781D-B9C6-478F-9D2A-EAEF63ACF46D}" => Key deleted successfully.
HKCR\CLSID\{A519781D-B9C6-478F-9D2A-EAEF63ACF46D} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da2bb3d2-c4d7-4165-8875-e27a91b1d6c7}" => Key deleted successfully.
"HKCR\CLSID\{da2bb3d2-c4d7-4165-8875-e27a91b1d6c7}" => Key deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
LCgbEmCfO => Service deleted successfully.
"C:\ProgramData\QmtRGfeMuUY" => File/Directory not found.
C:\Users\Mony\AppData\Local\nsj4191.tmp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80821F43-EE57-499B-AD75-94843C86B698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80821F43-EE57-499B-AD75-94843C86B698}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvxvaxc" => Key deleted successfully.
mfefire => Service not found.
mfevtp => Service not found.
cfwids => Service not found.
mfeapfk => Service not found.
mfeavfk => Service not found.
mfeelamk => Service not found.
mfefirek => Service not found.
mfehidk => Service not found.
mfewfpk => Service not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefire => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => Key not found. 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp => Key not found. 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{706DB7C6-DAF8-43FA-BF8A-94FC93DD0CEA} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
OK.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state off =========
 
OK.
 
 
========= End of CMD: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
 
Errore: Impossibile trovare la chiave del Registro di sistema o il valore specificato.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========
 
Operazione completata.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
Errore: Impossibile trovare la chiave del Registro di sistema o il valore specificato.
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
Operazione completata.
 
 
 
========= End of Reg: =========
 
EmptyTemp: => Removed 136.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:00:21 ====

  • 0

#6
Nevan
Posted 26 February 2015 - 04:23 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, olivercatroya.

Step #1
Providing logs

As you've already run JRT, AdwCleaner and Malwarebytes' Anti-Malware, could you please show me logs of these programs and what they've removed?

Here's how to do that:

AdwCleaner:
Go to C:\AdwCleaner and open AdwCleaner[SX].txt, where X is the biggest number visible.

JRT:
JRT.txt should be on your Desktop.

MBAM:
Launch Malwarebytes' Anti-Malware, go to History and double click the last Scan Log. Click the HVS7vK4.png button and paste (CTRL+V) the log into your next reply.

 
Step #2
ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click fxn8GTf.jpg
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that:
    • Enable detection of potentially unwanted applications is checked
    • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked
    TcWwbLS.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Things that should appear in your next post:
  • AdwCleaner log content
  • JRT log content
  • MBAM log content
  • ESET Online Scanner log content

  • 0

#7
olivercatroya
Posted 27 February 2015 - 10:22 AM

olivercatroya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Unfortunately I already deleted the AdwCleaner and JRT log contents :(

but I can show you the MBAM log content:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 25/02/2015
Scan Time: 17:47:46
Logfile: mbam_1.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.25.05
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Mony
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 369146
Time Elapsed: 18 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, 4472, Delete-on-Reboot, [d8d144de68222412db1f0976a75c9b65]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 77
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [76330c16c7c3d75fe76a8393d330f50b], 
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [76330c16c7c3d75fe76a8393d330f50b], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [2683ab77731782b4870df05ab44f50b0], 
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [2683ab77731782b4870df05ab44f50b0], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\CLASSES\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\CLASSES\MySafeProxy.MySafeProxy.1, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\CLASSES\MySafeProxy.MySafeProxy, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySafeProxy.MySafeProxy, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\MySafeProxy.MySafeProxy.1, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{51420F88-4D4A-4042-9509-8D4E1307910E}, Quarantined, [3277180a7a10c175cc89fc13b94a8878], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [eabf081aa8e290a6bf61e630a65d54ac], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [eabf081aa8e290a6bf61e630a65d54ac], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [31783be7b8d2f442800b74a1699a7888], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [31783be7b8d2f442800b74a1699a7888], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [31783be7b8d2f442800b74a1699a7888], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [31783be7b8d2f442800b74a1699a7888], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [31783be7b8d2f442800b74a1699a7888], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cb02c18f-54dc-4ec0-bae2-ab2f8e44f877}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1660FB6B-B310-4BF1-992A-16ADB3C90B7E}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0CBFA3B3-CA56-49ED-8D22-4D59771EA6FD}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0CBFA3B3-CA56-49ED-8D22-4D59771EA6FD}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1660FB6B-B310-4BF1-992A-16ADB3C90B7E}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CB02C18F-54DC-4EC0-BAE2-AB2F8E44F877}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.PlumoWeb.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CB02C18F-54DC-4EC0-BAE2-AB2F8E44F877}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.PlumoWeb.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CB02C18F-54DC-4EC0-BAE2-AB2F8E44F877}, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [bced6cb69af0a0968daa1af7b251758b], 
PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BackupStack, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.PlumoWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update PlumoWeb, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util PlumoWeb, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [961366bc8a009a9cba9f8f4b9d666898], 
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [159471b1503a8aac5759d24ecd3843bd], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [03a660c2b6d44de94903937453b23ec2], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [92179b87b7d325119cd266b912f32bd5], 
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [abfef032c0ca4ceafb7227f804018a76], 
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [199042e0226839fd877f317128db9d63], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, Quarantined, [cbde34ee0684290d1d7bfcbcd82b8977], 
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Quarantined, [cbde37eb810976c0f3ac0112e124639d], 
PUP.Optional.PlumoWeb.A, HKLM\SOFTWARE\WOW6432NODE\PlumoWeb, Quarantined, [f2b7a181484206300afe2e8724df6f91], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarantined, [aefb7ea427632115c27013a4d62d2ed2], 
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [4d5ca87a127869cdd188a9315ca7cb35], 
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [a30671b16723cd694f6121ffd72edb25], 
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Astromenda, Quarantined, [a50425fdcdbd8da982bd3e716a99a35d], 
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [4d5c27fbf09ad165292354b338cd49b7], 
PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [7831ce547c0e9c9a58aec8da29da06fa], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [06a3de44cebcf2447d98c00351b2ed13], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, [05a45ac8fc8e0e28cf316d4a7f844fb1], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [7e2b38ea2f5bc96d1c158b2ca65d33cd], 
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS, Quarantined, [ffaa51d1266441f586a11b0d8f762bd5], 
PUP.Optional.MySafeProxy.A, HKLM\SOFTWARE\WOW6432NODE\XTRM GROUP LTD.\MySafeProxy, Quarantined, [93165dc5682287af1732624e0cf737c9], 
PUP.Optional.Orbiter.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Orbiter, Quarantined, [66432200cfbb112597e876afc34220e0], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarantined, [2a7ffb2743472313ef7bb0fc60a329d7], 
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [e5c4c260cebc52e4595b0cb019eaa55b], 
PUP.Optional.MBOT.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\mybestofferstoday, Quarantined, [e6c35fc3f298c86edf90e0bcf0138d73], 
PUP.Optional.PlumoWeb.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PlumoWeb, Quarantined, [b4f5ce54820872c4759495207e85f010], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarantined, [a801968cb7d3fe385b85358356ad16ea], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [0e9bde44474371c5d1a52af40ef7bb45], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, Quarantined, [43661a081d6d69cd0b103e79986b8f71], 
PUP.Optional.MultiIE.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [bdecec3613770d293cc2db3d6f96f808], 
PUP.Optional.Astromenda.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, Quarantined, [555437ebf6944cea545dd84849bc46ba], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [eebb49d9addd53e33ea4d510a75c3fc1], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [8326e33f35550432744f9a61c0446a96], 
PUP.Optional.Qone8, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [555449d9fc8e1d191e2d1deafc0908f8], 
PUP.Optional.CouponFactor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [49609d850a8063d35b7f3d49b84bea16], 
 
