Jump to content

Malwarebytes - Install CoCreateInstance failed


Recommended Posts

This sure seems to duplicate an earlier thread, but one that was never finished. I could really use some help here: https://forums.malwa...howtopic=129242

Trying to get a machine back from an infection of ICE Security virus.  The virus is no longer starting, but I am unable to install MalwareBytes due to the error in the title of this post. In addition, IE starts but terminates within seconds. Chrome is working.

As in the other thread, I downloaded ERUNT, and got the same error there, CoCreateInstance failed. However it seemed to complete the backup anyway.

I downloaded MalwareBytes anti-rootkit (I had previously run Kaspersky Anti Rootkit, and it found nothing, so thank you for making a better one) and it found:

c:\programdata\clgclbgh.cpp [trojan.fakeMS.ED]

... but then the app froze.

I rebooted into safe mode command prompt and deleted c:\programdata\clgclbgh.cpp.  I saw a similarly random file name with the same create date, but I opted not to delete it but to try the rootkit scan again.

 

The second rootkit scan proceeded past the previous halt. and ran clean.

 

Junkware Removal Tool was run.

 

AdwCleaner was run.

IE  starts then terminates without allowing any user input. So I needed to use Chrome for ESET Online Scanner.  When I ran it, it got to 44% and the file itunes64.msi and seems to make no further progress (after finding 108 items including win64/Reveton.A trojan and a lot of potentially unwanted apps.

 

I've run ESET a second time, not scanning archives, and have a log file.

Now, I need some direction on proceeding...
 

esetlog.txt

JRT.txt

mbar-log-2014-03-23 (15-33-25).txt

system-log.txt

AdwCleanerS0.txt

Link to post
Share on other sites

  • 2 weeks later...

The computer has only IE and Chrome. IE won't start at all. Chrome gives me an error when I try to download dd.scr.  I can download firefox from chrome. So I successfully installed firefox.

 

But whether I try to use chrome or firefox to get access to dd.scr or dd.com, I get "class not registered" if I try to move the file to the desktop. So I ran it from the download folder, and yeah, it ran ok. I had a lot of trouble getting the files off the machine, over to this one I am mailing with, but I got it.

 

Thank you for your help, and I will be prompter at replying to your requests for more stuff.

attach.zip

dds.zip

Link to post
Share on other sites

oh, I mis read.  Here are the logs, long hand...

 

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2011 11:28:35 PM
System Uptime: 4/6/2014 3:26:22 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 08VFX1
Processor: Intel® Core i5 CPU       M 460  @ 2.53GHz | U2E1 | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 390.734 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP244: 2/12/2014 8:35:34 PM - Windows Update
RP245: 2/12/2014 10:37:41 PM - Windows Update
RP246: 2/16/2014 8:52:40 PM - Windows Update
RP247: 2/22/2014 7:27:10 PM - Windows Update
RP248: 2/28/2014 3:27:39 PM - Windows Update
RP249: 3/4/2014 7:12:11 PM - Windows Update
RP250: 3/4/2014 8:02:20 PM - Windows Update
RP251: 3/13/2014 9:30:21 AM - Windows Update
RP252: 3/13/2014 9:56:11 AM - Windows Update
RP253: 3/21/2014 3:19:21 PM - Restore Operation
RP254: 3/23/2014 2:28:09 PM - Windows Update
RP255: 3/24/2014 3:00:38 AM - Windows Update
RP256: 4/6/2014 4:31:28 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7)
Allyrics-23
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVSDK5
BetterBrowse
Bonjour
Call of Duty® 2
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell C1765 Color MFP
Dell Resource CD
Dell Toolbar
Dell V310-V510 Series
DW WLAN Card Utility
ERUNT 1.1j
ESET Online Scanner v3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
iolo technologies' System Mechanic Professional
iTunes
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Nuance Cloud Connector
Nuance PaperPort 14
Nuance PDF Viewer Plus
Online Plug-in
PaperPort Image Printer 64-bit
PowerDVD DX
QuickTime
Scansoft PDF Professional
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Self-service Plug-in
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 6.3
System Mechanic 11 Professional
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
.
==== Event Viewer Messages From Past Week ========
.
4/6/2014 4:32:50 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition.
4/6/2014 4:28:11 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/6/2014 4:27:35 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  FileDisk
4/6/2014 4:27:17 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater18.0.0 service failed to start due to the following error:  The system cannot find the file specified.
4/6/2014 3:34:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition.
4/6/2014 3:34:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).
4/6/2014 3:33:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition.
4/6/2014 3:33:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition.
4/6/2014 3:33:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition.
.
==== End Of File ===========================
 

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518
Run by yvonne at 15:42:47 on 2014-04-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.1976 [GMT -4:00]
.
AV: System Shield *Disabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Disabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\alg.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - <orphaned>
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\f9fec791-154e-440d-9c1c-3a674faf3b3f.exe /check
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - <orphaned>
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>


TCP: NameServer = 192.168.111.254
TCP: Interfaces\{74F19999-D8B9-4960-90AF-36879B64BC46} : DHCPNameServer = 192.168.111.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\fvrahd6z.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Dell Printers\PDFViewer\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Dell Printers\PDFViewer\Bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-22 208928]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-3-22 1039096]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-3-22 423240]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-1-8 50976]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-6-29 91864]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2011-12-30 30752]
R2 AMP;Active Malware Protection Minifilter Driver;C:\Windows\System32\drivers\amp.sys [2012-8-24 173408]
R2 AMPSE;Active Malware Protection Support Driver;C:\Windows\System32\drivers\ampse.sys [2011-12-30 1504608]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-22 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-22 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2011-12-30 45224]
R2 DLNBDB;Dell Status Monitor Database;C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [2012-8-21 243048]
R2 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-9-29 29552]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-8-20 1072664]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe [2012-6-21 219536]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-8-20 82160]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-30 2533400]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-8-24 121696]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-8-24 119136]
R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-8-24 181600]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-12-30 20984]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-12-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-12-30 158720]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-30 271872]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2009-12-22 74280]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [?]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-22 84816]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-3-22 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-23 91352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-30 1255736]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-04-06 19:36:27    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{49319C7A-DD5C-4036-BE9B-996D7186E728}\mpengine.dll
2014-04-06 19:36:03    --------    d-----w-    C:\Users\yvonne\AppData\Local\Mozilla
2014-03-24 07:23:57    --------    d-sh--w-    C:\found.001
2014-03-24 07:12:10    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-03-23 20:40:34    --------    d-----w-    C:\Program Files (x86)\ESET
2014-03-23 20:18:03    --------    d-----w-    C:\AdwCleaner
2014-03-23 20:07:24    --------    d-----w-    C:\Windows\ERUNT
2014-03-23 19:51:05    484864    ----a-w-    C:\Windows\System32\wer.dll
2014-03-23 19:51:05    381440    ----a-w-    C:\Windows\SysWow64\wer.dll
2014-03-23 19:51:01    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-03-23 19:39:22    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-03-23 19:39:22    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-03-23 19:35:35    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-03-23 19:35:35    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-23 18:47:19    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 18:47:17    119000    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-23 18:44:16    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-23 03:55:37    --------    d-----w-    C:\Users\yvonne\AppData\Roaming\Dropbox
2014-03-23 03:55:36    --------    d-----w-    C:\Users\yvonne\AppData\Roaming\AVAST Software
2014-03-23 03:49:20    84816    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-03-23 03:49:19    208928    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-03-23 03:49:17    1039096    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-03-23 03:49:15    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-03-23 03:49:14    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-23 03:49:13    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-03-23 03:49:07    43152    ----a-w-    C:\Windows\avastSS.scr
2014-03-23 03:48:43    --------    d-----w-    C:\Program Files\AVAST Software
2014-03-23 03:47:46    --------    d-----w-    C:\ProgramData\AVAST Software
2014-03-23 03:36:47    --------    d-----w-    C:\$RECYCLE.BIN
2014-03-23 03:18:03    208896    ----a-w-    C:\Windows\MBR.exe
2014-03-23 03:18:01    98816    ----a-w-    C:\Windows\sed.exe
2014-03-23 03:18:01    256000    ----a-w-    C:\Windows\PEV.exe
2014-03-23 03:17:54    --------    d-----w-    C:\ComboFix
2014-03-23 03:06:00    32512    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-03-23 02:47:15    --------    d-----w-    C:\Windows\pss
2014-03-23 02:28:16    --------    d-----w-    C:\Users\yvonne\AppData\Roaming\Malwarebytes
2014-03-23 02:27:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-03-23 02:27:49    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-23 02:27:49    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 00:36:00    --------    d-----w-    C:\Program Files\HitmanPro
2014-03-23 00:30:51    --------    d-----w-    C:\ProgramData\HitmanPro
2014-03-22 23:45:17    --------    d-----w-    C:\found.000
2014-03-13 04:25:30    333044    ----atw-    C:\ProgramData\hgblcglc.zvv
.
==================== Find3M  ====================
.
2014-03-31 13:35:08    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-03 23:08:45    50976    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 15:44:13.05 ===============
 

