Jump to content

Zygapop

Honorary Members
 View Profile  See their activity

  • Posts

    41

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Zygapop
    Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 32 Java 7 Update 9 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Mozilla Firefox 8.0 Firefox out of Date! Google Chrome 34.0.1847.137 Google Chrome 35.0.1916.114 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log`````````````````````` My bad i think i might have gone blind. My computer still shuts down super slow and loads up super slow and sometime when i first boot it up the desktop will be a blackscreen for like 2 minutes. Just a checkup i thought i'd give you.
  2. Zygapop
    # AdwCleaner v3.211 - Report created 27/05/2014 at 17:00:46# Updated 26/05/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Isaiah - ISAIAH-PC# Running from : C:\Users\Isaiah\Downloads\adwcleaner_3.211.exe# Option : Clean ***** [ Services ] ***** Service Deleted : hshldService Deleted : HssSrv[#] Service Deleted : hsstrayserviceService Deleted : hsswd ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\hotspot shieldFolder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\WeCareReminderFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shieldFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\hotspot shieldFolder Deleted : C:\Windows\SysWOW64\hotspot shieldFolder Deleted : C:\Windows\SysWOW64\SaveFolder Deleted : C:\Users\Isaiah\AppData\Local\apnFolder Deleted : C:\Users\Isaiah\AppData\Local\ConduitFolder Deleted : C:\Users\Isaiah\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Isaiah\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Isaiah\AppData\LocalLow\Toolbar4Folder Deleted : C:\Users\William\AppData\LocalLow\Hotspot_ShieldFolder Deleted : C:\Users\William\AppData\LocalLow\Toolbar4Folder Deleted : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\ConduitCommonFolder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.comFolder Deleted : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequestKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTaskKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancsKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdaterKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_chessmaster-10th-edition_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_chessmaster-10th-edition_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mouse-recorder_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mouse-recorder_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182204}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}Key Deleted : HKCU\Software\anchorfreeKey Deleted : HKCU\Software\Ask&RecordKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\distromaticKey Deleted : HKCU\Software\hotspotshieldKey Deleted : HKCU\Software\installedbrowserextensionsKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\Somoto ToolbarKey Deleted : HKCU\Software\wecarereminderKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\SoftwareKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\hotspotshieldKey Deleted : HKLM\Software\MinibarKey Deleted : HKLM\Software\SimplyGenKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hotspotshield ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v8.0 (en-US) [ File : C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\prefs.js ] Line Deleted : user_pref("CT3205366.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurTool[...]Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3205366/CT3205366", "\"39d95c41c22ebd69718a8d595a6aed553\"");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3205366", "\"1367226756\"");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "C5ZJe6gL80JBW5CuLy+wkg==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "mfQ70fvlD2zuBxSBj8rQqA==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "k9un27OkAvkwB2ZmvXxTnA==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "FqddrIU7eyJgaaLyHDeVMQ==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:0\"");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"f414eeaa6bece1:0\"");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3205366", "\"a238378f7d0708034a0defa297cb8b8b\"");Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4a4c27750bb878c5142a4c796b6ac4c2\"");Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Isaiah\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\5d3ho2fr.default\\conduitCommon\\modules\\3.13.0.6");Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ct1561552");Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ct1561552");Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "ct1561552");Line Deleted : user_pref("CommunityToolbar.globalUserId", "930c3752-bdac-4cd6-b8d5-dd54838c2ea2");Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "ct1561552");Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 13 2013 21:50:46 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 13 2013 21:50:22 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");Line Deleted : user_pref("CommunityToolbar.notifications.locale", "");Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon May 13 2013 21:50:14 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Line Deleted : user_pref("CommunityToolbar.notifications.userId", "e10ad37c-6ed0-4b8d-bbbe-aa7886cef4a7");Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");Line Deleted : user_pref("ct1561552..clientLogIsEnabled", true);Line Deleted : user_pref("ct1561552..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");Line Deleted : user_pref("ct1561552..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");Line Deleted : user_pref("ct1561552.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);Line Deleted : user_pref("ct1561552.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");Line Deleted : user_pref("ct1561552.BrowserCompStateIsOpen_129780038557793947", true);Line Deleted : user_pref("ct1561552.BrowserCompStateIsOpen_1367226172000", true);Line Deleted : user_pref("ct1561552.BrowserCompStateIsOpen_1382961167613998992", true);Line Deleted : user_pref("ct1561552.BrowserCompStateIsOpen_1564963227431608580", true);Line Deleted : user_pref("ct1561552.BrowserCompStateIsOpen_4734731461415702547", true);Line Deleted : user_pref("ct1561552.BrowserCompStateIsOpen_5152784160951809936", true);Line Deleted : user_pref("ct1561552.BrowserCompStateIsOpen_9093662421650421648", true);Line Deleted : user_pref("ct1561552.CT1561552.DialogsAlignMode", "LTR");Line Deleted : user_pref("ct1561552.CT1561552.InvalidateCache", false);Line Deleted : user_pref("ct1561552.CT1561552.LanguagePackLastCheckTime", "Thu May 22 2014 10:41:29 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CT1561552.Locale", "en");Line Deleted : user_pref("ct1561552.CT1561552.RadioLastCheckTime", "Mon May 13 2013 21:50:12 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CT1561552.RadioLastUpdateIPServer", "3");Line Deleted : user_pref("ct1561552.CT1561552.RadioLastUpdateServer", "3");Line Deleted : user_pref("ct1561552.CT1561552.SearchInNewTabLastCheckTime", "Thu May 22 2014 10:41:25 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CT1561552.SettingsLastCheckTime", "Thu May 22 2014 10:41:24 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CT1561552.SettingsLastUpdate", "1400493746");Line Deleted : user_pref("ct1561552.CT1561552.ThirdPartyComponentsLastCheck", "Mon May 13 2013 21:50:06 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CT1561552.ThirdPartyComponentsLastUpdate", "1331805997");Line Deleted : user_pref("ct1561552.CT1561552.globalFirstTimeInfoLastCheckTime", "Mon May 13 2013 21:50:31 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CT1561552.toolbarAppMetaDataLastCheckTime", "Thu May 22 2014 10:41:29 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CT1561552.toolbarContextMenuLastCheckTime", "Mon May 13 2013 21:50:24 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.CTID", "CT1561552");Line Deleted : user_pref("ct1561552.CurrentServerDate", "22-5-2014");Line Deleted : user_pref("ct1561552.DSInstall", false);Line Deleted : user_pref("ct1561552.DialogsAlignMode", "LTR");Line Deleted : user_pref("ct1561552.DialogsGetterLastCheckTime", "Thu May 22 2014 10:41:29 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.DownloadReferralCookieData", "");Line Deleted : user_pref("ct1561552.FirstServerDate", "12-4-2013");Line Deleted : user_pref("ct1561552.FirstTime", true);Line Deleted : user_pref("ct1561552.FirstTimeFF3", true);Line Deleted : user_pref("ct1561552.FirstTimeHiddenVer", true);Line Deleted : user_pref("ct1561552.FixPageNotFoundErrors", true);Line Deleted : user_pref("ct1561552.GroupingServerCheckInterval", 1440);Line Deleted : user_pref("ct1561552.