Registry Values: 10
PUP.Optional.Recover.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|rec_it_14, Quarantined, [2089eb37ccbe40f6e471e5bc649f5da3], 
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_it_143, Quarantined, [feab1f0399f11d19c1d63b7d26dd48b8], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [06a3de44cebcf2447d98c00351b2ed13]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, Quarantined, [05a45ac8fc8e0e28cf316d4a7f844fb1]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, Quarantined, [7e2b38ea2f5bc96d1c158b2ca65d33cd]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\WOW6432NODE\TUTORIALS|HostGUID, 3FD54724-D7C7-4E63-85AC-878345B909AB, Quarantined, [ffaa51d1266441f586a11b0d8f762bd5]
PUP.Optional.MyPCBackup.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BACKUPSTACK|ImagePath, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, Quarantined, [beeb72b0a0ea87af7bd8b4f73ac93fc1]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, Quarantined, [e5c4c260cebc52e4595b0cb019eaa55b]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2Y1E2Z1G1J1T1M, Quarantined, [8326e33f35550432744f9a61c0446a96]
PUP.Optional.Astromenda, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BRS, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS, Quarantined, [d8d144de68222412db1f0976a75c9b65]
 
Registry Data: 14
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll c:\windows\syswow64\nvinit.dll, Good: (), Bad: (c:\progra~2\searchprotect\searchprotect\bin\vc32loader.dll),Replaced,[41686bb73f4b66d0befdd92ca0659d63]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll C:\Windows\system32\nvinitx.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll),Replaced,[41686bb73f4b66d0befdd92ca0659d63]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[3b6ef92979116dc921d4b81727debd43]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://isearch.omiga...A1AA3V9547V9547, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hp&ts=1414088347&from=tugs&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1AA3V9547V9547),Replaced,[b7f2da48bdcd7bbb5077d8f9f213fe02]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga...A3V9547V9547&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1414088347&from=tugs&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1AA3V9547V9547&q={searchTerms}),Replaced,[7138d250b7d3cf67c802c50c3cc99967]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga...A1AA3V9547V9547, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hp&ts=1414088347&from=tugs&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1AA3V9547V9547),Replaced,[5059bf634149142215b0fbd650b5837d]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, http://isearch.omiga...A3V9547V9547&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1414088347&from=tugs&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1AA3V9547V9547&q={searchTerms}),Replaced,[aaffd44e94f656e0685e7e53c342a858]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[cfdaa9797e0c7abce5105b742dd8e21e]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-4243315743-900808837-3033948658-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://isearch.omiga...A1AA3V9547V9547, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/?type=hp&ts=1414088347&from=tugs&uid=WDCXWD10JPVX-22JC3T0_WD-WXA1AA3V9547V9547),Replaced,[ddcc5ac8dcae93a313ac2ba6b74e0cf4]
 
Folders: 158
PUP.Optional.Conduit.A, C:\Program Files (x86)\ORBTR, Quarantined, [dbce35ed612954e2ac048c17b74c1fe1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Config, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Resources\cache, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\~updates, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\TEMP, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.TVWizard.A, C:\Users\Mony\AppData\Local\TVWizard, Quarantined, [dccd978bf496f640584119b4c53e1fe1], 
PUP.Optional.TVWizard.A, C:\ProgramData\TVWizard, Quarantined, [3277cf536525f6404555804d828149b7], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [ddcc34ee7b0fcd6923e6143b2cd7d030], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img\skin, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\skin, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\de, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\en, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es_419, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\fr, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\it, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ja, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pl, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_BR, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_PT, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ru, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\tr, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\vi, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_CN, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_TW, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_metadata, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [8920121096f476c0afec85ee25de9769], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [8920121096f476c0afec85ee25de9769], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\SearchProtect, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\UI, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\UI\rep, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.Extutil.A, C:\Users\Mony\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [b0f9d151b9d1b77f9025324359aaa45c], 
PUP.Optional.Managera.A, C:\Users\Mony\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [e5c462c0266476c02f87acc92ad9e818], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda, Delete-on-Reboot, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\bh, Quarantined, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS, Delete-on-Reboot, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\icons_3.5.1.8, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\UpdateProc, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd, Quarantined, [bfea101299f18caa8c300e78b251bd43], 
PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy, Quarantined, [bfea101299f18caa8c300e78b251bd43], 
PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.11.0, Quarantined, [bfea101299f18caa8c300e78b251bd43], 
PUP.Optional.MySafeProxy.A, C:\Windows\Temp\XTRM Group Ltd\MySafeProxy\1.0.11.0\rollback, Quarantined, [bfea101299f18caa8c300e78b251bd43], 
PUP.Optional.CouponFactor.A, C:\ProgramData\CouponFactor, Quarantined, [49609d850a8063d35b7f3d49b84bea16], 
PUP.Optional.PlumoWeb.A, C:\Users\Mony\AppData\Local\Temp\PlumoWeb, Quarantined, [f9b0e33fd2b80d29fd4cfc91f80bae52], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
 