Link to post
Share on other sites

Hi bluffwood,

It looks like iolo System Mechanic might be causing you some problems installing MBAM and other programs. Some options of that tool can corrupt the windows installer service which can prevent programs from properly being installed. You can always reinstall the iolo software once we are done and your system is clean.

It also looks like you have run ComboFix in the past. How long ago did you run it and do you still have the log for it?

Note: ComboFix is an extremely powerful tool written by sUBs. We strongly suggest you refrain from using ComboFix in an unsupervised environment on your own, and only when called for by an expert.

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
---------------------

Please go to Start > Control Panel > Programs and Features and remove the following (if present):

Allyrics-23

AVSDK5

BetterBrowse

iolo technologies' System Mechanic Professional

System Mechanic 11 Professional

---------------------

Please download the Farbar Recovery Scan Tool and save it to your desktop.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
Link to post
Share on other sites

I tried to uninstall everything on your list. The uninstall failed for everyone, suggesting it was not found.

 

Combofix was run on 3/22.  This is the log:

ComboFix 14-03-23.01 - yvonne 03/22/2014  23:19:10.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3893.2288 [GMT -4:00]
Running from: c:\users\yvonne\Downloads\ComboFix.exe
AV: System Shield *Disabled/Updated* {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
SP: System Shield *Disabled/Updated* {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Allyrics-23
c:\program files (x86)\Allyrics-23\44212.xpi
c:\program files (x86)\Allyrics-23\Allyrics-23-updater.exe
c:\program files (x86)\Allyrics-23\Uninstall.exe
c:\program files (x86)\Allyrics-23\utils.exe
c:\program files (x86)\SearchProtect
c:\program files (x86)\SearchProtect\EULA.txt
c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll_1389822813322
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll_1390869113955
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll_1391036729052
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll_1391036729130
c:\program files (x86)\SearchProtect\Main\bin\SPtool.dll_1391468120431
c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe
c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat
c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png
c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png
c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js
c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html
c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html
c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js
c:\program files (x86)\SearchProtect\UI\dialogs\style.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0\1
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\background.html
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\crossriderManifest.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\manifest.xml
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\1_base.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\102_dealply_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\103_intext_5_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\104_jollywallet_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\105_corticas_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\108_icm_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\119_similar_web_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\120_luck_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\123_intext_adv_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\125_arcadi2_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\127_revizer_p_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\135_arcadi3_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\138_getdeal_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\142_intext_fa_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\17_jQuery.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\175_coolmirage_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\189_active_sanity.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\190_pops_5_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\191_ciuvo_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\21_debug.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\22_resources.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\28_initializer.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\47_resources_background.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\5_notifications.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\64_appApiMessage.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\7_hooks.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\72_appApiValidation.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\9_search_engine_hook.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\background.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\extensionData\userCode\extension.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\actions\1.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon128.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon16.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\icons\icon48.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\chrome.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\cookie.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\message.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageAction.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\api\pageActionBG.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\background.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\app_api.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\bg_app_api.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\consts.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\cookie_store.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\crossriderAPI.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\delegate.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\events.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\extensionDataStore.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\installer.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logFile.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\logging.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\onBGDocumentLoad.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\newPopup.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\popupResource\popup.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\reports.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\storageWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\updateManager.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\util.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\lib\xhr.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\js\main.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\manifest.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.25.32_0\popup.html
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\background.html
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\chromeCoreFilesIndex.txt
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\crossriderManifest.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\extensionData\manifest.xml
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\extensionData\plugins.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\icons\actions\1.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\icons\icon128.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\icons\icon16.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\icons\icon48.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\manifest.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.104_0\popup.html
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\background.html
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\chromeCoreFilesIndex.txt
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\crossriderManifest.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\manifest.xml
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\1_base.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\102_dealply_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\103_intext_5_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\104_jollywallet_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\123_intext_adv_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\17_jQuery.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\182_openUrl.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\183_tabsWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\189_active_sanity.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\191_ciuvo_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\207_dbWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\21_debug.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\217_similar_products_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\22_resources.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\223_imonomy_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\226_set_campaign_id_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\246_setup.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\28_initializer.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\47_resources_background.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\5_notifications.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\64_appApiMessage.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\7_hooks.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\72_appApiValidation.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\79_CrossriderDailyPing.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\9_search_engine_hook.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\userCode\background.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\extensionData\userCode\extension.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\icons\actions\1.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\icons\icon128.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\icons\icon16.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\icons\icon48.png
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\api\chrome.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\api\cookie.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\api\message.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\api\monitor.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\api\pageAction.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\api\pageActionBG.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\background.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\app_api.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\bg_app_api.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\consts.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\cookie_store.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\crossriderAPI.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\delegate.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\events.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\extensionDataStore.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\installer.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\logFile.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\logging.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\onBGDocumentLoad.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\popupResource\newPopup.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\popupResource\popup.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\reports.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\storageWrapper.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\updateManager.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\util.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\lib\xhr.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\main.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\js\platformVersion.js