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");Line Deleted : user_pref("ct1561552.HPInstall", false);Line Deleted : user_pref("ct1561552.HasUserGlobalKeys", true);Line Deleted : user_pref("ct1561552.HomePageProtectorEnabled", false);Line Deleted : user_pref("ct1561552.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");Line Deleted : user_pref("ct1561552.Initialize", true);Line Deleted : user_pref("ct1561552.InitializeCommonPrefs", true);Line Deleted : user_pref("ct1561552.InstallationAndCookieDataSentCount", 3);Line Deleted : user_pref("ct1561552.InstallationType", "Unknown");Line Deleted : user_pref("ct1561552.InstalledDate", "Thu Apr 11 2013 19:31:36 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.IsAlertDBUpdated", true);Line Deleted : user_pref("ct1561552.IsGrouping", false);Line Deleted : user_pref("ct1561552.IsInitSetupIni", true);Line Deleted : user_pref("ct1561552.IsMulticommunity", false);Line Deleted : user_pref("ct1561552.IsOpenThankYouPage", false);Line Deleted : user_pref("ct1561552.IsOpenUninstallPage", true);Line Deleted : user_pref("ct1561552.LanguagePackLastCheckTime", "Thu Apr 11 2013 19:31:59 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.LanguagePackReloadIntervalMM", 1440);Line Deleted : user_pref("ct1561552.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");Line Deleted : user_pref("ct1561552.LastLogin_3.13.0.6", "Thu May 22 2014 10:41:29 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.LatestVersion", "3.20.0.4");Line Deleted : user_pref("ct1561552.Locale", "en");Line Deleted : user_pref("ct1561552.MCDetectTooltipHeight", "83");Line Deleted : user_pref("ct1561552.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");Line Deleted : user_pref("ct1561552.MCDetectTooltipWidth", "295");Line Deleted : user_pref("ct1561552.MyStuffEnabledAtInstallation", true);Line Deleted : user_pref("ct1561552.OriginalFirstVersion", "3.13.0.6");Line Deleted : user_pref("ct1561552.RadioIsPodcast", false);Line Deleted : user_pref("ct1561552.RadioMediaID", "9962");Line Deleted : user_pref("ct1561552.RadioMediaType", "Media Player");Line Deleted : user_pref("ct1561552.RadioMenuSelectedID", "EBRadioMenu_ct15615529962");Line Deleted : user_pref("ct1561552.RadioShrinkedFromSetup", false);Line Deleted : user_pref("ct1561552.RadioStationName", "California%20Rock");Line Deleted : user_pref("ct1561552.RadioStationURL", "hxxp://feedlive.net/california.asx");Line Deleted : user_pref("ct1561552.SearchCaption", "Hotspot Shield Customized Web Search");Line Deleted : user_pref("ct1561552.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");Line Deleted : user_pref("ct1561552.SearchFromAddressBarIsInit", true);Line Deleted : user_pref("ct1561552.SearchInNewTabEnabled", true);Line Deleted : user_pref("ct1561552.SearchInNewTabIntervalMM", 1440);Line Deleted : user_pref("ct1561552.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");Line Deleted : user_pref("ct1561552.SearchProtectorEnabled", false);Line Deleted : user_pref("ct1561552.SearchProtectorToolbarDisabled", false);Line Deleted : user_pref("ct1561552.SendProtectorDataViaLogin", true);Line Deleted : user_pref("ct1561552.ServiceMapLastCheckTime", "Thu May 22 2014 10:41:25 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.SettingsLastCheckTime", "Thu Apr 11 2013 19:31:35 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.SettingsLastUpdate", "1365667975");Line Deleted : user_pref("ct1561552.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3205366&SearchSource=13");Line Deleted : user_pref("ct1561552.ThirdPartyComponentsInterval", 504);Line Deleted : user_pref("ct1561552.ThirdPartyComponentsLastCheck", "Thu Apr 11 2013 19:31:35 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.ThirdPartyComponentsLastUpdate", "1331805997");Line Deleted : user_pref("ct1561552.ToolbarShrinkedFromSetup", false);Line Deleted : user_pref("ct1561552.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3205366");Line Deleted : user_pref("ct1561552.UserID", "UN12515488485757298");Line Deleted : user_pref("ct1561552.alertChannelId", "1626660");Line Deleted : user_pref("ct1561552.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.a[...]Line Deleted : user_pref("ct1561552.globalFirstTimeInfoLastCheckTime", "Thu Apr 11 2013 19:31:45 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.homepageProtectorEnableByLogin", true);Line Deleted : user_pref("ct1561552.initDone", true);Line Deleted : user_pref("ct1561552.isAppTrackingManagerOn", false);Line Deleted : user_pref("ct1561552.isFirstRadioInstallation", false);Line Deleted : user_pref("ct1561552.myStuffEnabled", true);Line Deleted : user_pref("ct1561552.myStuffPublihserMinWidth", 400);Line Deleted : user_pref("ct1561552.myStuffSearchUrl", "hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");Line Deleted : user_pref("ct1561552.myStuffServiceIntervalMM", 1440);Line Deleted : user_pref("ct1561552.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");Line Deleted : user_pref("ct1561552.navigateToUrlOnSearch", false);Line Deleted : user_pref("ct1561552.revertSettingsEnabled", true);Line Deleted : user_pref("ct1561552.searchProtectorDialogDelayInSec", 10);Line Deleted : user_pref("ct1561552.searchProtectorEnableByLogin", true);Line Deleted : user_pref("ct1561552.testingCtid", "CT3205366");Line Deleted : user_pref("ct1561552.toolbarAppMetaDataLastCheckTime", "Thu Apr 11 2013 19:31:45 GMT-0500 (Central Daylight Time)");Line Deleted : user_pref("ct1561552.toolbarContextMenuLastCheckTime", "Thu Apr 11 2013 19:31:45 GMT-0500 (Central Daylight Time)"); [ File : C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\pv5984v9.default\prefs.js ] -\\ Google Chrome v35.0.1916.114 [ File : C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} [ File : C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : dlfienamagdnkekbbbocojppncdambda ************************* AdwCleaner[R0].txt - [23241 octets] - [27/05/2014 16:57:08]AdwCleaner[s0].txt - [23059 octets] - [27/05/2014 17:00:46] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23120 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Home Premium x64Ran by Isaiah on Tue 05/27/2014 at 17:11:58.99~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4196919070-1054228882-4165193383-1001\Software\wajamSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FC368168-6D6A-4B75-B128-97F2F2D223F7} ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\sho480D.tmpSuccessfully deleted: [File] C:\Windows\syswow64\sho713.tmpSuccessfully deleted: [File] C:\Windows\syswow64\shoA5E9.tmpSuccessfully deleted: [File] C:\Windows\syswow64\shoB239.tmpSuccessfully deleted: [File] C:\Windows\syswow64\shoDFEB.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{034CC4FE-5D52-4232-9EDB-1BB0B28FF2C1}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{13A1AD0E-F597-4C75-9D75-7ED745F6A63A}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{1D3892E5-8A56-4553-9090-20B6CCC748D8}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{2383997F-B81A-4E90-94F1-A3338DD5AB3E}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{2C5FA9AD-94AF-40F8-BA9A-246E01044DC3}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{55A39D67-C215-4717-9405-B72A628F416F}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{731EECBE-5EB6-4BA8-985C-7497DFF03942}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{7EFC6EA7-21A6-41B0-963E-0FCC1D359EAA}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{8A5CBE99-7C4C-48BD-92B1-E32F0EB6B149}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{916E98AD-6168-4538-8CD0-2C281C090EC6}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{9251F786-C4AA-43F8-AB3E-6D844AFF6C19}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{96F6FA3C-F98F-40CB-A20D-DBECB745EA28}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{983283FE-31E4-4D20-B902-B0D20CE6B63D}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{98F20FFD-7D8C-4534-9537-392800E81359}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{9CDDB44C-F39C-4576-AF0C-2F324ACBF11A}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{9FA5A4DF-E393-4EB6-8DD4-9073C2367FC9}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{A7A70F4C-AF39-4B44-AED0-58EFF651EFD1}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{B6D087CD-323B-40D4-866F-DE6F69D3B27E}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{B9B56FC8-F547-4C2D-827D-0B1F538AA941}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{BA5F6F18-2F25-40F2-8706-24978B7FDA2F}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{BD7274EC-C504-4294-AA12-FE6F21DE2AB3}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{BDD0F7E4-0F7F-42C7-A104-EABD1C0DF0F9}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{C04FBBE9-C8E6-4A61-AD64-65CB105767E5}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{C2BD80D1-7A8B-4FE0-A8F9-DDAAFD37CC52}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{C2E07F75-C36A-4842-8F10-3620DDAD48D1}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{D019C8BB-EEB6-44E7-B330-39E8677A9A2A}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{DD66ABA7-F341-4D9D-A646-378489031DB6}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{DFA873AA-E4D1-4EB3-9F3E-5EB22A5F7F41}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{F1FCBF3A-4B55-42C9-A76C-BF529561FFC0}Successfully