Files: 432
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\PlumoWebbho.dll, Quarantined, [2287061c5e2ce0567e09a6a839cad729], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma.crx, Quarantined, [e9c0948e3a504ee8a7f34a4e05feaf51], 
PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\avayvxvaxc, Quarantined, [7f2a89997b0f88ae76bb26736e9543bd], 
PUP.Optional.Conduit.A, C:\Program Files (x86)\ORBTR\uninstall.exe, Quarantined, [dbce35ed612954e2ac048c17b74c1fe1], 
PUP.Optional.Conduit.A, C:\Program Files (x86)\ORBTR\orbiter.dll, Quarantined, [dbce35ed612954e2ac048c17b74c1fe1], 
PUP.Optional.Conduit.A, C:\Program Files (x86)\ORBTR\Orbt.ext, Quarantined, [dbce35ed612954e2ac048c17b74c1fe1], 
PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, Quarantined, [e7c2b56d32580432cb08e0c97e85d729], 
PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, Quarantined, [c0e978aa9ded22142da7e4c5cf34a55b], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\pt_PT.mo, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\aff.conf, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\AWSSDK.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\BackupStack.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Crypto32.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Crypto64.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\de_DE.mo, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\diffstack.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\es_ES.mo, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\fr_FR.mo, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\GetText.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\it_IT.mo, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\LinqBridge.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBClient.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\mypcbackup.ico, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\ObjectListView.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\RestartExplorer.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Service Start.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Shared Stack.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncicon.ico, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\syncing.ico, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\tick.ico, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\uninst.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Updater.exe, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Config\api.ts2, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_backup_conf.db, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_file_cache.db, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_queues.db, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_sig_cache.db, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\Database\mpcb_version_queue.db, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\AUTH.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\BACKOFF.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\CLIENT.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\GRID_RECOVERY.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\NETWORK_SHARES.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\REMOTING.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SERVICE.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\SHELL.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\UPDATER.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\UTC_MIGRATION.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.MyPCBackup.A, C:\Program Files (x86)\MyPC Backup\x86\System.Data.SQLite.dll, Quarantined, [6148f52dec9e1d19f1615a5115ee3fc1], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\PlumoWeb.ico, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bblnbdfbebphdclmgflfhdcjkpcddonk.crx, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\PlumoWebUninstall.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\updatePlumoWeb.InstallState, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BrowserAdapter.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\3d344fbe7fa24b63977f.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\3d344fbe7fa24b63977f43ffce4f4929.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\3d344fbe7fa24b63977f43ffce4f492964.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\3d344fbe7fa24b63977f64.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\7za.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\a38ec0176cb7415e9114.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\a38ec0176cb7415e91142888da2ea16b.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\a38ec0176cb7415e91142888da2ea16b64.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\a38ec0176cb7415e911464.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\BrowserAdapter.7z, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\eula.txt, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BOAS.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BOAS.zip, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BOASHelper.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BOASPRT.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.BrowserAdapter64.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.expext.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.expext.zip, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.expextdll.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\PlumoWeb.PurBrowseG.zip, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\sqlite3.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\utilPlumoWeb.exe, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\utilPlumoWeb.InstallState, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins\PlumoWeb.BOAS.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins\PlumoWeb.BrowserAdapter.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins\PlumoWeb.CompatibilityChecker.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins\PlumoWeb.ExpExt.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins\PlumoWeb.FFUpdate.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins\PlumoWeb.GCUpdate.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.PlumoWeb.A, C:\Program Files (x86)\PlumoWeb\bin\plugins\PlumoWeb.PurBrowseG.dll, Quarantined, [7831988a7f0b360019ee9322f60d926e], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\MessageBox.xml, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\315.json, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\uninstallDlg2.xml, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\UninstallManager.exe, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\bg.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\bg1.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\bk_shadow.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\button.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\button1.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\checkbox.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\checkbox_select.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\checked.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\close.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\loading_bg.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\loading_light.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\min.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\scrollbar.bmp, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\Thumbs.db, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\unchecked.png, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code\code1.jpg, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code\code2.jpg, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code\code3.jpg, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code\code4.jpg, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code\code5.jpg, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code\code6.jpg, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.OmigaPlus.A, C:\Users\Mony\AppData\Roaming\omiga-plus\images\code\Thumbs.db, Quarantined, [2980f230b3d7bd79fb1d972bc53e49b7], 
PUP.Optional.TVWizard.A, C:\Users\Mony\AppData\Local\TVWizard\data2.dat, Quarantined, [dccd978bf496f640584119b4c53e1fe1], 
PUP.Optional.TVWizard.A, C:\ProgramData\TVWizard\app.dat, Quarantined, [3277cf536525f6404555804d828149b7], 
PUP.Optional.TVWizard.A, C:\ProgramData\TVWizard\data.dat, Quarantined, [3277cf536525f6404555804d828149b7], 
PUP.Optional.TVWizard.A, C:\ProgramData\TVWizard\TvWizard.ico, Quarantined, [3277cf536525f6404555804d828149b7], 
PUP.Optional.TVWizard.A, C:\ProgramData\TVWizard\Uninstall.exe, Quarantined, [3277cf536525f6404555804d828149b7], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.pun, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\cfi.bin, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\edk.bin, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\pni.bin, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\trn.bin, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\RN32.dll, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPtool64.exe, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\DialogAPI.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [41686bb73f4b66d0befdd92ca0659d63], 
PUP.Optional.SearchProtect, C:\Windows\apppatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [1099fb275c2e38fe8de4011eaf56738d], 
PUP.Optional.SearchProtect, C:\Windows\System32\drivers\SPPD.sys, Quarantined, [e5c4c260cebc52e4595b0cb019eaa55b], 
Rogue.Multiple, C:\ProgramData\374311380\BIT85A7.tmp, Quarantined, [ddcc34ee7b0fcd6923e6143b2cd7d030], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\background.html, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\index.html, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\jump.html, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\manifest.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\bookmarks.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\bookmarks\img\searchButton.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\classification.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin\del.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin\main.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\classification\img\skin\selected.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\cloud.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\cloudApp.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\cloudWebsite.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\createWebsite.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\buttonBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\categoryBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\icons.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\searchBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\searchButton.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\searchLeft.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\selected.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\cloud\img\skin\tabsBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\dialog\img\skin\headerBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\extensions.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\extensions\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\gameCenter.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\star.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\star_bg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\gameCenter\img\time.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide\guide.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\guide\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\lastVisited.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\lastVisited\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice\notice.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\notice\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\played.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\played\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\search.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\google-new-logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\searchicon.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\search\img\searchicon2.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\setup.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\skin\dialBoxStyle.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\setup\img\skin\icons.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oBookmarks.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oDownloads.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oExtensions.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oHistory.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\shortcuts\img\oNewtab.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\cloudWallpaper.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\skins.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\categoryBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\delete.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\download.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\icons.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\skins\img\skin\loading.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\weather.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\css\style.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\logo.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\line.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\locationIcon.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\searchButton.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\app\weather\img\skin\weather.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\css\all.css, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\game.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_128.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_16.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\icon_48.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\NEW.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\shopping.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\weather.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\webstore.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\default.jpg, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\iconsprite.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\idialog_s.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\ios5_button.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\left.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\loading.gif, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\loading2.gif, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\qBoxBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_bg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_bg0.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_left.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_left0.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_right.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\q_right0.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\right.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\selected.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\img\skin\titleBg.png, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\all.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\background.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\ga.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\jq.mobi.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\jump.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\pop.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\redirect.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\js\xagainit.js, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\de\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\en\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\es_419\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\fr\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\it\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ja\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pl\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_BR\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\pt_PT\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\ru\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\tr\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\vi\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_CN\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_locales\zh_TW\messages.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.QuickStart.A, C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma\4.5.8_0\_metadata\verified_contents.json, Quarantined, [39704dd5c4c6d561e5cb184cef146898], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, Quarantined, [8920121096f476c0afec85ee25de9769], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [e4c5e939107ad56138646f04ed16ef11], 
PUP.Optional.Extutil.A, C:\Users\Mony\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [b0f9d151b9d1b77f9025324359aaa45c], 
PUP.Optional.Extutil.A, C:\Users\Mony\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [b0f9d151b9d1b77f9025324359aaa45c], 
PUP.Optional.Extutil.A, C:\Users\Mony\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [b0f9d151b9d1b77f9025324359aaa45c], 
PUP.Optional.Managera.A, C:\Users\Mony\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [e5c462c0266476c02f87acc92ad9e818], 
PUP.Optional.Managera.A, C:\Users\Mony\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [e5c462c0266476c02f87acc92ad9e818], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, Quarantined, [1a8fca588cfe072f4ccdf88303005fa1], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\astcnfg.dat, Quarantined, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\FavIcon.ico, Quarantined, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\Sqlite3.dll, Quarantined, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\trzBCA6.tmp, Quarantined, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\uninst.dat, Quarantined, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe, Delete-on-Reboot, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda, C:\Program Files (x86)\WSE_Astromenda\BRS\Sqlite3.dll, Quarantined, [d8d144de68222412db1f0976a75c9b65], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\icons_3.5.1.8\ctr.ico, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\UpdateProc\bkup.dat, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\UpdateProc\config.dat, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\UpdateProc\info.dat, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\UpdateProc\STTL.DAT, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\UpdateProc\TTL.DAT, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.Astromenda.A, C:\Users\Mony\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe, Quarantined, [b5f4ff23f19910268291a3dde81b0000], 
PUP.Optional.CouponFactor.A, C:\ProgramData\CouponFactor\CouponFactor.exe, Quarantined, [49609d850a8063d35b7f3d49b84bea16], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\avayvxvaxc.exe, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\bahvxfk, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\mkfvxfk, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\pbqrmvbub, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\pvpqbjobmlpfqlovvawq, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\qokvxfk, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\rfobmlpfqlovvawq, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\rpboobmlpfqlovvawq, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\stb.dat, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
PUP.Optional.SearchProtect.A, C:\Users\Mony\AppData\Local\avayvxvaxc\ycfvxfk, Quarantined, [e3c6d54dccbeeb4b8595534439ca21df], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
and the ESET Online Scanner log content:
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d69c8d7bdf756848be53391bc4506d3c
# engine=22677
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-27 04:12:26
# local_time=2015-02-27 05:12:26 (+0100, ora solare Europa occidentale)
# country="Italy"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 77366 16075942 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 164307 49934839 0 0
# scanned=200463
# found=1
# cleaned=0
# scan_time=4675
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Mony\Downloads\rcsetup151.exe"