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\manifest.json
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb\1.26.107_0\popup.html
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\000025.ldb
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\000027.ldb
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\000028.log
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\CURRENT
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOCK
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOG
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\LOG.old
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kikjpgpbpnapbimplfcbcbakjacpgceb\MANIFEST-000026
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0.localstorage-journal
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kikjpgpbpnapbimplfcbcbakjacpgceb_0.localstorage
c:\users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\SysWow64\delete.bat
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-23 to 2014-03-23  )))))))))))))))))))))))))))))))
.
.
2014-03-23 03:33 . 2014-03-23 03:33    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-23 03:06 . 2014-03-23 03:06    32512    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2014-03-23 02:28 . 2014-02-06 09:01    10536864    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD096F69-902A-4468-900D-80A15DE10107}\mpengine.dll
2014-03-23 02:28 . 2014-03-23 02:28    --------    d-----w-    c:\users\yvonne\AppData\Roaming\Malwarebytes
2014-03-23 02:27 . 2014-03-23 02:27    --------    d-----w-    c:\programdata\Malwarebytes
2014-03-23 02:27 . 2014-03-23 03:07    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2014-03-23 02:27 . 2013-04-04 18:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-03-23 00:36 . 2014-03-23 00:36    --------    d-----w-    c:\program files\HitmanPro
2014-03-23 00:30 . 2014-03-23 03:05    --------    d-----w-    c:\programdata\HitmanPro
2014-03-22 23:45 . 2014-03-22 23:45    --------    d-----w-    C:\found.000
2014-03-13 04:25 . 2014-03-13 04:25    333044    ----atw-    c:\programdata\hgblcglc.zvv
2014-03-13 04:25 . 2014-03-13 04:25    155648    ----a-w-    c:\programdata\clgclbgh.cpp
2014-03-03 23:09 . 2014-03-23 05:20    --------    d-----w-    c:\programdata\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-23 02:40 . 2014-03-23 02:40    15026    ----a-w-    C:\YVONNE-LAPTOP_2014.03.22-2237.01_86312E92-00B3-005C-00A7-0071045268B4_16388.zip
2014-03-03 23:08 . 2014-01-08 20:28    50976    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-02-17 01:53 . 2011-12-30 20:39    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-02-06 12:16 . 2014-02-13 03:38    23170048    ----a-w-    c:\windows\system32\mshtml.dll
2014-02-06 11:30 . 2014-02-13 03:38    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-06 11:30 . 2014-02-13 03:38    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-02-06 11:12 . 2014-02-13 03:38    2765824    ----a-w-    c:\windows\system32\iertutil.dll
2014-02-06 11:07 . 2014-02-13 03:38    66048    ----a-w-    c:\windows\system32\iesetup.dll
2014-02-06 11:06 . 2014-02-13 03:38    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-02-06 10:57 . 2014-02-13 03:38    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2014-02-06 10:56 . 2014-02-13 03:38    33792    ----a-w-    c:\windows\system32\iernonce.dll
2014-02-06 10:52 . 2014-02-13 03:38    574976    ----a-w-    c:\windows\system32\ieui.dll
2014-02-06 10:49 . 2014-02-13 03:38    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-06 10:48 . 2014-02-13 03:38    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-02-06 10:48 . 2014-02-13 03:38    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-02-06 10:32 . 2014-02-13 03:38    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2014-02-06 10:20 . 2014-02-13 03:38    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2014-02-06 10:17 . 2014-02-13 03:38    195584    ----a-w-    c:\windows\system32\msrating.dll
2014-02-06 10:11 . 2014-02-13 03:38    5768704    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-06 10:01 . 2014-02-13 03:38    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2014-02-06 10:00 . 2014-02-13 03:38    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:57 . 2014-02-13 03:38    627200    ----a-w-    c:\windows\system32\msfeeds.dll
2014-02-06 09:50 . 2014-02-13 03:38    2041856    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-06 09:47 . 2014-02-13 03:38    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-02-06 09:46 . 2014-02-13 03:38    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2014-02-06 09:25 . 2014-02-13 03:38    4244480    ----a-w-    c:\windows\SysWow64\jscript9.dll
2014-02-06 09:24 . 2014-02-13 03:38    2334208    ----a-w-    c:\windows\system32\wininet.dll
2014-02-06 09:22 . 2014-02-13 03:38    13051392    ----a-w-    c:\windows\system32\ieframe.dll
2014-02-06 09:09 . 2014-02-13 03:38    1964032    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2014-02-06 08:55 . 2014-02-13 03:38    1393664    ----a-w-    c:\windows\system32\urlmon.dll
2014-02-06 08:41 . 2014-02-13 03:38    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2014-02-06 08:40 . 2014-02-13 03:38    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-01-06 00:13 . 2014-01-06 00:13    45056    ----a-r-    c:\users\yvonne\AppData\Roaming\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
2014-01-06 00:13 . 2014-01-06 00:13    45056    ----a-r-    c:\users\yvonne\AppData\Roaming\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2013-12-24 23:09 . 2014-02-13 01:41    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 01:41    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Service;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys;c:\windows\SYSNATIVE\Drivers\amp.sys [x]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys;c:\windows\SYSNATIVE\Drivers\ampse.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe;c:\windows\SYSNATIVE\dleacoms.exe [x]
S2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\dleaserv.exe [x]
S2 DLNBDB;Dell Status Monitor Database;c:\program files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe;c:\program files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [x]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Update BetterBrowse;Update BetterBrowse;c:\program files (x86)\BetterBrowse\updateBetterBrowse.exe;c:\program files (x86)\BetterBrowse\updateBetterBrowse.exe [x]
S2 Util BetterBrowse;Util BetterBrowse;c:\program files (x86)\BetterBrowse\bin\utilBetterBrowse.exe;c:\program files (x86)\BetterBrowse\bin\utilBetterBrowse.exe [x]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [x]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [x]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [x]
S2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 00:34    1150280    ----a-w-    c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 20:19]
.
2014-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08 20:19]
.
2014-03-23 c:\windows\Tasks\weDownload Manager Pro-chromeinstaller.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe [2014-01-06 00:11]
.
2014-03-23 c:\windows\Tasks\weDownload Manager Pro-codedownloader.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe [2014-01-06 00:11]
.
2014-03-23 c:\windows\Tasks\weDownload Manager Pro-enabler.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe [2014-01-06 00:12]
.
2014-03-23 c:\windows\Tasks\weDownload Manager Pro-firefoxinstaller.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-firefoxinstaller.exe [2014-01-06 00:11]
.
2014-03-23 c:\windows\Tasks\weDownload Manager Pro-updater.job
- c:\program files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe [2014-01-06 00:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2011-09-30 02:27    215920    ----a-w-    c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2011-09-30 02:30    195440    ----a-w-    c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.43.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{11111111-1111-1111-1111-110411361128} - (no file)
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
ShellIconOverlayIdentifiers-{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} - (no file)
ShellIconOverlayIdentifiers-{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
SafeBoot-AMP
SafeBoot-AMPSE
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Allyrics-23 - c:\program files (x86)\Allyrics-23\Uninstall.exe
AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-03-22  23:46:56 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-23 03:46
.
Pre-Run: 420,379,770,880 bytes free
Post-Run: 420,373,172,224 bytes free
.
- - End Of File - - E486B15F40253A46819CC152DC1C5B17
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

listing of addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by yvonne at 2014-04-07 18:47:52
Running from C:\Users\yvonne\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: System Shield (Disabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Shield (Disabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Allyrics-23 (HKLM-x32\...\Allyrics-23) (Version: 1.29.153.3 - software-AumLLpost) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
AVSDK5 (Version: 5.3.20 - Commtouch, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.2 - Activision)
Call of Duty® 2 (x32 Version: 1.2 - Activision) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Authentication Manager (x32 Version: 2.0.0.41479 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.1.0.64094 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell C1765 Color MFP (HKLM-x32\...\InstallShield_{11447787-B300-4F1A-8F75-E54349DA9670}) (Version: 1.006.0 - Dell Inc.)
Dell C1765 Color MFP (x32 Version: 1.006.0 - Dell Inc.) Hidden
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell Toolbar (HKLM-x32\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - )
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version:  - Dell, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.18 - Dell Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 11.7.1 - iolo technologies, LLC)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Macromedia Flash 8 (HKLM-x32\...\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}) (Version: 8.00.0000 - Macromedia)
Macromedia Flash 8 Video Encoder (HKLM-x32\...\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}) (Version: 1.00.0000 - Macromedia)
Macromedia Flash Player 8 (HKLM-x32\...\{885A63EA-382B-4DD4-A755-14809B8557D6}) (Version: 8.0.22.0 - Macromedia)
Macromedia Flash Player 8 Plugin (HKLM-x32\...\{91057632-CA70-413C-B628-2D3CDBBB906B}) (Version: 8.0.22.0 - Macromedia)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Nuance Cloud Connector (HKLM-x32\...\{9E63B181-A826-4765-9348-35E439AF7941}) (Version: 3.2.761 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{848ABE9C-B7AA-4064-809F-7F38616918FF}) (Version: 14.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{12D745BA-7DEE-45C4-B2EA-E8CABE4361DE}) (Version: 7.10.3211 - Nuance Communications, Inc.)
Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.0.14735.1561 - Microsoft Corporation)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
System Mechanic 11 Professional (x32 Version: 11.7.1 - ) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)