deleted: [Empty Folder] C:\Users\Isaiah\appdata\local\{F51C3946-C636-4B82-B7FB-38B95E2B7C58} ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhj ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 05/27/2014 at 17:43:51.01End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Security check wouldn't run. Said operating system unsupported.
  3. Zygapop
    Here's the log. ComboFix 14-05-26.02 - Isaiah 05/26/2014 11:57:44.5.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.1924 [GMT -5:00]Running from: c:\users\Isaiah\Desktop\ComboFix.exeCommand switches used :: c:\users\Isaiah\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\program files (x86)\Hotspot Shield\ConduitUninstaller.exe""c:\users\Isaiah\Desktop\Text Docs to laptop\New Folder\rs2bot_10481.exe""c:\users\Isaiah\Downloads\cbsidlm-tr1_9-File_Shredder-SEO2-10662831.exe""c:\users\Isaiah\Downloads\cnet_HxDSetupEN_zip.exe""c:\users\Isaiah\Downloads\cnet2_flashsaver_exe.exe""c:\users\Isaiah\Downloads\debutsetup.exe""c:\users\Isaiah\Downloads\HC2Setup.exe""c:\users\Isaiah\Downloads\isobuster_all_lang.exe""c:\users\Isaiah\Downloads\mHotspot_setup_6.5.2.1.exe""c:\users\William\AppData\LocalLow\Hotspot_Shield\ldrtbHots.dll""c:\users\William\AppData\LocalLow\Hotspot_Shield\tbHots.dll""c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[1]""c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[2]""c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[3]""c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[1]""c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[2]""c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[3]"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Hotspot Shield\ConduitUninstaller.exec:\users\Isaiah\Desktop\Text Docs to laptop\New Folder\rs2bot_10481.exec:\users\Isaiah\Downloads\cbsidlm-tr1_9-File_Shredder-SEO2-10662831.exec:\users\Isaiah\Downloads\cnet_HxDSetupEN_zip.exec:\users\Isaiah\Downloads\cnet2_flashsaver_exe.exec:\users\Isaiah\Downloads\debutsetup.exec:\users\Isaiah\Downloads\HC2Setup.exec:\users\Isaiah\Downloads\isobuster_all_lang.exec:\users\Isaiah\Downloads\mHotspot_setup_6.5.2.1.exec:\users\William\AppData\LocalLow\Hotspot_Shield\ldrtbHots.dllc:\users\William\AppData\LocalLow\Hotspot_Shield\tbHots.dllc:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[1]c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[2]c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[3]..((((((((((((((((((((((((( Files Created from 2014-04-26 to 2014-05-26 )))))))))))))))))))))))))))))))..2074-05-08 00:38 . 2006-11-22 02:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2014-05-26 17:13 . 2014-05-26 17:13 -------- d-----w- c:\users\William\AppData\Local\temp2014-05-26 17:13 . 2014-05-26 17:13 -------- d-----w- c:\users\fbwuser\AppData\Local\temp2014-05-26 17:13 . 2014-05-26 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp2014-05-23 11:26 . 2014-05-23 11:26 -------- d-----w- c:\program files (x86)\ESET2014-05-23 10:33 . 2014-05-23 10:33 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DB8BFD7-B784-4748-868E-AECB37886897}\offreg.dll2014-05-21 13:52 . 2014-05-21 13:52 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi2014-05-21 13:11 . 2014-05-26 16:45 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-21 12:11 . 2014-05-21 12:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-05-21 12:11 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-21 12:11 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-21 12:11 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-15 12:32 . 2014-05-15 12:37 -------- d-----w- C:\FRST...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-15 12:15 . 2012-02-19 00:45 516 ---ha-w- c:\windows\Fonts\{333D0A83-1115-46BF-7736-085E6FD6DB40}.dtd2014-04-04 19:04 . 2011-07-21 22:33 45056 ----a-w- c:\windows\system32\acovcnt.exe2014-04-04 18:52 . 2014-04-04 18:52 6000640 ----a-w- c:\program files (x86)\GUTA010.tmp2013-02-16 17:29 . 2013-02-16 17:29 4126720 ----a-w- c:\program files (x86)\GUTF90C.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-2-3 548528].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-22 13:09 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-26 c:\windows\Tasks\ReclaimerUpdateFiles_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-26 c:\windows\Tasks\ReclaimerUpdateXML_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-23 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-18 2189416]"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-12-09 8151040]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localFF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scrAddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exeAddRemove-Smart File Advisor_is1 - c:\program files (x86)\Smart File Advisor\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-05-26 12:18:26ComboFix-quarantined-files.txt 2014-05-26 17:18ComboFix2.txt 2014-05-22 16:26ComboFix3.txt 2014-05-21 12:02ComboFix4.txt 2014-05-20 13:51.Pre-Run: 13,433,438,208 bytes freePost-Run: 13,220,999,168 bytes free.- - End Of File - - A50F0ED9857F2A46B69BBF953C655208A36C5E4F47E84449FF07ED3517B43A31
  4. Zygapop
    C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Win32/Toolbar.Conduit.Y potentially unwanted application C:\Program Files (x86)\Hotspot Shield\ConduitUninstaller.exe Win32/Toolbar.Conduit potentially unwanted application C:\Program Files (x86)\NCH Software\Debut\debut.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Program Files (x86)\NCH Software\Debut\debutsetup_v1.62.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Program Files (x86)\NCH Software\Debut\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Qoobox\Quarantine\C\Program Files (x86)\Smart File Advisor\sfa.exe.vir a variant of Win32/SmartFileAdvisor.A potentially unwanted application C:\Qoobox\Quarantine\C\Program Files (x86)\Smart File Advisor\sfa_inst.exe.vir a variant of Win32/SmartFileAdvisor.A potentially unwanted application C:\Users\Isaiah\Desktop\Text Docs to laptop\New Folder\rs2bot_10481.exe a variant of Win32/InstallIQ.A potentially unwanted application C:\Users\Isaiah\Downloads\cbsidlm-tr1_9-File_Shredder-SEO2-10662831.exe Win32/DownloadAdmin.G potentially unwanted application C:\Users\Isaiah\Downloads\cnet2_flashsaver_exe.exe a variant of Win32/InstallCore.D potentially unwanted application C:\Users\Isaiah\Downloads\cnet_HxDSetupEN_zip.exe a variant of Win32/InstallCore.D potentially unwanted application C:\Users\Isaiah\Downloads\debutsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Users\Isaiah\Downloads\HC2Setup.exe Win32/Somoto.F potentially unwanted application C:\Users\Isaiah\Downloads\isobuster_all_lang.exe a variant of Win32/SmartFileAdvisor.A potentially unwanted application C:\Users\Isaiah\Downloads\mHotspot_setup_6.5.2.1.exe Win32/OpenCandy potentially unsafe application C:\Users\William\AppData\LocalLow\Freecorder\ldrtbFree.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Users\William\AppData\LocalLow\Freecorder\tbFree.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Users\William\AppData\LocalLow\Hotspot_Shield\ldrtbHots.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application C:\Users\William\AppData\LocalLow\Hotspot_Shield\tbHots.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[1] Win32/Toolbar.Zugo.D potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[2] Win32/Toolbar.Zugo.D potentially unwanted application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[3] Win32/Toolbar.Zugo.D potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[1] Win32/Toolbar.Zugo.D potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[2] Win32/Toolbar.Zugo.D potentially unwanted application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\genfix2-a[3] Win32/Toolbar.Zugo.D potentially unwanted application