  • 0

#8
Nevan
Posted 27 February 2015 - 02:06 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, olivercatroya.

No worries about the lost scan logs.

Everything looks good so far. Let's move on.

Step #1
FRST Scan
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Step #2
Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Checkup.txt log content

  • 0

#9
olivercatroya
Posted 27 February 2015 - 02:49 PM

olivercatroya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Here's the FRST.txt log content:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Mony (administrator) on AMORE on 27-02-2015 21:38:11
Running from C:\Users\Mony\Desktop
Loaded Profiles: UpdatusUser & Mony (Available profiles: UpdatusUser & Mony)
Platform: Windows 8.1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890056 2013-09-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [62208 2014-12-19] (Acer Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-25] (AVAST Software)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2014-12-19] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Atheros Communications))
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2480384 2014-12-19] (Acer)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [387536 2013-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [326224 2013-08-01] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ACloudSyncedRF] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncedSF] -> {5D5F18B7-D59B-4B18-A3E9-0A4BDCCCB699} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\Acer Portal\x64\shellext_win.dll (Acer Incorporated)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-4243315743-900808837-3033948658-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-4243315743-900808837-3033948658-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-4243315743-900808837-3033948658-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-25]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.it/
CHR Profile: C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-29]
CHR Extension: (Google Drive) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-29]
CHR Extension: (YouTube) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-29]
CHR Extension: (Google Search) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-29]
CHR Extension: (Google Wallet) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29]
CHR Extension: (Gmail) - C:\Users\Mony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-25] (AVAST Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2713856 2014-12-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [663592 2013-07-06] (Acer Incorporated)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101192 2013-09-06] (ELAN Microelectronics Corp.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [457768 2013-08-03] (Acer Incorporate)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457768 2013-08-03] (Acer Incorporate)
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [448040 2013-08-03] (Acer Incorporate)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-25] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-27 21:38 - 2015-02-27 21:39 - 00016318 _____ () C:\Users\Mony\Desktop\FRST.txt
2015-02-27 21:37 - 2015-02-27 21:38 - 00000000 ____D () C:\FRST
2015-02-27 21:37 - 2015-02-27 21:34 - 02087936 _____ (Farbar) C:\Users\Mony\Desktop\FRST64.exe
2015-02-27 21:37 - 2015-02-27 21:34 - 00852604 _____ () C:\Users\Mony\Desktop\SecurityCheck.exe
2015-02-27 15:49 - 2015-02-27 15:49 - 02347384 _____ (ESET) C:\Users\Mony\Downloads\esetsmartinstaller_enu.exe
2015-02-27 15:49 - 2015-02-27 15:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-27 14:48 - 2015-02-27 14:56 - 00000000 ____D () C:\Program Files\Recuva
2015-02-27 14:48 - 2015-02-27 14:48 - 00001674 _____ () C:\Users\Public\Desktop\Recuva.lnk
2015-02-27 14:47 - 2015-02-27 14:47 - 04210920 _____ (Piriform Ltd) C:\Users\Mony\Downloads\rcsetup151.exe
2015-02-26 19:49 - 2015-02-26 19:49 - 00000295 _____ () C:\Users\Mony\Desktop\Questo PC.lnk
2015-02-26 19:49 - 2015-02-26 19:49 - 00000295 _____ () C:\Users\Mony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Questo PC.lnk
2015-02-26 19:43 - 2015-02-26 19:43 - 00481680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-26 19:41 - 2015-02-26 19:41 - 00001984 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-02-26 19:40 - 2015-02-25 15:54 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-02-26 19:29 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-26 19:29 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-25 21:19 - 2015-02-25 21:19 - 00000000 ____D () C:\Users\Mony\AppData\Local\SvchostViewer
2015-02-25 20:12 - 2015-02-25 20:12 - 00000197 _____ () C:\Windows\system32\2015-02-25-19-12-38.010-AvastVBoxSVC.exe-2680.log
2015-02-25 20:07 - 2015-02-25 20:07 - 00000197 _____ () C:\Windows\system32\2015-02-25-19-07-03.046-AvastVBoxSVC.exe-2564.log
2015-02-25 19:38 - 2015-02-25 19:39 - 00000197 _____ () C:\Windows\system32\2015-02-25-18-38-45.081-AvastVBoxSVC.exe-2832.log
2015-02-25 18:32 - 2015-02-25 18:33 - 00000247 _____ () C:\Windows\system32\2015-02-25-17-32-56.077-aswFe.exe-4972.log
2015-02-25 18:27 - 2015-02-25 18:32 - 00000247 _____ () C:\Windows\system32\2015-02-25-17-27-31.026-aswFe.exe-3816.log
2015-02-25 18:27 - 2015-02-25 18:27 - 00000197 _____ () C:\Windows\system32\2015-02-25-17-27-18.020-AvastVBoxSVC.exe-2836.log
2015-02-25 18:26 - 2015-02-25 18:26 - 00001276 _____ () C:\Users\Mony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk
2015-02-25 18:21 - 2015-02-25 18:21 - 00000247 _____ () C:\Windows\system32\2015-02-25-17-21-52.044-aswFe.exe-2532.log
2015-02-25 18:21 - 2015-02-25 18:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-17-21-49.042-AvastVBoxSVC.exe-3488.log
2015-02-25 16:01 - 2015-02-25 16:01 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-02-25 16:01 - 2015-02-25 16:01 - 00000000 ____D () C:\Windows\system32\vbox
2015-02-25 15:55 - 2015-02-26 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-02-25 15:54 - 2015-02-25 15:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-02-25 15:40 - 2015-02-25 15:40 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-25 15:40 - 2015-02-25 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-25 15:40 - 2015-02-25 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-25 15:38 - 2015-02-26 14:02 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-02-25 15:33 - 2015-02-25 15:33 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-25 15:19 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 15:19 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-02-25 15:19 - 2014-10-29 02:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 15:19 - 2014-10-29 02:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-25 15:19 - 2014-10-29 02:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-02-25 15:18 - 2014-10-29 02:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-02-25 15:10 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-02-25 15:10 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-02-25 15:06 - 2014-09-22 05:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-02-25 15:06 - 2014-09-22 04:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-02-25 15:06 - 2014-09-22 04:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-02-25 15:06 - 2014-09-22 03:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-02-25 15:06 - 2014-09-19 01:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-02-25 15:06 - 2014-09-02 23:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-02-25 15:06 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-02-25 15:04 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-25 15:04 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-25 15:04 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-25 15:04 - 2014-10-13 03:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-02-25 15:04 - 2014-10-11 01:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-25 15:04 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-25 15:04 - 2014-10-08 08:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-02-25 15:04 - 2014-10-08 08:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-02-25 15:04 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-02-25 15:04 - 2014-10-08 06:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-02-25 15:04 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-02-25 15:01 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-25 15:01 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-25 15:01 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-25 15:01 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-25 15:01 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-25 15:01 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-25 15:01 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-25 15:01 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-25 14:57 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-02-25 14:57 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-02-25 14:56 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-25 14:56 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-25 14:52 - 2015-02-27 14:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 14:52 - 2015-02-25 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 14:52 - 2015-02-25 14:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 14:52 - 2015-02-25 14:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 14:52 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 14:52 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 14:52 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 18:39 