==================== Restore Points  =========================

17-02-2014 01:52:40 Windows Update
23-02-2014 00:27:10 Windows Update
28-02-2014 20:27:39 Windows Update
05-03-2014 00:12:11 Windows Update
05-03-2014 01:02:20 Windows Update
13-03-2014 13:30:21 Windows Update
13-03-2014 13:56:11 Windows Update
21-03-2014 19:19:21 Restore Operation
23-03-2014 18:28:09 Windows Update
24-03-2014 07:00:38 Windows Update
06-04-2014 20:31:28 Windows Update
07-04-2014 07:00:33 Windows Update
07-04-2014 22:12:44 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-03-22 23:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {075EE03F-838E-4C28-8B4F-4500D209E6C7} - \weDownload Manager Pro-chromeinstaller No Task File
Task: {0F8C4BF0-159A-4E74-BC84-FF8F344F77C6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23455561-E814-49D0-8263-F8CD561C51C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {6915E614-4FF8-4316-84BA-7BA34BD4A6CC} - \weDownload Manager Pro-firefoxinstaller No Task File
Task: {9372897B-1001-44E8-ADDB-799AB31CDBA6} - \weDownload Manager Pro-enabler No Task File
Task: {B5C133C2-81FD-4535-BB4B-0E17D344AB1B} - \weDownload Manager Pro-codedownloader No Task File
Task: {BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} - \weDownload Manager Pro-updater No Task File
Task: {BFC1AFE7-8F30-4ABD-9995-D514FE819526} - \LaunchApp No Task File
Task: {C61EB912-EE2E-49C9-B1CB-972EE67A8A99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-18 23:38 - 2012-03-14 13:03 - 00028160 _____ () C:\Windows\System32\dltfm1zlm.DLL
2011-12-30 20:31 - 2009-12-31 02:17 - 00053760 _____ () C:\Windows\System32\DLEAPMON.DLL
2011-12-30 20:31 - 2009-01-13 09:15 - 05709824 _____ () C:\Windows\System32\DLEAOEM.DLL
2011-12-30 20:33 - 2009-11-04 09:17 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dleadrpp.dll
2013-10-18 23:38 - 2012-06-20 15:15 - 00032768 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dltfm1zPP.dll
2013-10-18 23:38 - 2012-08-17 08:44 - 12874752 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dlthm1zRC.DLL
2011-12-30 20:33 - 2010-05-21 18:20 - 00045224 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
2012-08-21 10:41 - 2012-08-21 10:41 - 00243048 _____ () C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
2011-09-29 22:07 - 2011-09-29 22:07 - 00222064 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
2014-04-07 03:20 - 2014-04-07 03:20 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040700\algo.dll
2011-11-02 03:26 - 2011-11-02 03:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 03:26 - 2011-11-02 03:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-29 13:58 - 2011-09-29 13:58 - 00292720 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2011-09-29 13:58 - 2011-09-29 13:58 - 00079728 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2011-09-29 13:58 - 2011-09-29 13:58 - 00015728 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2014-03-22 23:49 - 2014-03-22 23:49 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-04 20:36 - 2014-03-01 22:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-04 20:36 - 2014-03-01 22:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-04 20:36 - 2014-03-01 22:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-04 20:36 - 2014-03-01 22:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-04 20:36 - 2014-03-01 22:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-04 20:36 - 2014-03-01 22:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nuance Cloud Connector.lnk => C:\Windows\pss\Nuance Cloud Connector.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: dleamon.exe => "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Dell Printers\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LauncherC1765nf => "C:\Program Files (x86)\Dell Printers\Printer SSW\Launcher\dlm1launcher.exe" /S Dell C1765nf Color MFP
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Dell Printers\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDFProHook => C:\Program Files (x86)\Dell Printers\PDFViewer\pdfpro7hook.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StatusAutoRunC1765nf => "C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1pl.exe" RUNSTART
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 - Update 'Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 - Update 'Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Proof (English) 2010 - Update 'Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Proof (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 - Update 'Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 - Update 'Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


System errors:
=============
Error: (04/07/2014 06:46:15 PM) (Source: DCOM) (User: )
Description: {71A1D2C4-D49F-426C-8352-C74A9BD1FF15}

Error: (04/07/2014 06:44:14 PM) (Source: DCOM) (User: )
Description: {641463B9-FCF9-4EDB-9A8E-235DB56F3BB0}

Error: (04/07/2014 06:41:28 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (04/07/2014 06:41:13 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater18.0.0 service failed to start due to the following error:
%%2

Error: (04/07/2014 06:15:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition.

Error: (04/07/2014 06:14:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).

Error: (04/07/2014 06:14:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition.

Error: (04/07/2014 06:14:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition.

Error: (04/07/2014 06:14:10 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition.

Error: (04/07/2014 06:13:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition.


Microsoft Office Sessions:
=========================
Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Single Image 2010Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (04/07/2014 06:15:34 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Single Image 2010Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (04/07/2014 06:14:27 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Proof (English) 2010Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (04/07/2014 06:14:20 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Proof (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Single Image 2010Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (04/07/2014 06:14:10 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Single Image 2010Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (04/07/2014 06:13:54 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Office Single Image 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
  Date: 2014-03-22 23:28:40.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-22 23:28:40.189
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-22 23:25:42.192
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-22 23:25:42.039
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-22 23:25:41.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-22 23:25:41.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-22 23:25:41.557
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-22 23:25:41.404
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\yvonne\AppData\Local\Temp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 3892.52 MB
Available physical RAM: 1975.19 MB
Total Pagefile: 7783.23 MB
Available Pagefile: 5821.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.01 GB) (Free:391.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

listing for frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by yvonne (administrator) on YVONNE-LAPTOP on 07-04-2014 18:46:17
Running from C:\Users\yvonne\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
( ) C:\Windows\system32\dleacoms.exe
() C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
(Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Commtouch, Inc.) C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-22] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -  No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  No File
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  No File
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.111.254

FireFox:
========
FF ProfilePath: C:\Users\yvonne\AppData\Roaming\Mozilla\Firefox\Profiles\fvrahd6z.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 - C:\Program Files (x86)\Dell Printers\PDFViewer\bin\nppdf.dll (Zeon Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-22]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-23]
CHR Extension: (Google Drive) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-23]
CHR Extension: (YouTube) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-28]
CHR Extension: (Google Search) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-28]
CHR Extension: (avast! Online Security) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-22]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-10-24]
CHR Extension: (Skype Click to Call) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-13]
CHR Extension: (Google Wallet) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-24]
CHR Extension: (Gmail) - C:\Users\yvonne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-22] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [1052328 2010-05-21] ( )
R2 dlea_device; C:\Windows\SysWOW64\dleacoms.exe [598696 2010-05-21] ( )
R2 DLNBDB; C:\Program Files (x86)\Dell Printers\Printer SSW\Status Monitor\dlm1db.exe [243048 2012-08-21] ()
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2011-09-29] (Gladinet, INC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe [219536 2012-06-21] (Nuance Communications, Inc.)
R2 vseamps; C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [121696 2012-08-24] (Commtouch, Inc.)
R2 vsedsps; C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [119136 2012-08-24] (Commtouch, Inc.)
R2 vseqrts; C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [181600 2012-08-24] (Commtouch, Inc.)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.)
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