  5. Zygapop
    "fonts" is blocked and says i require permission from owner or administrator to access. "acovcnt" is nowhere to be found. And i have hidden files and folders on to show. "guta010.tmp" is too large to upload. Only one i uploaded was "c:\program files (x86)\GUTF90C.tmp"
  6. Zygapop
    That seems to have worked though i had to go through a bit to disable avast. For some reason it shows avast was running but i had everything disabled and it even said i did. Quite weird, ComboFix 14-05-19.01 - Isaiah 05/22/2014 11:09:35.4.2 - x64 NETWORKMicrosoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.2875 [GMT -5:00]Running from: c:\users\Isaiah\Desktop\ComboFix.exeCommand switches used :: c:\users\Isaiah\Downloads\CFScript.txtAV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Hotspot Shield\HssIEc:\program files (x86)\Hotspot Shield\HssIE\config.txtc:\program files (x86)\Hotspot Shield\HssIE\config_srch.txtc:\program files (x86)\Hotspot Shield\HssIE\HssIE.dllc:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dllc:\program files (x86)\Smart File Advisorc:\program files (x86)\Smart File Advisor\sfa.exec:\program files (x86)\Smart File Advisor\sfa_inst.exec:\program files (x86)\Smart File Advisor\unins000.datc:\program files (x86)\Smart File Advisor\unins000.exec:\program files (x86)\Smart File Advisor\unins000.msg..((((((((((((((((((((((((( Files Created from 2014-04-22 to 2014-05-22 )))))))))))))))))))))))))))))))..2074-05-08 00:38 . 2006-11-22 02:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2014-05-22 16:21 . 2014-05-22 16:21 -------- d-----w- c:\users\William\AppData\Local\temp2014-05-22 16:21 . 2014-05-22 16:21 -------- d-----w- c:\users\fbwuser\AppData\Local\temp2014-05-22 16:21 . 2014-05-22 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp2014-05-21 14:14 . 2014-05-22 15:42 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DB8BFD7-B784-4748-868E-AECB37886897}\offreg.dll2014-05-21 13:52 . 2014-05-21 13:52 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi2014-05-21 13:11 . 2014-05-22 15:27 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-21 12:11 . 2014-05-21 12:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-05-21 12:11 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-21 12:11 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-21 12:11 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-15 12:32 . 2014-05-15 12:37 -------- d-----w- C:\FRST...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-15 12:15 . 2012-02-19 00:45 516 ---ha-w- c:\windows\Fonts\{333D0A83-1115-46BF-7736-085E6FD6DB40}.dtd2014-04-04 19:04 . 2011-07-21 22:33 45056 ----a-w- c:\windows\system32\acovcnt.exe2014-04-04 18:52 . 2014-04-04 18:52 6000640 ----a-w- c:\program files (x86)\GUTA010.tmp2013-02-16 17:29 . 2013-02-16 17:29 4126720 ----a-w- c:\program files (x86)\GUTF90C.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-05-13 3814736].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-2-3 548528].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).R1 aswSnx;aswSnx; [x]R1 aswSP;aswSP; [x]R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]R2 aswFsBlk;aswFsBlk; [x]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]R2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]R2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-22 13:09 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-02 c:\windows\Tasks\ReclaimerUpdateFiles_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-02 c:\windows\Tasks\ReclaimerUpdateXML_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-22 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-18 2189416]"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-12-09 8151040]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\.- - - - ORPHANS REMOVED - - - -.BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dllToolbar-Locked - (no file)AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scrAddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exeAddRemove-Smart File Advisor_is1 - c:\program files (x86)\Smart File Advisor\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-05-22 11:25:59ComboFix-quarantined-files.txt 2014-05-22 16:25ComboFix2.txt 2014-05-21 12:02ComboFix3.txt 2014-05-20 13:51.Pre-Run: 15,062,298,624 bytes freePost-Run: 14,992,584,704 bytes free.- - End Of File - - 965CB20C439FA3D9C446FFAE2B802535A36C5E4F47E84449FF07ED3517B43A31
  7. Zygapop
    I did the cf script on combo fix again and it got stuck at step 48 and then crashed. I restarted my computer twice before it loaded it up. I don't exactly know what happened.
  8. Zygapop
    Combofix ComboFix 14-05-19.01 - Isaiah 05/21/2014 6:35.2.2 - x64Running from: c:\users\Isaiah\Desktop\ComboFix.exeCommand switches used :: c:\users\Isaiah\Desktop\CFScript.txt..((((((((((((((((((((((((( Files Created from 2014-04-21 to 2014-05-21 )))))))))))))))))))))))))))))))..2074-05-08 00:38 . 2006-11-22 02:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2014-05-21 11:51 . 2014-05-21 11:51 -------- d-----w- c:\users\William\AppData\Local\temp2014-05-21 11:51 . 2014-05-21 11:51 -------- d-----w- c:\users\fbwuser\AppData\Local\temp2014-05-21 11:51 . 2014-05-21 11:51 -------- d-----w- c:\users\Default\AppData\Local\temp2014-05-15 12:32 . 2014-05-15 12:37 -------- d-----w- C:\FRST...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-15 12:15 . 2012-02-19 00:45 516 ---ha-w- c:\windows\Fonts\{333D0A83-1115-46BF-7736-085E6FD6DB40}.dtd2014-04-04 19:04 . 2011-07-21 22:33 45056 ----a-w- c:\windows\system32\acovcnt.exe2014-04-04 18:52 . 2014-04-04 18:52 6000640 ----a-w- c:\program files (x86)\GUTA010.tmp2013-02-16 17:29 . 2013-02-16 17:29 4126720 ----a-w- c:\program files (x86)\GUTF90C.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]2013-04-16 23:57 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-27 3814736].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-2-3 548528].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-16 14:25 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-02 c:\windows\Tasks\ReclaimerUpdateFiles_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-02 c:\windows\Tasks\ReclaimerUpdateXML_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-18 2189416]"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-12-09 8151040]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localFF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scrAddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-05-21 07:02:46ComboFix-quarantined-files.txt 2014-05-21 12:02ComboFix2.txt 2014-05-20 13:51.Pre-Run: 14,772,314,112 bytes freePost-Run: 14,954,397,696 bytes free.- - End Of File - - 265C6BDE1257382DC0395E5151E7F452A36C5E4F47E84449FF07ED3517B43A31
  9. Zygapop