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-17 18:39 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-17 18:39 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-17 18:39 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-17 18:39 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-17 18:39 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-17 18:39 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-17 18:39 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-17 18:39 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-17 18:39 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-17 18:39 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-17 18:39 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-17 18:38 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-17 18:38 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-17 18:38 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-17 18:38 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-17 18:38 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-17 18:38 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-17 18:38 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-17 18:38 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-17 18:38 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-17 18:38 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-17 18:38 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-17 18:38 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-17 18:38 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-17 18:38 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-17 18:38 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-17 18:38 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-17 18:38 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-17 18:38 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-17 18:38 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-17 18:38 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-17 18:38 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-17 18:38 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-17 18:38 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-17 18:38 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-17 18:38 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-17 18:38 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-17 18:38 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-17 18:38 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-17 18:38 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-17 18:38 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-17 18:38 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-17 18:38 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-17 18:38 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-17 18:38 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-17 18:38 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-17 18:38 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-17 18:38 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-17 18:38 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-17 18:38 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-17 18:38 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-17 18:38 - 2014-10-31 05:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-17 18:38 - 2014-10-31 05:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2015-02-17 18:38 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-17 18:38 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-17 18:38 - 2014-10-31 05:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-17 18:38 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-17 18:38 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-17 18:38 - 2014-10-31 05:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-17 18:38 - 2014-10-31 05:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-17 18:38 - 2014-10-31 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-17 18:38 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-17 18:38 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-17 18:38 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-17 18:38 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-02-17 18:38 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-17 18:38 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-02-17 18:38 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-02-17 18:38 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-17 18:38 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-17 18:38 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-17 18:38 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-17 18:38 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-17 18:38 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-17 18:38 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-17 18:38 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-17 18:38 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2015-02-17 18:38 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-17 18:38 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-17 18:38 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-02-17 18:38 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-17 18:38 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-02-17 18:38 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-17 18:38 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-02-17 18:38 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-17 18:38 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-17 18:38 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-02-17 18:38 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-02-17 18:38 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-02-17 17:48 - 2015-02-17 17:48 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk
2015-02-17 17:42 - 2015-02-17 17:42 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud
2015-02-17 17:41 - 2015-02-17 17:42 - 00002100 _____ () C:\Users\Public\Desktop\Acer Portal.lnk
2015-02-17 17:39 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-17 17:39 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-17 17:39 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-17 17:39 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-17 17:39 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-17 17:39 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-17 17:39 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-17 17:39 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-17 17:39 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-17 17:38 - 2015-02-25 18:28 - 00000020 _____ () C:\Users\Mony\AppData\Roaming\appdataFr3.bin
2015-02-17 17:38 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-17 17:37 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-17 17:37 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-02-17 17:37 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-02-17 17:37 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-17 17:37 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-17 17:37 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-02-17 17:37 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-02-17 17:37 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-02-17 17:37 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-02-17 17:37 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2015-02-17 17:37 - 2014-08-31 01:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-02-17 17:37 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-17 17:37 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-17 17:37 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2015-02-17 17:37 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2015-02-17 17:37 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-02-17 17:37 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2015-02-17 17:37 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-02-17 17:37 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-17 17:37 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-17 17:37 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-02-17 17:37 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-02-17 17:37 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-02-17 17:37 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-02-17 17:37 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-02-17 17:36 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-17 17:34 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-17 17:34 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-17 17:34 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-17 17:34 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-17 17:34 - 2014-10-10 02:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-17 17:34 - 2014-10-08 08:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-17 17:34 - 2014-10-08 08:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2015-02-17 17:34 - 2014-10-08 06:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-17 17:34 - 2014-09-27 08:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-02-17 17:34 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-02-17 17:34 - 2014-09-27 04:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-02-17 17:33 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-17 17:33 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-17 17:33 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-17 17:33 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-17 17:33 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-17 17:33 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-17 