R2 AMP; C:\Windows\system32\Drivers\amp.sys [173408 2012-08-24] (Commtouch, Inc.)
R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1504608 2012-08-24] (Commtouch, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-22] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-22] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-03] (AVG Technologies)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-05-29] (EldoS Corporation)
S1 FileDisk; No ImagePath
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-22] ()
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-03-23] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 18:46 - 2014-04-07 18:46 - 00017173 _____ () C:\Users\yvonne\Downloads\FRST.txt
2014-04-07 18:46 - 2014-04-07 18:46 - 00000000 ____D () C:\FRST
2014-04-07 18:45 - 2014-04-07 18:45 - 02157056 _____ (Farbar) C:\Users\yvonne\Downloads\FRST64.exe
2014-04-06 16:30 - 2014-04-06 16:30 - 00688992 _____ (Swearware) C:\Users\yvonne\Downloads\dds.scr
2014-04-06 16:30 - 2014-03-01 02:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-06 16:30 - 2014-03-01 01:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-06 16:30 - 2014-03-01 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-06 16:30 - 2014-03-01 00:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-06 16:30 - 2014-03-01 00:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-06 16:30 - 2014-03-01 00:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-06 16:30 - 2014-03-01 00:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-06 16:30 - 2014-03-01 00:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-06 16:30 - 2014-03-01 00:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-06 16:30 - 2014-03-01 00:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-06 16:30 - 2014-03-01 00:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-06 16:30 - 2014-03-01 00:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-06 16:30 - 2014-03-01 00:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-06 16:30 - 2014-03-01 00:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-06 16:30 - 2014-03-01 00:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-06 16:30 - 2014-03-01 00:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-06 16:30 - 2014-03-01 00:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-06 16:30 - 2014-02-28 23:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-06 16:30 - 2014-02-28 23:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-06 16:30 - 2014-02-28 23:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-06 16:30 - 2014-02-28 23:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-06 16:30 - 2014-02-28 23:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-06 16:30 - 2014-02-28 23:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-06 16:30 - 2014-02-28 23:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-06 16:30 - 2014-02-28 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-06 16:30 - 2014-02-28 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-06 16:30 - 2014-02-28 23:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-06 16:30 - 2014-02-28 23:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-06 16:30 - 2014-02-28 23:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-06 16:30 - 2014-02-28 23:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-06 16:30 - 2014-02-28 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-06 16:30 - 2014-02-28 23:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-06 16:30 - 2014-02-28 23:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-06 16:30 - 2014-02-28 23:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-06 16:30 - 2014-02-28 22:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-06 16:30 - 2014-02-28 22:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-06 16:30 - 2014-02-28 22:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-06 16:30 - 2014-02-28 22:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-06 16:30 - 2014-02-28 22:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-06 16:30 - 2014-02-28 22:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-06 15:54 - 2014-04-06 15:54 - 00005667 _____ () C:\Users\yvonne\Desktop\dds.zip
2014-04-06 15:54 - 2014-04-06 15:54 - 00002523 _____ () C:\Users\yvonne\Desktop\attach.zip
2014-04-06 15:53 - 2014-04-06 15:53 - 00831384 _____ () C:\Users\yvonne\Downloads\winzip180-lan_en.exe
2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-06 15:50 - 2014-04-06 15:50 - 01110476 _____ () C:\Users\yvonne\Downloads\7z920.exe
2014-04-06 15:44 - 2014-04-06 15:44 - 00021384 _____ () C:\Users\yvonne\Desktop\dds.txt
2014-04-06 15:44 - 2014-04-06 15:44 - 00008184 _____ () C:\Users\yvonne\Desktop\attach.txt
2014-04-06 15:39 - 2014-04-06 15:39 - 00688992 ____R (Swearware) C:\Users\yvonne\Downloads\dds.com
2014-04-06 15:36 - 2014-04-06 15:36 - 00000000 ____D () C:\Users\yvonne\AppData\Local\Mozilla
2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 15:34 - 2014-04-06 15:34 - 00282880 _____ (Mozilla) C:\Users\yvonne\Downloads\Firefox Setup Stub 28.0.exe
2014-03-24 03:23 - 2014-03-24 03:23 - 00000000 __SHD () C:\found.001
2014-03-24 03:12 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-23 21:24 - 2014-03-23 21:25 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu (1).exe
2014-03-23 16:40 - 2014-03-23 16:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-23 16:39 - 2014-03-23 16:40 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu.exe
2014-03-23 16:34 - 2014-03-23 16:35 - 01682336 _____ (ESET) C:\Users\yvonne\Downloads\eset_nod32_antivirus_live_installer.exe
2014-03-23 16:18 - 2014-03-23 16:26 - 00000000 ____D () C:\AdwCleaner
2014-03-23 16:16 - 2014-03-23 16:17 - 01950720 _____ () C:\Users\yvonne\Downloads\AdwCleaner.exe
2014-03-23 16:12 - 2014-03-23 16:12 - 00007466 _____ () C:\Users\yvonne\Desktop\JRT.txt
2014-03-23 16:07 - 2014-03-23 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 16:05 - 2014-03-23 16:06 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT (1).exe
2014-03-23 16:04 - 2014-03-23 16:05 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT.exe
2014-03-23 15:51 - 2014-02-06 21:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-23 15:51 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-23 15:51 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-23 15:39 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-23 15:39 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-23 15:35 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-23 15:35 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-23 14:47 - 2014-03-23 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 14:47 - 2014-03-23 15:33 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-23 14:44 - 2014-03-23 15:55 - 00000000 ____D () C:\Users\yvonne\Desktop\mbar
2014-03-23 14:44 - 2014-03-23 14:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-23 14:37 - 2014-03-23 14:41 - 12589848 _____ (Malwarebytes Corp.) C:\Users\yvonne\Downloads\mbar-1.07.0.1009.exe
2014-03-23 14:35 - 2014-03-23 14:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-23 14:33 - 2014-03-23 14:33 - 00791393 _____ (Lars Hederer ) C:\Users\yvonne\Downloads\erunt-setup.exe
2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Dropbox
2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\AVAST Software
2014-03-22 23:49 - 2014-03-22 23:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-22 23:49 - 2014-03-22 23:49 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-22 23:48 - 2014-03-22 23:48 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-22 23:47 - 2014-03-22 23:47 - 00055011 _____ () C:\ComboFix.txt
2014-03-22 23:47 - 2014-03-22 23:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-22 23:18 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-22 23:18 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-22 23:18 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-22 23:18 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-22 23:18 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-22 23:18 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-22 23:18 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-22 23:18 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-22 23:17 - 2014-03-23 14:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-22 23:17 - 2014-03-22 23:47 - 00000000 ____D () C:\Qoobox
2014-03-22 23:17 - 2014-03-22 23:47 - 00000000 ____D () C:\ComboFix
2014-03-22 23:14 - 2014-03-22 23:15 - 05190773 ____R (Swearware) C:\Users\yvonne\Downloads\ComboFix.exe
2014-03-22 23:06 - 2014-03-22 23:06 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-22 23:04 - 2014-03-22 23:04 - 00001318 _____ () C:\Windows\system32\.crusader
2014-03-22 22:58 - 2014-03-22 21:52 - 88551496 _____ (AVAST Software) C:\Users\yvonne\Desktop\avast_free_antivirus_setup.exe
2014-03-22 22:58 - 2014-03-22 21:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\yvonne\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-22 22:47 - 2014-03-22 22:47 - 00000000 ____D () C:\Windows\pss
2014-03-22 22:40 - 2014-03-22 22:40 - 00015026 _____ () C:\YVONNE-LAPTOP_2014.03.22-2237.01_86312E92-00B3-005C-00A7-0071045268B4_16388.zip
2014-03-22 22:39 - 2014-03-22 22:39 - 00000036 _____ () C:\Users\yvonne\AppData\Local\housecall.guid.cache
2014-03-22 22:28 - 2014-03-22 22:28 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Malwarebytes
2014-03-22 22:27 - 2014-03-23 23:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-22 22:27 - 2014-03-22 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 22:27 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-22 20:36 - 2014-03-22 20:36 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-22 20:30 - 2014-03-22 23:05 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 19:45 - 2014-03-22 19:45 - 00000000 ____D () C:\found.000
2014-03-13 00:25 - 2014-03-13 00:25 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\hgblcglc.zvv

==================== One Month Modified Files and Folders =======

2014-04-07 18:46 - 2014-04-07 18:46 - 00017173 _____ () C:\Users\yvonne\Downloads\FRST.txt
2014-04-07 18:46 - 2014-04-07 18:46 - 00000000 ____D () C:\FRST
2014-04-07 18:45 - 2014-04-07 18:45 - 02157056 _____ (Farbar) C:\Users\yvonne\Downloads\FRST64.exe
2014-04-07 18:45 - 2009-07-14 01:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 18:41 - 2013-12-23 16:49 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-07 18:41 - 2012-02-20 16:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 18:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 18:40 - 2009-07-14 00:51 - 00067917 _____ () C:\Windows\setupact.log
2014-04-07 18:15 - 2011-12-30 00:14 - 01940500 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 18:15 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 18:15 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 03:34 - 2012-02-20 16:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 16:30 - 2014-04-06 16:30 - 00688992 _____ (Swearware) C:\Users\yvonne\Downloads\dds.scr
2014-04-06 15:54 - 2014-04-06 15:54 - 00005667 _____ () C:\Users\yvonne\Desktop\dds.zip
2014-04-06 15:54 - 2014-04-06 15:54 - 00002523 _____ () C:\Users\yvonne\Desktop\attach.zip
2014-04-06 15:53 - 2014-04-06 15:53 - 00831384 _____ () C:\Users\yvonne\Downloads\winzip180-lan_en.exe
2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-04-06 15:51 - 2014-04-06 15:51 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-04-06 15:50 - 2014-04-06 15:50 - 01110476 _____ () C:\Users\yvonne\Downloads\7z920.exe
2014-04-06 15:44 - 2014-04-06 15:44 - 00021384 _____ () C:\Users\yvonne\Desktop\dds.txt
2014-04-06 15:44 - 2014-04-06 15:44 - 00008184 _____ () C:\Users\yvonne\Desktop\attach.txt
2014-04-06 15:39 - 2014-04-06 15:39 - 00688992 ____R (Swearware) C:\Users\yvonne\Downloads\dds.com
2014-04-06 15:36 - 2014-04-06 15:36 - 00000000 ____D () C:\Users\yvonne\AppData\Local\Mozilla
2014-04-06 15:36 - 2012-01-03 20:14 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Mozilla
2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\ProgramData\Mozilla
2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-06 15:35 - 2014-04-06 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-06 15:34 - 2014-04-06 15:34 - 00282880 _____ (Mozilla) C:\Users\yvonne\Downloads\Firefox Setup Stub 28.0.exe
2014-03-31 09:35 - 2011-12-30 14:34 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-24 03:28 - 2009-07-14 00:45 - 00417416 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 03:23 - 2014-03-24 03:23 - 00000000 __SHD () C:\found.001
2014-03-23 23:30 - 2014-03-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-23 21:25 - 2014-03-23 21:24 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu (1).exe
2014-03-23 16:40 - 2014-03-23 16:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-23 16:40 - 2014-03-23 16:39 - 02347384 _____ (ESET) C:\Users\yvonne\Downloads\esetsmartinstaller_enu.exe
2014-03-23 16:35 - 2014-03-23 16:34 - 01682336 _____ (ESET) C:\Users\yvonne\Downloads\eset_nod32_antivirus_live_installer.exe
2014-03-23 16:27 - 2009-07-14 01:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 16:26 - 2014-03-23 16:18 - 00000000 ____D () C:\AdwCleaner
2014-03-23 16:22 - 2011-12-30 14:14 - 00217360 _____ () C:\Windows\PFRO.log
2014-03-23 16:17 - 2014-03-23 16:16 - 01950720 _____ () C:\Users\yvonne\Downloads\AdwCleaner.exe
2014-03-23 16:12 - 2014-03-23 16:12 - 00007466 _____ () C:\Users\yvonne\Desktop\JRT.txt
2014-03-23 16:08 - 2014-01-05 20:11 - 00000000 ____D () C:\Program Files (x86)\BetterBrowse
2014-03-23 16:07 - 2014-03-23 16:07 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 16:06 - 2014-03-23 16:05 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT (1).exe
2014-03-23 16:05 - 2014-03-23 16:04 - 01037734 _____ (Thisisu) C:\Users\yvonne\Downloads\JRT.exe
2014-03-23 15:55 - 2014-03-23 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-23 15:55 - 2014-03-23 14:44 - 00000000 ____D () C:\Users\yvonne\Desktop\mbar
2014-03-23 15:33 - 2014-03-23 14:47 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-23 14:44 - 2014-03-23 14:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-23 14:41 - 2014-03-23 14:37 - 12589848 _____ (Malwarebytes Corp.) C:\Users\yvonne\Downloads\mbar-1.07.0.1009.exe
2014-03-23 14:36 - 2014-03-22 23:17 - 00000000 ____D () C:\Windows\erdnt
2014-03-23 14:35 - 2014-03-23 14:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-03-23 14:33 - 2014-03-23 14:33 - 00791393 _____ (Lars Hederer ) C:\Users\yvonne\Downloads\erunt-setup.exe
2014-03-23 14:32 - 2013-08-20 11:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-23 14:29 - 2011-12-30 16:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-23 01:20 - 2012-06-04 21:48 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 01:20 - 2011-12-30 00:28 - 00000000 ____D () C:\Users\yvonne
2014-03-23 01:20 - 2009-07-13 23:20 - 00000000 __RSD () C:\Windows\Media
2014-03-23 01:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-23 01:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-03-23 01:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-03-23 01:18 - 2012-06-04 21:48 - 00000000 ____D () C:\ProgramData\Skype
2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Dropbox
2014-03-22 23:55 - 2014-03-22 23:55 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\AVAST Software
2014-03-22 23:49 - 2014-03-22 23:49 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-22 23:49 - 2014-03-22 23:49 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-22 23:49 - 2014-03-22 23:49 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-22 23:48 - 2014-03-22 23:48 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-22 23:47 - 2014-03-22 23:47 - 00055011 _____ () C:\ComboFix.txt
2014-03-22 23:47 - 2014-03-22 23:47 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-22 23:47 - 2014-03-22 23:17 - 00000000 ____D () C:\Qoobox
2014-03-22 23:47 - 2014-03-22 23:17 - 00000000 ____D () C:\ComboFix
2014-03-22 23:47 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-03-22 23:36 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-22 23:15 - 2014-03-22 23:14 - 05190773 ____R (Swearware) C:\Users\yvonne\Downloads\ComboFix.exe
2014-03-22 23:06 - 2014-03-22 23:06 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-22 23:05 - 2014-03-22 20:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 23:04 - 2014-03-22 23:04 - 00001318 _____ () C:\Windows\system32\.crusader
2014-03-22 22:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-22 22:47 - 2014-03-22 22:47 - 00000000 ____D () C:\Windows\pss
2014-03-22 22:45 - 2013-10-19 21:39 - 00000000 ____D () C:\Users\yvonne\AppData\Local\gladinet
2014-03-22 22:45 - 2011-12-30 20:32 - 00103822 _____ () C:\ProgramData\dleascan.log
2014-03-22 22:40 - 2014-03-22 22:40 - 00015026 _____ () C:\YVONNE-LAPTOP_2014.03.22-2237.01_86312E92-00B3-005C-00A7-0071045268B4_16388.zip
2014-03-22 22:39 - 2014-03-22 22:39 - 00000036 _____ () C:\Users\yvonne\AppData\Local\housecall.guid.cache
2014-03-22 22:28 - 2014-03-22 22:28 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Malwarebytes
2014-03-22 22:27 - 2014-03-22 22:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 22:27 - 2012-06-04 21:48 - 00000000 ____D () C:\Users\yvonne\AppData\Roaming\Skype
2014-03-22 21:52 - 2014-03-22 22:58 - 88551496 _____ (AVAST Software) C:\Users\yvonne\Desktop\avast_free_antivirus_setup.exe
2014-03-22 21:20 - 2014-03-22 22:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\yvonne\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-22 20:36 - 2014-03-22 20:36 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-22 19:45 - 2014-03-22 19:45 - 00000000 ____D () C:\found.000
2014-03-13 00:25 - 2014-03-13 00:25 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\hgblcglc.zvv

Files to move or delete:
====================
C:\ProgramData\hgblcglc.zvv


Some content of TEMP:
====================
C:\Users\yvonne\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-06 16:49

==================== End Of Log ============================

Link to post
Share on other sites

Hi bluffwood,

Download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-----------------------------
  • Press the windows keyWindows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop as fixlist.txt
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =BHO-x32: No Name - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - No FileBHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No FileBHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No FileToolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No FileHandler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No FileHandler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  No FileHandler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No FileHandler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No FileHandler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  No FileHandler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  No FileHandler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  No FileHandler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No FileHandler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No FileHandler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No FileHandler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  No FileHandler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No FileHandler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  No FileHandler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No FileHandler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No FileHandler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  No FileHandler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No FileFilter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No FileFilter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No FileFilter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No FileFilter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No FileFilter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No FileTask: {075EE03F-838E-4C28-8B4F-4500D209E6C7} - \weDownload Manager Pro-chromeinstaller No Task FileTask: {6915E614-4FF8-4316-84BA-7BA34BD4A6CC} - \weDownload Manager Pro-firefoxinstaller No Task FileTask: {9372897B-1001-44E8-ADDB-799AB31CDBA6} - \weDownload Manager Pro-enabler No Task FileTask: {B5C133C2-81FD-4535-BB4B-0E17D344AB1B} - \weDownload Manager Pro-codedownloader No Task FileTask: {BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} - \weDownload Manager Pro-updater No Task FileTask: {BFC1AFE7-8F30-4ABD-9995-D514FE819526} - \LaunchApp No Task FileC:\ProgramData\hgblcglc.zvvC:\Users\yvonne\AppData\Local\Temp\Quarantine.exeS2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
 

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

 

Run FRST  and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

 

Note: If the tool warned you about an outdated version please download and run the updated version.

-----------------------------

Download TFC by OldTimer to your Desktop.

  • Please double-click TFC.exe to run it.
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

    Let it run uninterrupted till it has finished.

  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine to ensure a complete clean.
-----------------------------

You are running an outdated version of Malwarebytes Anti-Malware.

To update from within the program, open MBAM, select the Update tab and click the 'Click here to find out more and check it out!' link - see image.

MB_screenshot1.jpg

To update via the website follow this link http://www.malwarebytes.org/update/

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, click the Quarantine All button.
  • While still on the Scan tab, click the Export Log button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:

If asked to restart the computer, please do so immediately.

-----------------------------

In your next reply, please post the following.

  • checkup.txt
  • Fixlog.txt
  • MBAM Log
Link to post
Share on other sites

checkup.txt:

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

 

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-04-2014 01
Ran by yvonne at 2014-04-13 01:31:34 Run:1
Running from C:\Users\yvonne\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - No File
BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File
BHO-x32: No Name - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No File
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  No File
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  No File
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Task: {075EE03F-838E-4C28-8B4F-4500D209E6C7} - \weDownload Manager Pro-chromeinstaller No Task File
Task: {6915E614-4FF8-4316-84BA-7BA34BD4A6CC} - \weDownload Manager Pro-firefoxinstaller No Task File
Task: {9372897B-1001-44E8-ADDB-799AB31CDBA6} - \weDownload Manager Pro-enabler No Task File
Task: {B5C133C2-81FD-4535-BB4B-0E17D344AB1B} - \weDownload Manager Pro-codedownloader No Task File
Task: {BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} - \weDownload Manager Pro-updater No Task File
Task: {BFC1AFE7-8F30-4ABD-9995-D514FE819526} - \LaunchApp No Task File
C:\ProgramData\hgblcglc.zvv
C:\Users\yvonne\AppData\Local\Temp\Quarantine.exe
S2 vToolbarUpdater18.0.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [X]
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{551A852F-39A6-44A7-9C13-AFBEC9185A9D} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\about => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\cdl => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3dd53d40-7b8b-11D0-b013-00aa0059ce02} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\dvd => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{12D51199-0DB5-46FE-A120-47A3D7D937CC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\file => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e7-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\ftp => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e3-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\http => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e2-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\https => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e5-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\its => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\javascript => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\local => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e7-baf9-11ce-8c82-00aa004ba90b} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\mailto => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\mhtml => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{05300401-BCBC-11d0-85E3-00C04FD85AB4} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\mk => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{79eac9e6-baf9-11ce-8c82-00aa004ba90b} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\ms-its => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\res => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\tv => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\vbscript => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/octet-stream => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-complus => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\application/x-msdownload => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\ica => Key not found.
HKCR\Wow6432Node\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{807573E5-5146-11D5-A672-00B0D022E945} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{075EE03F-838E-4C28-8B4F-4500D209E6C7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{075EE03F-838E-4C28-8B4F-4500D209E6C7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6915E614-4FF8-4316-84BA-7BA34BD4A6CC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6915E614-4FF8-4316-84BA-7BA34BD4A6CC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9372897B-1001-44E8-ADDB-799AB31CDBA6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9372897B-1001-44E8-ADDB-799AB31CDBA6} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5C133C2-81FD-4535-BB4B-0E17D344AB1B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5C133C2-81FD-4535-BB4B-0E17D344AB1B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD98F5BE-A6C2-41F1-AECE-F530B6BB8975} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\weDownload Manager Pro-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BFC1AFE7-8F30-4ABD-9995-D514FE819526} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFC1AFE7-8F30-4ABD-9995-D514FE819526} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
C:\ProgramData\hgblcglc.zvv => Moved successfully.
C:\Users\yvonne\AppData\Local\Temp\Quarantine.exe => Moved successfully.
vToolbarUpdater18.0.0 => Service deleted successfully.

==== End of Fixlog ====
 

Link to post
Share on other sites

Hi bluffwood,

 

I did find this, to do a manual uninstall of system mechanic. But I opted not to anything without checking with you first.

 

http://www.iolo.com/customercare/PrintArticle.aspx?id=KBA-02081

I saw that link earlier but it references System Mechanic 9 & 10. You have version 11 installed so I am not sure if that article applies to you.

The Bitdefender Rescue CD is a bootable CD based version of Bitdefender Antivirus.

The download is in ISO format.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

There is a tutorial on running it at How to Use the BitDefender Rescue CD to Clean Your Infected PC

Download the Bitdefender Rescue CD:

http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso

  • Burn the Bitdefender Rescue CD ISO image to CD.
  • Insert the Bitdefender Rescue CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive).
  • Select "Start Bitdefender Rescue CD in English", then press Enter
  • Once the graphical interface starts, select "Continue"
  • Bitdefender Update will start automatically.
  • When finished updating, scanning will start automatically.
  • When finished scanning, if threats were detected, double-click the Desktop icon "Scan Logs".
  • In the window that opens, double-click the log file and open it with Firefox browser.
  • To save the log, go to File > Save Page As, enter a file name you will remember such as BDSCAN.TXT, then in the "Save in folder" field select your system drive, and click "Save".
  • The log will save in the root of your system drive (C:\).
  • Close the scanner, Restart your system, and post the log in your next reply.
Link to post
Share on other sites

Here is the log:

 

====================================================
= Logging started on Tue 15 Apr 2014 09:38:50 AM UTC
====================================================

List of objects to be scanned:
   - /run/media/livecd/DellUtility
   - /run/media/livecd/907A32997A327BD2
   - /run/media/livecd/RECOVERY

Object '/run/media/livecd/907A32997A327BD2/Users/yvonne/Downloads/winzip180-lan_en.exe' is infected with 'Gen:Trojan.Heur2.GZ.YGZ@bCYURdai'
Object '/run/media/livecd/907A32997A327BD2/FRST/Quarantine/C/ProgramData/hgblcglc.zvv.xBAD' is infected with 'Trojan.Generic.11029940'

==================================================
= Applying actions
==================================================
Object '/run/media/livecd/907A32997A327BD2/FRST/Quarantine/C/ProgramData/hgblcglc.zvv.xBAD' has been deleted
Object '/run/media/livecd/907A32997A327BD2/Users/yvonne/Downloads/winzip180-lan_en.exe' has been deleted
 

Link to post
Share on other sites

Hi bluffwood,

Download GMER from the following link by clicking the button that says Download EXE:
http://www.gmer.net/

Double-click the randomly named EXE to run the program.

Please close any open programs/windows!

Open the program and click on the Rootkit/Malware tab.

Make sure all the boxes on the right of the screen are checked, apart from 'Show All'.
2wg8via.gif

Click on Scan (1).
jijosi.gif

When the scan has run click Copy (2) and paste the results (if any) into this thread.

------------------------------------------------

  • Click on the Start button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following command into it, press Enter.

    sfc /scannow

    Wait for this to finish before you continue
  • Copy and paste the following command, press Enter.

    findstr /c:"[sR]" %windir%\logs\cbs\cbs.log > %userprofile%\Desktop\sfc.txt

That will create sfc.txt on your Desktop. Please attach sfc.txt to your next post:

  • Open Reply window. Click 'More Reply Options'.
  • Go to the end of your text (if any).
  • Under 'Attach Files' click 'Choose Files..'
  • For 'File name' paste this: %userprofile%\Desktop\sfc.txt
  • Click the 'Add to Post' link which will appear on the right when the file has been uploaded.
  • Click 'Add Reply'.

Please post the GMER log and the sfc.txt in your next reply.

Link to post
Share on other sites

gmer:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-16 07:09:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.D005DEM1 465.76GB
Running: o6e6bihy.exe; Driver: C:\Users\yvonne\AppData\Local\Temp\awdiqkow.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                                                                  fffff80002e02000 52 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 582                                                                                                                                                                                                  fffff80002e02036 27 bytes [FF, FF, FF, FF, FF, FF, FF, ...]
 
---- User code sections - GMER 2.1 ----
 
.text     C:\Windows\system32\wininit.exe[484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                          0000000076f2ef8d 1 byte [62]
.text     C:\Windows\system32\services.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                         0000000076f2ef8d 1 byte [62]
.text     C:\Windows\system32\winlogon.exe[636] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                         0000000076f2ef8d 1 byte [62]
.text     C:\Windows\System32\svchost.exe[952] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                          0000000076f2ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[1012] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                         0000000076f2ef8d 1 byte [62]
.text     C:\Windows\system32\svchost.exe[296] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                          0000000076f2ef8d 1 byte [62]
.text     C:\Windows\system32\WLANExt.exe[1136] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                         0000000076f2ef8d 1 byte [62]
.text     C:\Windows\System32\spoolsv.exe[1400] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                         0000000076f2ef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                            000000007676a2fd 1 byte [62]
.text     C:\Windows\Explorer.EXE[1800] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                                 0000000076f2ef8d 1 byte [62]
.text     C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE[1244] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189                                                                                                                                                           0000000076f2ef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2364] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                            000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                              000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2492] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                         000000007676a2fd 1 byte [62]
.text     C:\Windows\system32\dleacoms.exe[2612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                        0000000076f2ef8d 1 byte [62]
.text     C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe[2728] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                 000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Dell Printers\PaperPort\PDFProFiltSrvPP.exe[2864] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                      000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[908] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                            000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[3144] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                          000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                  000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                0000000075911465 2 bytes [91, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                               00000000759114bb 2 bytes [91, 75]
.text     ...                                                                                                                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[3576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                           000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[3576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                                                                                         0000000075911465 2 bytes [91, 75]
.text     C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[3576] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                                                                                        00000000759114bb 2 bytes [91, 75]
.text     ...                                                                                                                                                                                                                                                                 * 2
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[3052] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                          000000007676a2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[3080] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                          000000007676a2fd 1 byte [62]
.text     C:\Windows\servicing\TrustedInstaller.exe[3032] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                               0000000076f2ef8d 1 byte [62]
.text     C:\Windows\system32\msiexec.exe[1080] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                                                                         0000000076f2ef8d 1 byte [62]
.text     C:\Users\yvonne\Downloads\o6e6bihy.exe[2988] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                                                                                  000000007676a2fd 1 byte [62]
 
---- Threads - GMER 2.1 ----
 
Thread    C:\Windows\System32\svchost.exe [3116:3476]                                                                                                                                                                                                                         000007fef1829688
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4896:4848]                                                                                                                                                                                                      000007fefb212a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4896:3540]                                                                                                                                                                                                      000007feedfe4830
---- Processes - GMER 2.1 ----
 
Library   C:\Program Files (x86)\Nuance\Nuance Cloud Connector\LIBEAY32.dll (*** suspicious ***) @ C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2728] (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)(2011-06-27 04:22:06)  0000000000590000
 
---- EOF - GMER 2.1 ----
 
Link to post
Share on other sites

No.  And but I got a screen print.

 

I just tried a reinstall of mbam, and it's been spinning a disc for half hour. This happens a lot. a forced power off and reboot and I can try the install again.

 

this spinning disc - getting nothing done -- occurs anytime the system has been running a while. But no error msgs.

 

After the boot, the mbam install goes most of the way thru, including "accept the agreement" extracting the files... then a window with the header "setup"  says CoCreateInstance failed; code 0x80040154. Class not registered.

I get two more errors (attached also).  In the start mendu I have a Malwarebytes Anti-Malware folder, containing a Tools folder which is empty.  Nothing but the folder within a folder.

post-159113-0-96645400-1397784516_thumb.

post-159113-0-44641100-1397784521_thumb.

post-159113-0-57957000-1397784528_thumb.

Link to post
Share on other sites

Hi bluffwood,

I am sorry about the delay, was pulled out of town for a family emergency.

Please download the Windows Repair (All In One) tool.

  • Check the box for 03 - Register System Files
  • Then check the box on the right for Restart/Chutdown System When Finished and make sure that Restart System is selected.
  • Press the Start button.
  • Once the tool is done, please make sure to view and paste the logs into your response.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.