    Malwarebytes log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 5/21/2014Scan Time: 8:13:36 AMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.05.21.05Rootkit Database: v2014.03.27.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Isaiah Scan Type: Threat ScanResult: CompletedObjects Scanned: 343909Time Elapsed: 26 min, 3 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 60PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ContextMenuNotifier.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.ContextMenuNotifier, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ContextMenuNotifier, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.ContextMenuNotifier.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.CustomInternetSecurityImpl.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.CustomInternetSecurityImpl, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.CustomInternetSecurityImpl, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.CustomInternetSecurityImpl.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SMTTB2009.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\Toolbar3.SMTTB2009, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SMTTB2009, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar3.SMTTB2009.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\SMTTB2009.IEToolbar, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\CLASSES\SMTTB2009.IEToolbar.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SMTTB2009.IEToolbar, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SMTTB2009.IEToolbar.1, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{338B4DFE-2E2C-4338-9E41-E176D497299E}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{338B4DFE-2E2C-4338-9E41-E176D497299E}, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.StartNow.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [0dfcca8a49321f177116ff298979db25], PUP.Optional.StartNow.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}, Quarantined, [0dfcca8a49321f177116ff298979db25], PUP.Optional.WeCare.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [4cbdc98bff7c1e1872acda86b15148b8], PUP.Optional.WeCare.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [4cbdc98bff7c1e1872acda86b15148b8], PUP.Optional.WeCare.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lkpmjnommfoljgjbckjmjhkmnhfmcmon, Quarantined, [60a96ce87308df57c1f66422a161fa06], PUP.Optional.Softonic.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [ac5d5cf891ea2d097ae50a85de24a15f], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{01221FCC-4BFB-461C-B08C-F6D2DF309921}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\TbCommonUtils.CommonUtils.1, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\TbCommonUtils.CommonUtils, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TbCommonUtils.CommonUtils, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TbCommonUtils.CommonUtils.1, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{452AE416-9A97-44CA-93DA-D0F15C36254F}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{45CDA4F7-594C-49A0-AAD1-8224517FE979}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{81E852CC-1FD5-4004-8761-79A48B975E29}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B9F43021-60D4-42A6-A065-9BA37F38AC47}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{452AE416-9A97-44CA-93DA-D0F15C36254F}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{45CDA4F7-594C-49A0-AAD1-8224517FE979}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{81E852CC-1FD5-4004-8761-79A48B975E29}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9F43021-60D4-42A6-A065-9BA37F38AC47}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B87F8B63-7274-43FD-87FA-09D3B7496148}, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Hyperionics DB Toolbar, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], Registry Values: 2PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{338B4DFE-2E2C-4338-9E41-E176D497299E}, ä·¾ã⸬ä¸äç¡é鸩, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917]PUP.Optional.BestToolbar.A, HKU\S-1-5-21-4196919070-1054228882-4165193383-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{338B4DFE-2E2C-4338-9E41-E176D497299E}, Quarantined, [2cdd8ec684f72115a9dc29ff689a16ea], Registry Data: 0(No malicious items detected) Folders: 31PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\chrome, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\chrome\logo, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\defaults, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\defaults\preferences, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\META-INF, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\icons, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\modules, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\html, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], Files: 285PUP.Optional.BestToolbar.A, C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll, Quarantined, [9e6bafa5fb80ad897a0b1612dc26e917], PUP.Optional.Conduit.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\searchplugins\conduit.xml, Quarantined, [ed1c4e063e3daa8cc91eff966a9845bb], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\chrome.manifest, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\install.rdf, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\MerchHash.txt, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\chrome\wecarereminder.jar, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\chrome\logo\cotm.bmp, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components\httpModifyListener.js, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.idl, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.js, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components\WCR_MerchantHash.xpt, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components\WCVisitedHash.idl, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components\WCVisitedHash.js, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\components\WCVisitedHash.xpt, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\defaults\preferences\wecarereminder.js, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\META-INF\manifest.mf, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\META-INF\zigbert.rsa, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\wecarereminder@bryan\META-INF\zigbert.sf, Quarantined, [45c478dc19624cea8348ef8ad32f7789], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\bg.html, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\contentscript.js, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\manifest.json, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\icons\128.png, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\icons\16.png, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\icons\256.png, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\icons\32.png, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\icons\48.png, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.Complitly.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\icons\64.png, Quarantined, [20e99db78fecaf8721848bf87b87b24e], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\bg.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\icon_128.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\manifest.json, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\modules.json, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\d_showRedirect.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\if.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\jquery-ui-1.10.2.custom.min.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\jquery-ui-1.8.18.custom.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\options.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\reset-fonts-grids.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\search.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\showRedirect.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\updateNotif.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\updateNotif2.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\updateNotif2light.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\updateNotif3.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\updateNotif3light.css, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\we-care_app_bg.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\animated-overlay.gif, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_diagonals-thick_18_b81900_40x40.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_diagonals-thick_20_666666_40x40.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_flat_10_000000_40x100.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_glass_100_f6f6f6_1x400.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_glass_100_fdf5ce_1x400.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_gloss-wave_35_f6a828_500x100.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_highlight-soft_100_eeeeee_1x100.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-bg_highlight-soft_75_ffe45c_1x100.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-icons_222222_256x240.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-icons_228ef1_256x240.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-icons_ef8c08_256x240.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-icons_ffd27a_256x240.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\css\images\ui-icons_ffffff_256x240.