17:33 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-17 17:33 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-02-17 17:33 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-17 17:33 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-17 17:33 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-17 17:33 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-17 17:33 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-17 17:33 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-17 17:33 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-17 17:33 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-17 17:33 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-02-17 17:33 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-02-17 17:28 - 2014-08-23 06:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-17 17:28 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-17 17:27 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-02-17 17:27 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-02-17 17:27 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-17 17:27 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-17 17:27 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-02-17 17:27 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-17 17:27 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-17 17:27 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-17 17:27 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-17 17:27 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-02-17 17:27 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-02-17 17:27 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-02-17 17:27 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-02-17 17:27 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-17 17:27 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-17 17:27 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-17 17:27 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-02-17 17:27 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-02-17 17:27 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-02-17 17:27 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-17 17:27 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-17 17:27 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-17 17:27 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-02-17 17:27 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-02-17 17:27 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-17 17:27 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-17 17:27 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-17 17:27 - 2014-10-23 06:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-17 17:27 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-17 17:27 - 2014-10-13 03:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-02-17 17:27 - 2014-10-13 03:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-02-17 17:27 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-02-17 17:27 - 2014-10-13 03:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-02-17 17:27 - 2014-08-16 05:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-02-17 17:27 - 2014-08-16 04:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-02-17 17:27 - 2014-08-16 04:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-02-17 17:27 - 2014-08-16 02:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-02-17 17:27 - 2014-08-16 02:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2015-02-17 17:27 - 2014-08-16 01:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-02-17 17:27 - 2014-08-16 01:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2015-02-17 17:27 - 2014-08-16 01:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2015-02-17 17:27 - 2014-08-16 01:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-02-17 17:27 - 2014-08-16 01:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2015-02-17 17:27 - 2014-08-16 01:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2015-02-17 17:27 - 2014-08-16 01:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-02-17 17:27 - 2014-08-16 01:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2015-02-17 17:27 - 2014-08-16 01:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-17 17:27 - 2014-08-16 01:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-02-17 17:27 - 2014-08-16 01:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-02-17 17:27 - 2014-08-16 01:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2015-02-17 17:27 - 2014-08-16 01:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-17 17:27 - 2014-08-16 01:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-02-17 17:27 - 2014-08-16 01:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-02-17 17:27 - 2014-08-16 01:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2015-02-17 17:27 - 2014-08-16 01:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-17 17:27 - 2014-08-16 01:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-02-17 17:27 - 2014-08-16 01:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-02-17 17:27 - 2014-08-16 01:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-17 17:27 - 2014-08-16 01:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-02-17 17:27 - 2014-08-16 01:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-17 17:27 - 2014-08-16 01:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-17 17:25 - 2015-02-17 17:25 - 00000040 _____ () C:\Users\Mony\AppData\Roaming\WB.CFG
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2021-10-21 14:36 - 2013-12-18 19:38 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-12-18 19:38 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2015-02-27 21:37 - 2014-07-07 17:35 - 00000000 ____D () C:\Users\Mony\AppData\Local\CrashDumps
2015-02-27 21:37 - 2014-06-27 18:20 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{425858F3-237C-4DF8-B896-82D133DF564F}
2015-02-27 21:37 - 2013-12-18 19:18 - 01876080 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 21:35 - 2014-06-29 12:43 - 00001166 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 21:35 - 2014-06-27 18:55 - 00000000 __RDO () C:\Users\Mony\SkyDrive
2015-02-27 21:33 - 2013-08-22 15:46 - 00023689 _____ () C:\Windows\setupact.log
2015-02-27 21:33 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 17:54 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-02-27 17:29 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-27 17:15 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-27 17:14 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-02-27 17:14 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-02-27 17:12 - 2014-06-26 00:51 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4243315743-900808837-3033948658-1002
2015-02-27 15:46 - 2014-06-26 00:45 - 00000000 ____D () C:\Users\Mony
2015-02-26 19:43 - 2013-10-15 15:21 - 00296378 _____ () C:\Windows\PFRO.log
2015-02-26 19:40 - 2014-08-25 15:49 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-26 13:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-02-26 13:48 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-02-26 13:48 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-02-25 21:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-25 21:04 - 2014-06-26 00:45 - 00000000 ____D () C:\Users\Mony\AppData\Local\VirtualStore
2015-02-25 20:03 - 2014-06-29 12:46 - 00001308 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-25 20:03 - 2014-06-29 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-25 20:01 - 2013-12-18 20:06 - 00803564 _____ () C:\Windows\system32\perfh010.dat
2015-02-25 20:01 - 2013-12-18 20:06 - 00156688 _____ () C:\Windows\system32\perfc010.dat
2015-02-25 20:01 - 2013-10-15 15:30 - 01813012 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 19:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-25 19:34 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-25 19:34 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-25 19:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-25 18:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2015-02-25 15:54 - 2014-08-25 15:40 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-02-25 15:54 - 2014-08-25 15:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-02-25 15:33 - 2014-07-11 19:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2015-02-25 15:33 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-02-25 15:32 - 2014-06-29 15:39 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-25 15:25 - 2014-07-07 18:54 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-25 14:47 - 2013-08-22 14:25 - 00000226 _____ () C:\Windows\win.ini
2015-02-17 17:48 - 2013-10-15 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-02-17 17:48 - 2013-10-15 15:42 - 00000000 ____D () C:\Program Files (x86)\Acer
2015-02-17 17:46 - 2014-06-26 00:47 - 00000000 ____D () C:\Users\Mony\AppData\Local\clear.fi
2015-02-17 17:39 - 2013-10-15 16:14 - 00000000 ___HD () C:\OEM
2015-02-17 17:01 - 2014-06-29 12:43 - 00004142 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-17 17:01 - 2014-06-29 12:43 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-17 17:01 - 2014-06-29 12:43 - 00001170 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 20:31 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 17:49 - 2014-06-29 15:39 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-02-17 17:38 - 2015-02-25 18:28 - 0000020 _____ () C:\Users\Mony\AppData\Roaming\appdataFr3.bin
2015-02-17 17:25 - 2015-02-17 17:25 - 0000040 _____ () C:\Users\Mony\AppData\Roaming\WB.CFG
2013-12-18 19:39 - 2013-12-18 19:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-25 18:49
 
==================== End Of Log ============================
 
 
 
The Addition.txt log content:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Mony at 2015-02-27 21:39:30
Running from C:\Users\Mony\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.05.2005 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.05.2008.6 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.00.2013.0 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8101 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.04.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.00.3000 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8100 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.00.3007 - Acer Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.04.2001.2 - Acer Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.8 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.2.1.2 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3126.57 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.6.27.201_WHQL (HKLM\...\Elantech) (Version: 11.6.27.201 - ELAN Microelectronic Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware versione 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 365 - it-it (HKLM\...\O365HomePremRetail - it-it) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
NVIDIA Graphics Driver 326.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.49 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2009 - Acer)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mony\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4243315743-900808837-3033948658-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mony\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
24-09-2014 18:09:43 Windows Update
23-10-2014 18:30:42 Windows Update
17-02-2015 17:42:25 avast! antivirus system restore point
25-02-2015 15:23:07 Windows Update
26-02-2015 13:58:29 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2015-02-26 13:59 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2366FCC0-8749-4C54-8D20-9C758CD7D134} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.)
Task: {273E690B-ED52-4013-8A5E-C3D6CE0A26D1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-08-03] (Acer Incorporate)
Task: {3539A6BB-913E-4C36-AD42-3EB78BB876D0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {3565504F-05E6-4B62-BE3C-B133CAE6146C} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2013-08-03] (Acer Incorporate)
Task: {42FE874F-C107-4297-991B-4A24A7893DB4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-25] (AVAST Software)
Task: {59ED7F87-8EAB-4D0D-9E05-C1985A0C7736} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-29] (Google Inc.)
Task: {662F105F-FD04-486D-90B6-7C1C0C00CACA} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2014-12-19] (Acer)
Task: {68D781C5-E5BD-4A89-B843-6F2A635A7507} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {81C5280C-EDD3-4A73-92F2-490CFCA30CD9} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {974BCC3E-5D90-469E-A60F-BAB0E0F84119} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-07-06] (Acer Incorporated)
Task: {A3F1000C-8B17-4FE6-9931-2D7BA28373A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {AD08E39C-0C7B-4967-BB35-46A3CFA32521} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {C02D0241-79F0-4A82-A65E-74993A71DA2D} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2013-07-10] (Acer Incorporated)
Task: {DBD87915-DCE1-44BE-B3AE-29DAD30BFAD3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-25] (Microsoft Corporation)
Task: {E4A6B4E1-DF29-4607-B207-1BD87BCF7774} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-12-18 19:32 - 2013-08-01 02:40 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-18 19:33 - 2013-08-01 14:22 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-08-10 17:44 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-25 15:27 - 2015-02-25 15:27 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-07 10:48 - 2013-09-07 10:48 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-07 10:45 - 2013-09-07 10:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-07 10:52 - 2013-09-07 10:52 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2014-12-19 21:59 - 2014-12-19 21:59 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-02-27 14:51 - 2015-02-27 14:51 - 02913792 _____ () C:\Program Files\AVAST Software\Avast\defs\15022700\algo.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00203008 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2014-12-19 21:48 - 2014-12-19 21:48 - 00119552 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-02-25 15:54 - 2015-02-25 15:54 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-19 22:00 - 2014-12-19 22:00 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2013-12-18 19:31 - 2013-09-04 00:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Mony\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "BacKGround Agent"
HKLM\...\StartupApproved\Run32: => "3D BubbleSound"
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\StartupApproved\StartupFolder: => "Invia a OneNote.lnk"
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-4243315743-900808837-3033948658-1002\...\StartupApproved\Run: => "Gameo"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4243315743-900808837-3033948658-500 - Administrator - Disabled)
Guest (S-1-5-21-4243315743-900808837-3033948658-501 - Limited - Disabled)
Mony (S-1-5-21-4243315743-900808837-3033948658-1002 - Administrator - Enabled) => C:\Users\Mony
UpdatusUser (S-1-5-21-4243315743-900808837-3033948658-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2015 09:37:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome dell'applicazione che ha generato l'errore: AcerPortal.exe, versione: 3.0.4.2002, timestamp: 0x54942c87
Nome del modulo che ha generato l'errore: SHELL32.dll, versione: 6.3.9600.17331, timestamp: 0x54023318
Codice eccezione: 0xc0000005
Offset errore 0x001bf5f0
ID processo che ha generato l'errore: 0xae8
Ora di avvio dell'applicazione che ha generato l'errore: 0xAcerPortal.exe0
Percorso dell'applicazione che ha generato l'errore: AcerPortal.exe1
Percorso del modulo che ha generato l'errore: AcerPortal.exe2
ID segnalazione: AcerPortal.exe3
Nome completo pacchetto che ha generato l'errore: AcerPortal.exe4
ID applicazione relativo al pacchetto che ha generato l'errore: AcerPortal.exe5
 
Error: (02/27/2015 05:49:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 05:45:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 05:37:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 05:30:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 05:14:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 03:49:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 03:49:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 03:49:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generazione del contesto di attivazione non riuscita per "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Errore nel file manifesto o dei criteri "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", alla riga C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva.
Componenti in conflitto:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (02/27/2015 03:24:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Il programma LiveComm.exe versione 17.5.9600.20689 non interagisce più con Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni sul problema, verificare la cronologia del problema in Centro operativo nel Pannello di controllo.
 