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\app.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\container.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\menu.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\notif.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\options.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\search.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\uninstall.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\update_slide.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\upgrade.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\html\wca_slider.html, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\BOX.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\CHECK.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\close.gif, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\dog.gif, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\dog_wag.gif, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\donate.bmp, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\envelope.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\icon_128.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\logo_dark.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\logo_light.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\logo_sm_v.bmp, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\QUESTION.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\images\X-MARK.png, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\container.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\Controller.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\jquery-1.7.1.min.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\jquery-ui-1.10.2.custom.min.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\jquery-ui-1.8.18.custom.min.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\jquery.numericCounter-1.0.min.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\jquery.rotate.min.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\jquery.ticker.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\jquery.Timers.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\loader.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\menu.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\message.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\options.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\slider.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\uninstall.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\updateButtons.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\update_slide.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\wc.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\js\wca.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\modules\bgAdmon.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\modules\bgSerp.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\modules\csAdmon.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\Isaiah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.21_0\modules\csSerp.js, Quarantined, [9277b3a1413a92a414950c77e61cc53b], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\bg.html, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\manifest.json, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules.json, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\d_showRedirect.css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\if.css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\jquery-ui-1.8.18.custom.css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\options.css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\reset-fonts-grids.css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\search.css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\showRedirect.css, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\we-care_app_bg.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\white_strip.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_diagonals-thick_18_b81900_40x40.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_diagonals-thick_20_666666_40x40.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_flat_10_000000_40x100.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_glass_100_f6f6f6_1x400.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_glass_100_fdf5ce_1x400.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_glass_65_ffffff_1x400.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_gloss-wave_35_f6a828_500x100.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_highlight-soft_100_eeeeee_1x100.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-bg_highlight-soft_75_ffe45c_1x100.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-icons_222222_256x240.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-icons_228ef1_256x240.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-icons_ef8c08_256x240.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-icons_ffd27a_256x240.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\css\images\ui-icons_ffffff_256x240.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\html\app.html, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\html\container.html, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\html\options.html, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\html\search.html, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\html\social_media.txt, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\html\tmpl.json, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\arrow_red.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\aspca_paw.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\BOX.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\CHECK.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\close.gif, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\dog.gif, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\dog_wag.gif, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\donate.bmp, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\envelope.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\heart.gif, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\left-arrow-icon.jpg, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\logo_sm_h.bmp, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\logo_sm_v.bmp, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\puppypaw1.gif, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\puppypaw2.gif, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\puppypaw3.gif, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\puppypaw5.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\QUESTION.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\triangle12.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\we-careBadge.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\we_rec.PNG, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\images\X-MARK.png, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\Controller.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\jquery-1.7.1.min.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\jquery-ui-1.8.18.custom.min.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\jquery.numericCounter.min-1.0.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\jquery.rotate.min.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\jquery.ticker.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\jquery.Timers.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\options.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\slider.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\js\wc.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules\bgAdmon.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules\bgSearchBar.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules\bgSerp.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules\csAdmon.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules\csSearchBar.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.WeCare.A, C:\Users\William\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.17_0\modules\csSerp.js, Quarantined, [28e174e04c2fad89ebbe95eef2106c94], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\affid.dat, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\alert_plugin.dll, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\basis.xml, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\icons.bmp, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\info.txt, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\install.ico, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\MacroParserPlugin.dll, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\mbback.bmp, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\mbbigopen.bmp, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\mbclose.bmp, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\mbfwd.bmp, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\mbsep.bmp, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\nav1c.bmp, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\somoto.dll, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\TbCommonUtils.dll, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.inf, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\TbHelper2.exe, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\uninstall.exe, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\UninstallToolbar.exe, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\update.exe, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Program Files (x86)\Hyperionics DB Toolbar\version.txt, Quarantined, [8683aca87b0068ce1b8f84ffb052659b], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome.manifest, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\install.rdf, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\28.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\47.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\1.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\10.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\11.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\12.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\13.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\14.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\15.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\16.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\17.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\18.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\19.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\2.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\20.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\21.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\22.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\23.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\24.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\25.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\26.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\27.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\29.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\3.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\30.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\31.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\32.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\33.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\34.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\35.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\36.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\37.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\38.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\39.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\4.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\40.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\41.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\42.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\43.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\44.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\45.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\46.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\48.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\49.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\5.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\50.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\51.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\52.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\53.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\54.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\55.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\56.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\57.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\6.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\7.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\8.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\9.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\affid.dat, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\basis.xml, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\bubble.js, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\bubble.xul, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\colorpicker.htm, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\contents.rdf, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\icons.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\info.txt, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\jscontainer.htm, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbback.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbbigopen.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbclose.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbfwd.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mbsep.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\md5.js, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mozilla.xul, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\mymenuitem.xml, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\nav1c.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\options.js, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\options.xul, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\separator.png, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.css, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.js, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.xsl, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tb.xul, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\tbcore3.inf, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Hyperionics.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}\chrome\content\somoto\version.txt, Quarantined, [53b6d97b97e44beb93185c27758d1ee2], PUP.Optional.Conduit.A, C:\Users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\prefs.js, Good: (), Bad: (user_pref("ct1561552.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT3205366&SearchSource=2&q="), Replaced,[48c1ce86176457dff34a582631d36b95] PUP.Optional.CrossRider.A, C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\pv5984v9.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossriderapp21804.adsOldValue", -1), Replaced,[0306f85c8bf011258e3a3a43aa5a4cb4] Physical Sectors: 0(No malicious items detected) (end)
  10. Zygapop
    Here's the combofix log. ComboFix 14-05-19.01 - Isaiah 05/20/2014 8:25.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3692.2329 [GMT -5:00]Running from: c:\users\Isaiah\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ENDc:\users\Isaiah\AppData\Roaming\mIRC\logs\status.logc:\windows\msvcr71.dllD:\install.exe..((((((((((((((((((((((((( Files Created from 2014-04-20 to 2014-05-20 )))))))))))))))))))))))))))))))..2074-05-08 00:38 . 2006-11-22 02:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe2014-05-20 13:45 . 2014-05-20 13:45 -------- d-----w- c:\users\William\AppData\Local\temp2014-05-20 13:45 . 2014-05-20 13:45 -------- d-----w- c:\users\fbwuser\AppData\Local\temp2014-05-20 13:45 . 2014-05-20 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp2014-05-15 12:32 . 2014-05-15 12:37 -------- d-----w- C:\FRST...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-05-15 12:15 . 2012-02-19 00:45 516 ---ha-w- c:\windows\Fonts\{333D0A83-1115-46BF-7736-085E6FD6DB40}.dtd2014-04-04 19:04 . 2011-07-21 22:33 45056 ----a-w- c:\windows\system32\acovcnt.exe2014-04-04 18:52 . 2014-04-04 18:52 6000640 ----a-w- c:\program files (x86)\GUTA010.tmp2013-02-16 17:29 . 2013-02-16 17:29 4126720 ----a-w- c:\program files (x86)\GUTF90C.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]2013-04-16 23:57 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{338B4DFE-2E2C-4338-9E41-E176D497299E}"= "c:\program files (x86)\Hyperionics DB Toolbar\tbcore3.dll" [2011-06-23 2398720].[HKEY_CLASSES_ROOT\clsid\{338b4dfe-2e2c-4338-9e41-e176d497299e}][HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009.3][HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}][HKEY_CLASSES_ROOT\SMTTB2009.SMTTB2009].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 4411952]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-27 3814736].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-2-3 548528].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [x]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]S2 Macro Expert;Macro Expert;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe;c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]S2 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe;c:\program files (x86)\TightVNC\tvnserver.exe [x]S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-16 14:25 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57].2014-05-02 c:\windows\Tasks\ReclaimerUpdateFiles_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-02 c:\windows\Tasks\ReclaimerUpdateXML_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18].2014-05-18 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Isaiah.job- c:\users\Isaiah\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-06 22:18]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]@="{64174815-8D98-4CE6-8646-4C039977D808}"[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-18 2189416]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2009-12-09 8151040]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\5d3ho2fr.default\FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205366&SearchSource=2&q=.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-AdobeBridge - (no file)Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exeAddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scrAddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-05-20 08:51:27ComboFix-quarantined-files.txt 2014-05-20 13:51.Pre-Run: 14,942,883,840 bytes freePost-Run: 14,993,874,944 bytes free.- - End Of File - - D913C680579619C340431B10AA390BCAA36C5E4F47E84449FF07ED3517B43A31
  11. Zygapop
    Hi there marius. Thank you for taking your time to help me. Here are the logs you requested from GMER GMER 2.1.19357 - http://www.gmer.netRootkit scan 2014-05-16 09:49:35Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000075 WDC_WD32 rev.01.0 298.09GBRunning: onll5pyy.exe; Driver: C:\Users\Isaiah\AppData\Local\Temp\uwdiqpod.sys ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\svchost.exe [404:6652] 000007fefbe74af4Thread C:\Windows\system32\svchost.exe [404:6964] 000007fefbe74af4Thread C:\Windows\system32\svchost.exe [1116:5564] 000007fefa536ed4Thread C:\Windows\system32\svchost.exe [1116:4604] 000007fefa536b8cThread C:\Windows\System32\spoolsv.exe [1856:2776] 000007fef87710c8Thread C:\Windows\System32\spoolsv.exe [1856:2784] 000007fef8736144Thread C:\Windows\System32\spoolsv.exe [1856:2788] 000007fef8525fd0Thread C:\Windows\System32\spoolsv.exe [1856:2792] 000007fef8513438Thread C:\Windows\System32\spoolsv.exe [1856:2796] 000007fef85263ecThread C:\Windows\System32\spoolsv.exe [1856:2804] 000007fef8b65e5cThread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:4896] 000007fef63dcc10Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:4880] 000007fef629b564Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:6768] 000007fef629b564Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:6864] 000007fefead0168Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:5396] 000007fefead0168Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:7628] 000007fefb2e2a7cThread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:7908] 000007fef629143cThread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:7964] 000007fef629b564Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:7968] 000007fef63af718Thread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:8072] 000007fefa991ebcThread C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [2072:7268] 000007fef629b564---- Processes - GMER 2.1 ---- Library C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [6716] (RealPlayer Chrome Browser Helper/RealNetworks, Inc.)(2012-03-16 11:35:31) 000000006b790000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{A90E2760-3E8C-4BC4-BA6D-1B57BACCA489}\Connection@Name isatap.{0D99C3B7-6212-40FD-82F3-02FDE8E34F6C}Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{49E857D9-A183-4918-BA5D-D940AC5B4265}?\Device\{812CE429-7634-4131-AF45-28495E0303CF}?\Device\{8219A393-E9FB-461B-9064-D1C88EC6AE5C}?\Device\{A90E2760-3E8C-4BC4-BA6D-1B57BACCA489}?\Device\{CF72CCF1-547D-4C61-BB86-A88493E214AC}?\Device\{1E8FD85C-A982-4AA6-BDFD-6B54FD25E666}?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{49E857D9-A183-4918-BA5D-D940AC5B4265}"?"{812CE429-7634-4131-AF45-28495E0303CF}"?"{8219A393-E9FB-461B-9064-D1C88EC6AE5C}"?"{A90E2760-3E8C-4BC4-BA6D-1B57BACCA489}"?"{CF72CCF1-547D-4C61-BB86-A88493E214AC}"?"{1E8FD85C-A982-4AA6-BDFD-6B54FD25E666}"?Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{49E857D9-A183-4918-BA5D-D940AC5B4265}?\Device\TCPIP6TUNNEL_{812CE429-7634-4131-AF45-28495E0303CF}?\Device\TCPIP6TUNNEL_{8219A393-E9FB-461B-9064-D1C88EC6AE5C}?\Device\TCPIP6TUNNEL_{A90E2760-3E8C-4BC4-BA6D-1B57BACCA489}?\Device\TCPIP6TUNNEL_{CF72CCF1-547D-4C61-BB86-A88493E214AC}?\Device\TCPIP6TUNNEL_{1E8FD85C-A982-4AA6-BDFD-6B54FD25E666}?Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d7288d Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A90E2760-3E8C-4BC4-BA6D-1B57BACCA489}@InterfaceName isatap.{0D99C3B7-6212-40FD-82F3-02FDE8E34F6C}Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{A90E2760-3E8C-4BC4-BA6D-1B57BACCA489}@ReusableType 0Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FB206D03-BD19-4B22-ADE9-6EEFB1AD03BF}@LeaseObtainedTime 1400250680Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FB206D03-BD19-4B22-ADE9-6EEFB1AD03BF}@T1 1400250807Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FB206D03-BD19-4B22-ADE9-6EEFB1AD03BF}@T2 1400250903Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{FB206D03-BD19-4B22-ADE9-6EEFB1AD03BF}@LeaseTerminatesTime 1400250935Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d7288d (not active ControlSet) ---- EOF - GMER 2.1 ----
  12. Zygapop
    After i built my computer I don't really use my laptop. but i'm going on vacation soon and you guys have helped me so much with my main computer. it's extremely infected cause i downloaded so much garbage when i used to use it all the time and i've learned my lesson now. It runs almost so slow that it gets to the point where it's unusable, i think it even might have a keylogger in it which I'm kinda nervous about it. I know It's infected with alot of adware. Also alot of things are outdated because I haven't used it in almost a year Here's the FRST logs. FRST.txt Addition.txt
  13. Zygapop
    Thank you so much. My computer is running so much more faster after all this and the problems are finally solved. IF i could i would definitely buy malwarebytes premium. at the moment i can't and i will definitely read all the topics. If there's anything else you want to tell me about than alrighty but if not i guess this is the end of the road. Thank you again!
  14. Zygapop
    The computer is running alot faster, alot smoother and better in general. There's really not much at all. My clock is still not synchronizing properly but i feel now that it's something to do with my computer itself. The windows updates went through perfectly fine, and the computer shuts down without hesitation. I still have UAC turned off. i fear if i turn it back on i will get a ton of "consent.exe" which was locking up my computer from the beginning. Should i try it? or is it fine to leave off? Also, restore points are now saving. None were saving beforehand which i think i forgot to mention. Here's the security check. Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 55 Adobe Flash Player 13.0.0.206 Adobe Reader XI Mozilla Firefox (28.0) Google Chrome 34.0.1847.131 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  15. Zygapop
    Installed it, Updated it, and scanned. Absolutely nothing was found at all. Also a side note my computer is loading up about 6 seconds faster and alot of things are smoother. I think avg was locking my computer down really hard.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.