ID processo: 5b0
 
Ora di avvio: 01d052984d8468b9
 
Ora di chiusura: 4294967295
 
Percorso applicazione: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
ID segnalazione: 427104b9-be8c-11e4-828c-201a0648b182
 
Nome completo pacchetto che ha generato l'errore: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
ID applicazione relativo al pacchetto che ha generato l'errore: ppleae38af2e007f4358a809ac99a64a67c1
 
 
System errors:
=============
Error: (02/26/2015 02:08:39 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio BrokerInfrastructure.
 
Error: (02/26/2015 02:08:04 PM) (Source: DCOM) (EventID: 10010) (User: AMORE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (02/26/2015 02:08:04 PM) (Source: DCOM) (EventID: 10010) (User: AMORE)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (02/26/2015 02:00:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Programma di installazione dei moduli di Windows. Tentativo non riuscito per l'errore: 
%%1056
 
Error: (02/26/2015 01:58:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Programma di installazione dei moduli di Windows è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 120000 millisecondi: Riavvia il servizio.
 
Error: (02/26/2015 01:58:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio GamesAppIntegrationService. Questo evento si è già verificato 1 volta(e).
 
Error: (02/26/2015 01:58:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Intel® Dynamic Application Loader Host Interface Service. Questo evento si è già verificato 1 volta(e).
 
Error: (02/26/2015 01:58:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Intel® Management and Security Application Local Management Service. Questo evento si è già verificato 1 volta(e).
 
Error: (02/26/2015 01:58:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Nero Update. Questo evento si è già verificato 1 volta(e).
 
Error: (02/26/2015 01:58:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio NVIDIA Update Service Daemon. Questo evento si è già verificato 1 volta(e).
 
 
Microsoft Office Sessions:
=========================
Error: (02/27/2015 09:37:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AcerPortal.exe3.0.4.200254942c87SHELL32.dll6.3.9600.1733154023318c0000005001bf5f0ae801d052cd2506eebcC:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exeC:\Windows\SYSTEM32\SHELL32.dll639ac1a5-bec0-11e4-828d-201a0648b182
 
Error: (02/27/2015 05:49:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (02/27/2015 05:45:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (02/27/2015 05:37:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (02/27/2015 05:30:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (02/27/2015 05:14:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 
Error: (02/27/2015 03:49:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mony\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/27/2015 03:49:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mony\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/27/2015 03:49:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Mony\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/27/2015 03:24:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206895b001d052984d8468b94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe427104b9-be8c-11e4-828c-201a0648b182microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 34%
Total physical RAM: 3985.27 MB
Available physical RAM: 2603.69 MB
Total Pagefile: 4689.27 MB
Available Pagefile: 3286.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:914.69 GB) (Free:862.36 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.86 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E60CE184)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 70707573)
No partition Table on disk 1.
 
==================== End Of Log ============================
 
 
 
And the Checkup.txt log content:
 

 Results of screen317's Security Check version 0.99.97  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
 Google Chrome (GoogleUpdate.dll..) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

  • 0

#10
Nevan
Posted 27 February 2015 - 03:15 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

As your logs look good, could you tell me if you have any other problems with your system that you'd like to mention?


  • 0

#11
olivercatroya
Posted 27 February 2015 - 03:25 PM

olivercatroya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

No other problem, now everything works as it should!

Thanks for your time :)


  • 0

#12
Nevan
Posted 28 February 2015 - 10:30 AM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, olivercatroya.

Good news. Your system looks clean and we can delete the tools that we've used. I've also prepared some tips for you to stay safe in the future.

 
DelFix
Now that your system looks clean, we can clear system restore points and malware removal tools that we've used. To do that, download and run Delfix.
  • Note: Make sure that the following options are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset System Settings
k0dPuvD.png
After the cleaning is done, DelFix.txt will be opened in Notepad. If it won't, you can find it in C:\ directory. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Also, delete any other .exe .txt, .bat .reg or .zip files that we used and are remaining and empty the Recycle bin.

 
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove ESET Online Scanner v3

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
WARNING!: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
Read this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser)

If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
  • Warning!: Make sure to uncheck Optional offer box when downloading Java or you will install an adware on your computer.
 
Adobe products have to always be updated, because they also are being used to infect your computer.
  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.
  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.
 
Heimdal Free is one of programs that can check for out-of-date programs on your computer. You can get it here.

 
Recommendations for security programs
  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor, will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • NoScript is a Firefox add-on that increases safety during surfing online by blocking malicious scripts.
  • Unchecky will help you to avoid adware and PUPs by automatically removing checkmarks for these during installing programs.
  • Web of Trust is an add-on for multiple browsers that warns you before entering websites with bad reputation.
 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.
  • 0

#13
olivercatroya
Posted 01 March 2015 - 01:44 PM

olivercatroya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Many thanks for your help!
 
 
# DelFix v10.8 - Logfile created 01/03/2015 at 20:25:34
# Updated 29/07/2014 by Xplode
# Username : Mony - AMORE
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\Users\Mony\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #14 [Windows Update | 09/24/2014 17:09:43]
Deleted : RP #15 [Windows Update | 10/23/2014 17:30:42]
Deleted : RP #16 [avast! antivirus system restore point | 02/17/2015 16:42:25]
Deleted : RP #17 [Windows Update | 02/25/2015 14:23:07]
Deleted : RP #19 [Restore Point Created by FRST | 02/26/2015 12:58:29]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#14
Nevan
Posted 01 March 2015 - 02:19 PM

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
My pleasure. Glad I could help.

Stay safe :wave:
  • 0

#15
Dakeyras
Posted 01 March 2015 - 02:46 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: svchost.exe, reddie.net, blackfight.info, epifactory.com, malware, avast

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP