Previous solution didn't work [Archive]

View Full Version : Previous solution didn't work

ken.kingwell

2014-10-18, 01:40

A couple of weeks ago, I posted request for assistance removing malware. I recieved response and followed directions. Admin edit: http://forums.spybot.info/showthread.php?71134-Help-Cant-id-or-remove-this-malware They did not match my system or software, so I was unable to accomplish anything. I have Windows Vista, IE 8, and Chrome. Here's the scan results.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-09-2014
Ran by Valued Customer (administrator) on VALUEDCUSTOM-PC on 29-09-2014 22:49:10
Running from C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPACG0ZK
Loaded Profile: Valued Customer (Available profiles: Valued Customer)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
( ) C:\Windows\System32\dldwcoms.exe
( ) C:\Windows\System32\dleacoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
() C:\monitor.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(MyOSCompany) C:\Program Files\Web Protect\MyOSProtect.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Dell V505\dldwmon.exe
() C:\Program Files\Dell V310-V510 Series\dleamon.exe
() C:\Program Files\Dell V310-V510 Series\ezprint.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Valued Customer\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files\Dell V505\dldwmsdmon.exe
(Akamai Technologies, Inc.) C:\Users\Valued Customer\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Farbar) C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPACG0ZK\FRST[1].exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [dldwmon.exe] => C:\Program Files\Dell V505\dldwmon.exe [677104 2008-06-05] ()
HKLM\...\Run: [dldwamon] => C:\Program Files\Dell V505\dldwamon.exe [16624 2008-06-05] ()
HKLM\...\Run: [dleamon.exe] => C:\Program Files\Dell V310-V510 Series\dleamon.exe [771432 2012-11-27] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Dell V310-V510 Series\ezprint.exe [140648 2012-11-27] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\avldr: avldr.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Valued Customer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1563440 2014-05-28] (Samsung)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-06-14] (Samsung Electronics)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [4287536 2013-08-03] ()
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Valued Customer\AppData\Local\Smartbar\Application\QuickShare.exe startup
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3317187&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB7BCFC99-B659-49F8-BA44-E2FAFD9E18F4&q={searchTerms}&SSPV=
SearchScopes: HKCU - {3ACD5582-B058-430F-A7AA-2E2A7DA2B28C} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {EDCE59AB-557F-49B2-A7C8-CC89CAC1B6CC} URL = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
BHO: SDHelper -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 29 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Valued Customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-01]

Chrome:
=======
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR CustomProfile: C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (QuickShare Widget) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-12-21]
CHR Extension: (Google Drive) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-02]
CHR Extension: (Google Search) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-02]
CHR Extension: (Dragon Eternity) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlcdemkogmboaddomippjbfokkedaoh [2014-02-15]
CHR Extension: (Google Wallet) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-09] (BitRaider, LLC)
R2 dldw_device; C:\Windows\system32\dldwcoms.exe [594600 2009-07-24] ( )
S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dleaserv.exe [193192 2010-05-21] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [598696 2010-05-21] ( )
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-02-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKslf0eb3923; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84C089A3-4955-418F-8F7D-80A3E761C79D}\MpKslf0eb3923.sys [39464 2014-09-29] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [380928 2008-05-13] (IDT, Inc.) [File not signed]
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 22:47 - 2014-09-29 22:49 - 00000000 ____D () C:\FRST
2014-09-29 22:44 - 2014-09-29 22:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VALUEDCUSTOM-PC-Microsoft®-Windows-Vista™-Business-(32-bit).dat
2014-09-29 22:43 - 2014-09-29 22:43 - 00000000 ____D () C:\RegBackup
2014-09-29 22:38 - 2014-09-29 22:38 - 01346048 _____ (Indigo Rose Corporation) C:\Users\Valued Customer\Desktop\uninstall.exe
2014-09-29 22:38 - 2014-09-29 22:38 - 00325960 _____ () C:\Users\Valued Customer\Desktop\lua5.1.dll
2014-09-29 22:38 - 2014-09-29 22:38 - 00001506 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-29 22:38 - 2014-09-29 22:38 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Uninstall
2014-09-29 22:38 - 2014-09-29 22:38 - 00000000 ____D () C:\Users\Valued Customer\Desktop\files
2014-09-29 22:38 - 2014-09-29 22:38 - 00000000 ____D () C:\Users\Valued Customer\Desktop\color_presets
2014-09-29 22:38 - 2014-09-29 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-28 09:47 - 2014-09-28 09:49 - 118953720 _____ (Microsoft Corporation) C:\Users\Valued Customer\Documents\msert.exe
2014-09-28 09:43 - 2014-09-28 09:43 - 11447608 _____ (Microsoft Corporation) C:\Users\Valued Customer\Documents\mseinstall.exe
2014-09-27 11:21 - 2014-09-27 11:21 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-23 22:48 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 18:31 - 2014-08-25 16:02 - 00852960 _____ (Tweaking.com) C:\Users\Valued Customer\Desktop\TweakingImgCtl.ocx
2014-09-17 20:00 - 2014-09-17 20:00 - 00009744 _____ () C:\Windows\system32\MyOSProtect.ini
2014-09-17 20:00 - 2014-09-17 20:00 - 00002312 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-09-17 20:00 - 2014-09-01 14:29 - 00019840 _____ () C:\Windows\system32\Drivers\pcwatch.sys
2014-09-17 20:00 - 2014-09-01 14:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-17 19:59 - 2014-09-27 12:27 - 00000000 ____D () C:\Program Files\Web Protect
2014-09-17 19:57 - 2014-09-17 19:57 - 00083312 _____ (Premium Installer ) C:\Users\Valued Customer\Downloads\fl_setup.exe
2014-09-12 00:12 - 2014-08-18 21:46 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 00:12 - 2014-08-18 21:46 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 00:12 - 2014-08-18 21:46 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-12 00:12 - 2014-08-18 21:44 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-12 00:12 - 2014-08-18 21:41 - 06003200 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 00:12 - 2014-08-18 21:41 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-09-12 00:12 - 2014-08-18 21:41 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 00:12 - 2014-08-18 21:41 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 00:12 - 2014-08-18 21:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-12 00:12 - 2014-08-18 21:40 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 00:12 - 2014-08-18 21:40 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-12 00:12 - 2014-08-18 21:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 11082752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 00:12 - 2014-08-18 21:39 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 00:12 - 2014-08-18 21:38 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-09-12 00:12 - 2014-08-18 20:10 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-12 00:12 - 2014-08-18 18:33 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 00:12 - 2014-08-18 18:33 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 00:12 - 2014-08-18 18:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-12 00:12 - 2014-08-18 18:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe
2014-09-02 15:55 - 2014-09-02 15:55 - 00034244 _____ () C:\monitorsvc.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-29 22:50 - 2013-08-03 23:46 - 00000000 ____D () C:\Users\Valued Customer\AppData\Local\PMB Files
2014-09-29 22:48 - 2006-11-02 08:47 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-29 22:48 - 2006-11-02 08:47 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-29 22:45 - 2012-05-17 22:51 - 00000679 _____ () C:\Users\Valued Customer\Desktop\Settings.ini
2014-09-29 22:21 - 2012-12-02 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-29 22:13 - 2012-12-02 11:41 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-29 20:14 - 2008-01-20 21:39 - 01878803 _____ () C:\Windows\WindowsUpdate.log
2014-09-29 20:12 - 2013-01-01 20:21 - 00063558 _____ () C:\ProgramData\dleascan.log
2014-09-29 20:11 - 2013-01-21 12:54 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-09-29 20:11 - 2012-12-02 11:41 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-29 20:06 - 2006-11-02 06:33 - 00835364 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 19:59 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 22:54 - 2006-11-02 09:01 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-28 11:48 - 2013-01-21 12:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-28 09:45 - 2012-12-02 12:18 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-09-27 13:46 - 2013-08-26 22:34 - 00000000 ____D () C:\Users\Valued Customer\AppData\Local\GQWeb
2014-09-27 12:48 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-09-27 12:30 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-27 12:29 - 2006-11-02 06:22 - 48234496 _____ () C:\Windows\system32\config\software_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 23330816 _____ () C:\Windows\system32\config\system_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-27 12:28 - 2012-05-02 16:26 - 00000000 ____D () C:\Users\Valued Customer
2014-09-27 12:27 - 2013-08-03 23:46 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-27 12:27 - 2012-12-02 10:37 - 00000000 ____D () C:\Users\Valued Customer\AppData\Local\Akamai
2014-09-27 12:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-27 12:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-09-27 12:13 - 2012-12-02 11:55 - 00034093 _____ () C:\Windows\IE9_main.log
2014-09-27 11:21 - 2012-12-02 16:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-27 11:21 - 2012-12-02 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 20:08 - 2012-05-02 18:59 - 01401824 _____ (Tweaking.com) C:\Users\Valued Customer\Desktop\TweakingRegistryBackup.exe
2014-09-23 18:31 - 2012-05-02 18:58 - 00005845 _____ () C:\Users\Valued Customer\Desktop\TweakingRegistryBackup.exe.manifest
2014-09-22 02:41 - 2012-12-01 23:24 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-17 19:15 - 2012-12-02 11:41 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-17 19:15 - 2012-12-02 11:41 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-14 20:16 - 2014-06-12 10:06 - 00001981 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-13 11:47 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 00:21 - 2012-12-01 16:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 00:19 - 2013-07-15 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 00:14 - 2006-11-02 06:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-12 00:13 - 2012-12-02 12:17 - 00001836 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 00:13 - 2012-12-02 12:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client

Files to move or delete:
====================
C:\Users\Valued Customer\random.dat

Some content of TEMP:
====================
C:\Users\Valued Customer\AppData\Local\Temp\ose00000.exe
C:\Users\Valued Customer\AppData\Local\Temp\ose00001.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-29 20:15

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-09-2014
Ran by Valued Customer at 2014-09-29 22:50:05
Running from C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPACG0ZK
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
Dell V505 (HKLM\...\Dell V505) (Version: - Dell, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GradeQuick Web Plugin (HKLM\...\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}) (Version: 1.00.0000 - Edline)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5902.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
K-Lite Codec Pack 6.2.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 6.2.0 - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Panda Antivirus Pro 2013 (Version: 12.00.01 - Panda Security) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.7.0.0 - Pando Networks Inc.)
QuickShare (HKLM\...\{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}) (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.0 - Tweaking.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Web Protect for Windows (HKLM\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Valued Customer\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

19-09-2014 01:26:12 Scheduled Checkpoint
22-09-2014 02:33:42 Windows Update
22-09-2014 23:42:30 Scheduled Checkpoint
24-09-2014 02:47:41 Windows Update
27-09-2014 15:32:39 Windows Update
27-09-2014 16:11:42 Windows Update
27-09-2014 16:24:50 Restore Operation
27-09-2014 16:41:47 Windows Update
28-09-2014 13:38:33 Scheduled Checkpoint
28-09-2014 14:22:42 Microsoft Antimalware Checkpoint
29-09-2014 02:42:12 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-09-28 13:43 - 00450628 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 www.123moviedownload.com (http://www.123moviedownload.com)
127.0.0.1 www.123simsen.com (http://www.123simsen.com)
127.0.0.1 123simsen.com
127.0.0.1 www.123topsearch.com (http://www.123topsearch.com)
127.0.0.1 123topsearch.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3AA4CFCD-8073-4A3E-94DF-B248ACEEBC7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {441B57FC-69C6-42A5-A41C-523DE993C6C4} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5836FF26-3E9D-4548-BB43-982230494B04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {786ACB0D-BF7A-428E-AC04-93519C9306FE} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {AD3E0A82-9A4E-40F5-BBE9-9C8830B9A15C} - System32\Tasks\Installation App Launcher => C:\Program Files\Dell V505\dldwamon.exe [2008-06-05] ()
Task: {D3063372-8F10-42B4-AF3B-D0E8129A5EF5} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ED63E97E-99AD-434B-B4D0-F344C51A7A27} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {F8FEA8B7-9AC3-4225-AD2A-162EDEE4D13A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FEF4CC27-EABD-4AA6-AE87-AC77F39A91A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-01-01 20:23 - 2009-11-04 09:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dleadrpp.dll
2012-12-02 16:52 - 2009-07-02 13:41 - 00155648 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldwdrpp.dll
2013-01-01 20:20 - 2009-11-26 04:49 - 00086180 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleaCFG.dll
2013-01-01 20:21 - 2009-05-18 09:29 - 00819200 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleaptpc.dll
2013-01-01 20:21 - 2009-11-04 09:14 - 00165376 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleadrui.dll
2013-01-01 20:21 - 2009-11-09 04:06 - 00159744 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleaPRPR.DLL
2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-02 15:55 - 2014-09-02 15:55 - 00487483 _____ () C:\monitor.exe
2013-01-21 12:53 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-21 12:53 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-21 12:53 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-21 12:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-21 12:53 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-01-21 12:53 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-09-03 19:26 - 2014-09-03 19:26 - 00823296 _____ () C:\Program Files\web protect\pcproxydll.dll
2012-12-02 16:47 - 2008-06-05 00:49 - 00677104 _____ () C:\Program Files\Dell V505\dldwmon.exe
2012-12-02 16:47 - 2008-05-28 17:37 - 00380928 _____ () C:\Program Files\Dell V505\dldwscw.dll
2012-12-02 16:47 - 2008-04-25 02:44 - 00077906 _____ () C:\Program Files\Dell V505\dldwcfg.dll
2008-03-10 07:30 - 2008-03-10 12:30 - 00188416 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldwdatr.dll
2012-12-02 16:47 - 2008-05-28 17:37 - 01036288 _____ () C:\Program Files\Dell V505\dldwDRS.dll
2012-12-02 16:47 - 2008-04-23 03:53 - 00081920 _____ () C:\Program Files\Dell V505\dldwcaps.dll
2012-12-02 16:47 - 2008-02-26 15:24 - 00069632 _____ () C:\Program Files\Dell V505\dldwcnv4.dll
2012-12-02 16:47 - 2008-04-23 03:51 - 00151552 _____ () C:\Program Files\Dell V505\dldwmonr.dll
2013-01-01 20:20 - 2012-11-27 02:04 - 00771432 _____ () C:\Program Files\Dell V310-V510 Series\dleamon.exe
2013-01-01 20:20 - 2009-11-26 04:49 - 00086180 _____ () C:\Program Files\Dell V310-V510 Series\dleacfg.dll
2013-01-01 20:20 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files\Dell V310-V510 Series\dleascw.dll
2013-01-01 20:21 - 2009-05-27 08:16 - 00192512 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dleadatr.dll
2013-01-01 20:20 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files\Dell V310-V510 Series\dleaDRS.dll
2013-01-01 20:20 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Dell V310-V510 Series\dleacaps.dll
2013-01-01 20:20 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
2013-01-01 20:19 - 2009-02-20 04:49 - 00299008 _____ () C:\Windows\system32\dleasm.dll
2013-01-01 20:19 - 2009-02-20 04:50 - 00028672 _____ () C:\Windows\system32\dleasmr.dll
2013-01-01 20:20 - 2012-11-27 02:04 - 00140648 _____ () C:\Program Files\Dell V310-V510 Series\ezprint.exe
2013-01-01 20:20 - 2009-06-22 09:08 - 00708608 _____ () C:\Program Files\Dell V310-V510 Series\Epwizard.DLL
2013-01-01 20:20 - 2009-06-22 09:06 - 00159744 _____ () C:\Program Files\Dell V310-V510 Series\customui.dll
2013-01-01 20:20 - 2009-06-22 09:06 - 00114688 _____ () C:\Program Files\Dell V310-V510 Series\Eputil.DLL
2013-01-01 20:20 - 2009-06-22 09:05 - 00139264 _____ () C:\Program Files\Dell V310-V510 Series\Imagutil.DLL
2013-01-01 20:20 - 2009-06-22 09:06 - 00061440 _____ () C:\Program Files\Dell V310-V510 Series\Epfunct.DLL
2013-01-01 20:20 - 2009-06-22 09:08 - 02203648 _____ () C:\Program Files\Dell V310-V510 Series\EPWizRes.dll
2013-01-01 20:20 - 2009-06-22 09:08 - 00045056 _____ () C:\Program Files\Dell V310-V510 Series\epstring.dll
2013-01-01 20:20 - 2009-06-22 09:08 - 00196608 _____ () C:\Program Files\Dell V310-V510 Series\EPOEMDll.dll
2013-01-01 20:20 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Dell V310-V510 Series\iptk.dll
2013-01-01 20:20 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Dell V310-V510 Series\dleaptp.dll
2014-08-15 23:19 - 2014-08-15 23:19 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\ed1197fe02762518125a11bcbaf4aec8\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-08-15 23:20 - 2014-08-15 23:20 - 14993920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\88c30f838ad0171abbb8852dd688e860\Kies.Theme.ni.dll
2014-08-15 23:19 - 2014-08-15 23:19 - 01865728 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\de83f360e8e92e77c6157948ccce5344\Kies.UI.ni.dll
2014-08-15 23:19 - 2014-08-15 23:19 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\d514a508ff489131cfacd7b64e9575a4\Kies.MVVM.ni.dll
2014-02-13 20:47 - 2014-02-13 20:47 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2013-08-03 23:45 - 2013-08-03 23:46 - 04287536 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2012-12-02 16:47 - 2008-06-05 00:49 - 00025840 _____ () C:\Program Files\Dell V505\dldwMsdMon.exe
2012-12-02 16:47 - 2008-05-19 01:58 - 00028672 _____ () C:\Program Files\Dell V505\App4R.Monitor.Common.dll
2012-12-02 16:47 - 2008-05-19 01:58 - 00036864 _____ () C:\Program Files\Dell V505\App4R.Monitor.Core.dll
2012-12-02 16:47 - 2008-05-19 01:57 - 00065536 _____ () C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
2012-12-02 16:47 - 2008-03-25 04:53 - 00012288 _____ () C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
2014-09-29 20:12 - 2014-09-29 20:12 - 00098816 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32api.pyd
2014-09-29 20:13 - 2014-09-29 20:13 - 00110080 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\pywintypes27.dll
2014-09-29 20:12 - 2014-09-29 20:12 - 00364544 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\pythoncom27.dll
2014-09-29 20:12 - 2014-09-29 20:12 - 00045568 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\_socket.pyd
2014-09-29 20:13 - 2014-09-29 20:13 - 01160704 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\_ssl.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00320512 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32com.shell.shell.pyd
2014-09-29 20:13 - 2014-09-29 20:13 - 00713216 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\_hashlib.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 01175040 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._core_.pyd
2014-09-29 20:13 - 2014-09-29 20:13 - 00805888 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._gdi_.pyd
2014-09-29 20:12 - 2014-09-29 20:13 - 00811008 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._windows_.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 01062400 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._controls_.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00735232 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._misc_.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00128512 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\_elementtree.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00127488 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\pyexpat.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00557056 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\pysqlite2._sqlite.pyd
2014-09-29 20:13 - 2014-09-29 20:13 - 00007168 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\hashobjs_ext.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00087552 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\_ctypes.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00119808 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32file.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00108544 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32security.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00018432 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32event.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00038912 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32inet.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00070656 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._html2.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00167936 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32gui.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00011264 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32crypt.pyd
2014-09-29 20:13 - 2014-09-29 20:13 - 00027136 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\_multiprocessing.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00686080 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\unicodedata.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00122368 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._wizard.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00010240 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\select.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00024064 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32pipe.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00025600 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32pdh.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00525640 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\windows._lib_cacheinvalidation.pyd
2014-09-29 20:11 - 2014-09-29 20:12 - 00035840 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32process.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00017408 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32profile.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00022528 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\win32ts.pyd
2014-09-29 20:12 - 2014-09-29 20:12 - 00078336 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI47122\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4440A77E
AlternateDataStreams: C:\ProgramData\TEMP:9D76B46F

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2702734608-1330795866-846813408-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2702734608-1330795866-846813408-1003 - Limited - Enabled)
Guest (S-1-5-21-2702734608-1330795866-846813408-501 - Limited - Disabled)
Valued Customer (S-1-5-21-2702734608-1330795866-846813408-1000 - Administrator - Enabled) => C:\Users\Valued Customer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2014 08:50:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDWelcome.exe version 2.0.12.126 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: b08
Start Time: 01cfdc462b3f7a1a
Termination Time: 0

Error: (09/29/2014 08:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 08:57:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/28/2014 04:23:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5842284

Error: (09/28/2014 04:23:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5842284

Error: (09/28/2014 04:23:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/28/2014 01:40:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 549186

Error: (09/28/2014 01:40:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 549186

Error: (09/28/2014 01:40:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/28/2014 10:22:42 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {dc9f6a15-4e56-48db-a00c-094097d80557}

System errors:
=============
Error: (09/29/2014 10:45:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CHERYL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D8A8909-0FE3-48A8-8C5A-11A0ECB3.
The master browser is stopping or an election is being forced.

Error: (09/29/2014 10:11:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CHERYL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D8A8909-0FE3-48A8-8C5A-11A0ECB3.
The master browser is stopping or an election is being forced.

Error: (09/29/2014 09:47:49 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CHERYL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D8A8909-0FE3-48A8-8C5A-11A0ECB3.
The master browser is stopping or an election is being forced.

Error: (09/29/2014 09:11:52 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CHERYL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D8A8909-0FE3-48A8-8C5A-11A0ECB3.
The master browser is stopping or an election is being forced.

Error: (09/29/2014 08:35:51 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CHERYL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D8A8909-0FE3-48A8-8C5A-11A0ECB3.
The master browser is stopping or an election is being forced.

Error: (09/29/2014 08:11:50 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer CHERYL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2D8A8909-0FE3-48A8-8C5A-11A0ECB3.
The master browser is stopping or an election is being forced.

Error: (09/29/2014 08:00:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Protect Monitor%%1053

Error: (09/29/2014 08:00:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Protect Monitor

Error: (09/29/2014 08:00:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dleaCATSCustConnectService%%1053

Error: (09/29/2014 08:00:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dleaCATSCustConnectService

Microsoft Office Sessions:
=========================
Error: (05/05/2013 09:17:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 497 seconds with 420 seconds of active time. This session ended with a crash.

Error: (04/22/2013 08:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1505 seconds with 720 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-10-11 22:48:12.109
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:48:11.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:48:11.875
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:48:11.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:47:41.580
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:47:41.455
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:47:41.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:47:41.252
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:47:41.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-10-11 22:47:40.909
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Microsoft Security Client\Drivers\Backup\NisDrv\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz
Percentage of memory in use: 55%
Total physical RAM: 3535 MB
Available physical RAM: 1556.41 MB
Total Pagefile: 7300.98 MB
Available Pagefile: 5453.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1879.69 MB

==================== Drives ================================

Drive c: (Main Drive) (Fixed) (Total:74.53 GB) (Free:32.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (FLASH) (Fixed) (Total:14.9 GB) (Free:10.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 3331A8D1)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 1358EE50)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-29 23:02:53
-----------------------------
23:02:53.879 OS Version: Windows 6.0.6002 Service Pack 2
23:02:53.879 Number of processors: 2 586 0x1706
23:02:53.879 ComputerName: VALUEDCUSTOM-PC UserName: Valued Customer
23:02:54.503 Initialize success
23:02:54.503 VM: initialized successfully
23:02:54.519 VM: Intel CPU supported
23:02:58.146 VM: not used
23:03:03.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:03:03.536 Disk 0 Vendor: ST980411 DE14 Size: 76319MB BusType: 3
23:03:03.661 Disk 0 MBR read successfully
23:03:03.676 Disk 0 MBR scan
23:03:03.676 Disk 0 Windows VISTA default MBR code
23:03:03.676 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76317 MB offset 2048
23:03:03.692 Disk 0 scanning sectors +156299264
23:03:03.770 Disk 0 scanning C:\Windows\system32\drivers
23:03:13.442 Service scanning
23:03:20.119 Service MpKslf0eb3923 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84C089A3-4955-418F-8F7D-80A3E761C79D}\MpKslf0eb3923.sys **LOCKED** 32
23:03:29.137 Modules scanning
23:03:34.931 Disk 0 trace - called modules:
23:03:34.947 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
23:03:34.947 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86645ac8]
23:03:34.962 3 CLASSPNP.SYS[8bda38b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86072030]
23:03:34.962 Scan finished successfully
23:03:55.471 Disk 0 MBR has been saved successfully to "C:\Users\Valued Customer\Desktop\MBR.dat"
23:03:55.471 The log file has been saved successfully to "C:\Users\Valued Customer\Desktop\aswMBR.txt"

fbfbfb

2014-10-18, 02:29

Hello and welcome, ken.kingwell.

My name is fbfbfb.

You posted here on October 1st under the topic Help. Cant id or remove this malware. I will gladly assist you with your concerns. I am reviewing your logs and will get back to you as soon as possible. While you are waiting, please review the following guidelines:

While working to resolve the issues with your machine, please follow these guidelines:
Please be patient. Logs are lengthy and can take time to analyze.
Read and follow my directions carefully, in the sequence they are posted. If you are unsure about anything, please ask for clarification before continuing.
Use only those tools that you have been directed to use.
Do not install or uninstall any applications or run any other scans without being directed to do so.
Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
Stay with me until your machine has been deemed all clear.
Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.

ken.kingwell

2014-10-18, 03:39

ok i'll wait and watch this time

ken.kingwell

2014-10-18, 06:58

Gotta crash. wil;l check back in am.

fbfbfb

2014-10-18, 15:20

Hello. ken.kingwell.

Your computer is infected with MyOSProtect, known to activate online advertisements in Firefox, IE, and Chrome browsers. As it is also preventing removal of other bad entries, we will need to use several tools to thoroughly clean your system.

Please run the following scans

1. LSP-Fix

Please download LSP-Fix from HERE (www.cexx.org/LSPFix.exe) and save it to your Desktop.
Disconnect from the internet.
Go to where you downloaded LSP-Fix and run LSPFix.exe > Right click on it and select Run As Administrator.
Check the I know what I'm doing box.
In the Keep box, you should see one or more instances of MyOSProtect.dll .
Select every instance of MyOSProtect.dll > Move each one to the Remove box by clicking the >> button.
When you are done, click Finish.
A repair summary box will appear > Click OK to close LSP-Fix.

2. Malwarebytes Anti-Malware (MBAM)

Download MBAM from HERE (http://www.malwarebytes.org/mwb-download/) > Save it to your Desktop.

Note:
Windows XP > Double click on the icon to run it.
Windows Vista, Windows 7 and 8 > Right-click and select Run As Administrator.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)

On the Dashboard, click Update Now.
Click the Settings tab > Click Detection and Protection.
Under Non-Malware Protection, make sure that both PUP and PUM are set to show Treat Detections as Malware .
Click Advanced Settings > Check mark Automatically Quarantine Detected Items.
On the Dashboard, click Scan.
Select Threat Scan > Click Scan Now.
When the scan is finished and the log pops up, select Copy to Clipboard .
Please paste the log into your next reply.
Exit Malwarebytes.

CHECKLIST : In your next reply, please post the following:

MBAM log
Let me know how your computer is running at this stage.

fbfbfb

2014-10-18, 18:09

Hello, ken.kingwell.

Important followup message regarding LSP-Fix

In the Keep box, remove only MyOsProtect. dll files. All other files are legitimate files and should not be touched or you will lose internet access.

ken.kingwell

2014-10-19, 03:05

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/18/2014
Scan Time: 8:14:39 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.09.19.05
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Valued Customer

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281224
Time Elapsed: 10 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.OSProtect.A, C:\Program Files\Web Protect\MyOSProtect.exe, 4088, , [2160da15d3a872c4282b922b33ced62a]

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.OSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MyOSProtect, , [2160da15d3a872c4282b922b33ced62a],
PUP.Optional.OSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\pcwatch, , [067bb03f69123bfb65ed2c913fc2817f],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, , [d4ad38b7dba0f83e4aa7226ba85a3bc5],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [d4ad38b7dba0f83e4aa7226ba85a3bc5],
PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject, , [86fb6f80c5b6ea4c4be166d2bc47f40c],
PUP.Optional.FreeGames.A, HKLM\SOFTWARE\CLASSES\Free Games 111.BackgroundHostObject.1, , [b4cd2bc40e6d7db99894f246b25105fb],
PUP.Optional.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTMONITOR, , [58294ba45f1c91a52ba681f29f657090],
PUP.Optional.SmartBar, HKU\S-1-5-21-2702734608-1330795866-846813408-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartbarLog, , [80010ae57b00e650f8322d3a5da73dc3],
PUP.Optional.VideoPerformer.A, HKU\S-1-5-21-2702734608-1330795866-846813408-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PERFORMERSOFT LLC\Video Performer, , [8cf5806f7cff96a0819ae1315ba8d12f],

Registry Values: 3
PUP.Optional.MyOSProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MYOSPROTECT|ImagePath, C:\Program Files\Web Protect\MyOSProtect.exe, , [661bec03502be6503f7adf262ed55ea2]
PUP.Optional.Downloader, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTMONITOR|ImagePath, C:\monitorsvc.exe, , [58294ba45f1c91a52ba681f29f657090]
PUP.Optional.SmartBar.A, HKU\S-1-5-21-2702734608-1330795866-846813408-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Browser Infrastructure Helper, C:\Users\Valued Customer\AppData\Local\Smartbar\Application\QuickShare.exe startup, , [770a529d88f35fd7c3e850fd2bd9659b]

Registry Data: 0
(No malicious items detected)

Folders: 7
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.UpdateServer.A, C:\ProgramData\UpdateServer\1406213297, , [e39e915e57245adcfb4c6c8445bdb749],

Files: 76
PUP.Optional.OSProtect.A, C:\Program Files\Web Protect\MyOSProtect.exe, , [2160da15d3a872c4282b922b33ced62a],
PUP.Optional.OSProtect.A, C:\Windows\System32\drivers\pcwatch.sys, , [067bb03f69123bfb65ed2c913fc2817f],
PUP.Optional.OSProtect.A, C:\Program Files\Web Protect\pcwatch.sys, , [443dce2184f72f07c48e10ada1606a96],
PUP.Optional.InstallBrain.A, C:\$Recycle.Bin\S-1-5-21-2702734608-1330795866-846813408-1000\$RVOVHM0.exe, , [abd63eb12457241284ff94e18c753cc4],
PUP.Optional.OptimunInstaller, C:\Users\Valued Customer\Downloads\fl_setup.exe, , [7d0408e788f3033314c40247ee12cd33],
PUP.Optional.InstallBrain.A, C:\Users\Valued Customer\Downloads\VideoPerformerSetup.exe, , [5d2403ece39868ce31528de8768b738d],
PUP.Optional.SmartBar, C:\Windows\Installer\2d1ae4.msi, , [196847a8fd7e75c1e36c8ea04db349b7],
PUP.Optional.Monitor.A, C:\monitor.exe, , [b5ccb43b59222f07205dea1aaf54bd43],
PUP.Optional.MyOSProtect.A, C:\Windows\Temp\MyOSProtect.log, , [2d54f7f897e4d462354a9d67ae558e72],
PUP.Optional.MyOSProtect.A, C:\Windows\System32\MyOSProtectOff.ini, , [5b26a44bff7cc76ffcba050037ccfe02],
PUP.Optional.MyOSProtect.A, C:\Windows\System32\MyOSProtect.ini, , [720f04eb93e85cdac4f3d72e0cf7738d],
PUP.Optional.Boost.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, , [3849be318bf0de5852ab2be51be836ca],
PUP.Optional.Boost.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, , [85fcde1176051323619c4ec2c93a48b8],
PUP.Optional.Superfish.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [532e717ebac1df573e6c011fda2913ed],
PUP.Optional.Superfish.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [740d6f8064171e18c0ea8898b1522ed2],
PUP.Optional.Downloader, C:\monitorsvc.exe, , [58294ba45f1c91a52ba681f29f657090],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.html, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\manifest.json, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.htm, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.html, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.html, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS\border.css, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-1.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-2.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-3.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fb.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fblike.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\gmail.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\google.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\googleplus.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-1.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-2.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-3.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\left.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-1.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-2.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-3.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\mgsplusvideo.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-1.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-2.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-3.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\PBQuickShare.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\pinit.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\right.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBox.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBoxQs.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-1.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-2.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-3.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\twitter.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-1.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-2.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-3.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\BackPageRemove.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\defaultBlockList.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\documentEvents.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\externalJS.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\FBImagePreview.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\InternalJS.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\jquery-1.9.0.min.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\PluginWrapper.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\publisherDefinitions.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\tabReload.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\TopFrameJS.js, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare128.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare16.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.SnapDo.A, C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\QuickShare48.png, , [651c6689512a1c1a34cc32a722e00000],
PUP.Optional.UpdateServer.A, C:\ProgramData\UpdateServer\1406213297\webdev.exe.download, , [e39e915e57245adcfb4c6c8445bdb749],

Physical Sectors: 0
(No malicious items detected)

(end)

ken.kingwell

2014-10-19, 03:14

Almost had it but then when I tried to send this reply, the bug opened new ad page.

fbfbfb

2014-10-19, 04:23

Hello, ken.kingwell.

Thank you for the MBAM log.

Please run the following scans

1. AdwCleaner

We will be running this cleaner in 2 parts. The first time you run it, please scan only and send me the log for review. We will rerun it again later to clean.

Please download AdwCleaner from HERE (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/).
Double click on adwcleaner.exe. Note: Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
2. Junkware Removal Tool (JRT)

Please download Junkware Removal Tool from HERE (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Right-mouse click JRT.exe and select Run as Administrator.
JRTwill begin to backup your registry and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, the log JRT.txt is saved on your desktop and will automatically open.
Post the contents of JRT.txt into your next reply.

CHECKLIST : In your next reply, please post the following:

AdwCleaner[R0].txt
JRT.txt

ken.kingwell

2014-10-19, 07:33

# AdwCleaner v4.000 - Report created 19/10/2014 at 00:55:07
# Updated 12/10/2014 by Xplode
# Database : 2014-10-17.9
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : Valued Customer - VALUEDCUSTOM-PC
# Running from : C:\Users\Valued Customer\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : MyOSProtect
Service Found : pcwatch
Service Found : ProtectMonitor

***** [ Files / Folders ] *****

File Found : C:\monitor.exe
File Found : C:\monitorsvc.exe
File Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Found : C:\Windows\system32\drivers\pcwatch.sys
File Found : C:\Windows\system32\MyOSProtect.dll
File Found : C:\Windows\system32\MyOSProtect.ini
File Found : C:\Windows\system32\MyOSProtectOff.ini
Folder Found : C:\Program Files\Web Protect
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\UpdateCommon
Folder Found : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found : C:\Users\Valued Customer\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Valued Customer\AppData\Roaming\serv
Folder Found : C:\Users\Valued Customer\AppData\Roaming\Systweak
Folder Found : C:\Users\VALUED~1\AppData\Local\Temp\Smartbar

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\smartbarlog
Key Found : HKCU\Software\WebProtect
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject
Key Found : HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FD58258C-84A6-4DEF-9793-019BE7F491A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\WebProtect
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19569

-\\ Google Chrome v37.0.2062.120

*************************

AdwCleaner[R0].txt - [6330 octets] - [19/10/2014 00:55:07]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6390 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows Vista (TM) Business x86
Ran by Valued Customer on Sun 10/19/2014 at 1:02:13.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\browser infrastructure helper
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Valued Customer\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Valued Customer\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Valued Customer\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Folder] "C:\ProgramData\ask"

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Failed to delete: [Folder] C:\Users\Valued Customer\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Failed to delete: [Folder] C:\Users\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/19/2014 at 1:04:31.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ken.kingwell

2014-10-19, 08:07

gotta crash. check in tomorrow.

fbfbfb

2014-10-19, 13:28

Hello, ken.kingwell.

Thank you for yor logs.

Please run the following scans

1. AdwCleaner

Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleanerto restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
2. Farbar Recovery Scan Tool (FRST)

Please re-run FRST and send me a fresh log. Be certain to check mark the Addition.txt box before running the program.

CHECKLIST : In your next reply, please post the following:

AdwCleaner[S0].txt
FRST.txt
Let me know how your computer is running now.

ken.kingwell

2014-10-20, 04:04

# AdwCleaner v4.000 - Report created 19/10/2014 at 21:43:38
# DB v2014-10-19.11
# Updated 12/10/2014 by Xplode
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : Valued Customer - VALUEDCUSTOM-PC
# Running from : C:\Users\Valued Customer\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : MyOSProtect
[#] Service Deleted : pcwatch
[#] Service Deleted : ProtectMonitor

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Valued Customer\AppData\Roaming\serv
Folder Deleted : C:\Users\VALUED~1\AppData\Local\Temp\Smartbar
Folder Deleted : C:\ProgramData\UpdateCommon
[!] Folder Deleted : C:\Program Files\Web Protect
Folder Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\Windows\system32\drivers\pcwatch.sys
File Deleted : C:\monitor.exe
File Deleted : C:\monitorsvc.exe
File Deleted : C:\Windows\system32\MyOSProtect.dll
File Deleted : C:\Windows\system32\MyOSProtect.ini
File Deleted : C:\Windows\system32\MyOSProtectOff.ini
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FD58258C-84A6-4DEF-9793-019BE7F491A7}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\smartbarlog
Key Deleted : HKCU\Software\WebProtect
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\WebProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19569

-\\ Google Chrome v37.0.2062.120

Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=3AF12EB3-1BFD-44CA-9D8A-CBF430D7B9C2&apn_ptnrs=TV&apn_sauid=C3FE5CFE-2DDC-4637-892C-AE55E9AB37F7&apn_dtid=OSJ000YYUS&q={searchTerms}

*************************

AdwCleaner[R0].txt - [6470 octets] - [19/10/2014 00:55:07]
AdwCleaner[R1].txt - [6226 octets] - [19/10/2014 21:10:37]
AdwCleaner[S0].txt - [6519 octets] - [19/10/2014 21:43:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6579 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2014
Ran by Valued Customer (administrator) on VALUEDCUSTOM-PC on 19-10-2014 21:56:38
Running from C:\Users\Valued Customer\Desktop
Loaded Profile: Valued Customer (Available profiles: Valued Customer)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
( ) C:\Windows\System32\dldwcoms.exe
( ) C:\Windows\System32\dleacoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\Dell V505\dldwmon.exe
() C:\Program Files\Dell V310-V510 Series\dleamon.exe
() C:\Program Files\Dell V310-V510 Series\ezprint.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(MyOSCompany) C:\Program Files\Web Protect\MyOSProtect.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Akamai Technologies, Inc.) C:\Users\Valued Customer\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files\Dell V505\dldwmsdmon.exe
(Akamai Technologies, Inc.) C:\Users\Valued Customer\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [dldwmon.exe] => C:\Program Files\Dell V505\dldwmon.exe [677104 2008-06-05] ()
HKLM\...\Run: [dldwamon] => C:\Program Files\Dell V505\dldwamon.exe [16624 2008-06-05] ()
HKLM\...\Run: [dleamon.exe] => C:\Program Files\Dell V310-V510 Series\dleamon.exe [771432 2012-11-27] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Dell V310-V510 Series\ezprint.exe [140648 2012-11-27] ()
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avldr: avldr.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Valued Customer\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-06-14] (Samsung Electronics)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [4287536 2013-08-03] ()
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2702734608-1330795866-846813408-1000\...\Run: [KiesPDLR.exe] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843568 2014-05-28] (Samsung)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F0D7BA42BE6CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
SearchScopes: HKCU - {083D2AD1-972D-49B5-A8E6-C96BCB1572C4} URL = https://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: SDHelper -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 29 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Valued Customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-02]
CHR Extension: (Google Search) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-02]
CHR Extension: (Avatar) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekopibnfangcekijenaofofgljeeommi [2014-10-10]
CHR Extension: (Dragon Eternity) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlcdemkogmboaddomippjbfokkedaoh [2014-02-15]
CHR Extension: (Google Wallet) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR Extension: (Gmail) - C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-02]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-09] (BitRaider, LLC)
R2 dldw_device; C:\Windows\system32\dldwcoms.exe [594600 2009-07-24] ( )
S2 dleaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\dleaserv.exe [193192 2010-05-21] ()
R2 dlea_device; C:\Windows\system32\dleacoms.exe [598696 2010-05-21] ( )
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2011-02-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt.sys [380928 2008-05-13] (IDT, Inc.) [File not signed]
S3 BRDriver; \??\C:\ProgramData\BitRaider\BRDriver.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 21:55 - 2014-10-19 21:55 - 01103360 _____ (Farbar) C:\Users\Valued Customer\Desktop\FRST.exe
2014-10-19 21:45 - 2014-10-19 21:45 - 00004144 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-19 21:45 - 2014-10-19 21:45 - 00002072 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-10-19 01:04 - 2014-10-19 01:04 - 00002901 _____ () C:\Users\Valued Customer\Desktop\JRT.txt
2014-10-19 01:02 - 2014-10-19 01:02 - 00000000 ____D () C:\Windows\ERUNT
2014-10-19 00:59 - 2014-10-19 00:59 - 01705698 _____ (Thisisu) C:\Users\Valued Customer\Desktop\JRT.exe
2014-10-19 00:54 - 2014-10-19 21:43 - 00000000 ____D () C:\AdwCleaner
2014-10-19 00:53 - 2014-10-19 00:53 - 01976320 _____ () C:\Users\Valued Customer\Desktop\AdwCleaner.exe
2014-10-18 20:10 - 2014-10-18 20:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-18 20:09 - 2014-10-18 20:09 - 00000909 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-18 20:09 - 2014-10-18 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-18 20:09 - 2014-10-18 20:09 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-18 20:09 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-18 20:09 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-18 20:09 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-18 20:03 - 2014-10-18 20:04 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Valued Customer\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-18 20:03 - 2014-10-18 20:03 - 00186880 _____ (CEXX.ORG) C:\Users\Valued Customer\Desktop\LSPFix.exe
2014-10-16 20:12 - 2014-10-16 20:12 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-16 20:12 - 2014-10-16 20:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-16 20:12 - 2014-10-16 20:12 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-16 20:12 - 2014-10-16 20:12 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-16 20:12 - 2014-10-16 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-16 20:12 - 2014-10-16 20:12 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-15 00:00 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 00:00 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 00:00 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 23:57 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 23:51 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-14 23:49 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 11083264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 06004224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 02006016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 22:35 - 2014-09-23 16:08 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 22:35 - 2014-09-23 16:08 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-10-14 22:35 - 2014-09-23 14:38 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-14 22:35 - 2014-09-23 14:31 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 22:35 - 2014-09-23 14:31 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 22:35 - 2014-09-23 14:30 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 22:35 - 2014-09-23 14:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-07 23:27 - 2014-10-07 23:27 - 00001760 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk
2014-10-07 23:27 - 2014-06-16 02:01 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-10-07 23:27 - 2014-06-16 02:01 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-10-07 23:25 - 2014-09-24 18:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-10-05 21:16 - 2014-10-05 21:16 - 00000490 _____ () C:\file.exe
2014-09-29 23:07 - 2014-10-19 21:57 - 00016692 _____ () C:\Users\Valued Customer\Desktop\FRST.txt
2014-09-29 23:07 - 2014-09-29 23:07 - 00043172 _____ () C:\Users\Valued Customer\Desktop\Addition.txt
2014-09-29 23:03 - 2014-09-29 23:03 - 00001762 _____ () C:\Users\Valued Customer\Desktop\aswMBR.txt
2014-09-29 23:03 - 2014-09-29 23:03 - 00000512 _____ () C:\Users\Valued Customer\Desktop\MBR.dat
2014-09-29 23:01 - 2014-09-29 23:01 - 05185536 _____ (AVAST Software) C:\Users\Valued Customer\Desktop\aswMBR.exe
2014-09-29 22:51 - 2014-09-29 23:08 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Tweaking
2014-09-29 22:47 - 2014-10-19 21:56 - 00000000 ____D () C:\FRST
2014-09-29 22:44 - 2014-09-29 22:44 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VALUEDCUSTOM-PC-Microsoft®-Windows-Vista™-Business-(32-bit).dat
2014-09-29 22:43 - 2014-09-29 22:43 - 00000000 ____D () C:\RegBackup
2014-09-29 22:38 - 2014-09-29 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-28 09:47 - 2014-09-28 09:49 - 118953720 _____ (Microsoft Corporation) C:\Users\Valued Customer\Documents\msert.exe
2014-09-28 09:43 - 2014-09-28 09:43 - 11447608 _____ (Microsoft Corporation) C:\Users\Valued Customer\Documents\mseinstall.exe
2014-09-27 11:21 - 2014-09-27 11:21 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-23 22:48 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-19 21:57 - 2013-08-03 23:46 - 00000000 ____D () C:\Users\Valued Customer\AppData\Local\PMB Files
2014-10-19 21:52 - 2006-11-02 06:33 - 00835364 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 21:50 - 2008-01-20 21:39 - 01568258 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 21:46 - 2013-01-01 20:21 - 00066284 _____ () C:\ProgramData\dleascan.log
2014-10-19 21:46 - 2012-12-02 11:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-19 21:45 - 2013-01-21 12:54 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-10-19 21:45 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 21:45 - 2006-11-02 09:00 - 00183280 _____ () C:\Windows\PFRO.log
2014-10-19 21:45 - 2006-11-02 08:47 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 21:45 - 2006-11-02 08:47 - 00004880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 21:44 - 2006-11-02 09:01 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-19 21:43 - 2014-09-17 19:59 - 00000000 ____D () C:\Program Files\Web Protect
2014-10-19 21:21 - 2012-12-02 16:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 21:13 - 2012-12-02 11:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 14:00 - 2013-08-26 22:34 - 00000000 ____D () C:\Users\Valued Customer\AppData\Local\GQWeb
2014-10-16 20:13 - 2013-09-16 20:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-15 20:55 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-15 20:08 - 2006-11-02 08:47 - 00374128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 00:00 - 2012-12-01 16:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 23:55 - 2013-07-15 10:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 23:51 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-10 17:38 - 2014-05-03 23:34 - 00011495 _____ () C:\Windows\setupact.log
2014-10-08 00:55 - 2013-01-21 12:54 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-10-07 23:27 - 2013-07-25 12:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-10-07 23:27 - 2012-05-02 16:26 - 00000000 ____D () C:\Users\Valued Customer
2014-10-07 23:25 - 2013-07-25 12:36 - 00000000 ____D () C:\Users\Valued Customer\AppData\Roaming\Samsung
2014-10-07 23:25 - 2012-05-02 16:33 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-07 23:24 - 2013-07-25 12:15 - 00000000 ____D () C:\Program Files\Samsung
2014-10-05 22:58 - 2006-11-02 06:23 - 00450628 ____R () C:\Windows\system32\Drivers\etc\hosts.20141015-212153.backup
2014-10-02 21:00 - 2013-01-21 12:53 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-28 13:43 - 2006-11-02 06:23 - 00450628 ____R () C:\Windows\system32\Drivers\etc\hosts.20141005-225830.backup
2014-09-28 09:45 - 2012-12-02 12:18 - 00002198 _____ () C:\Windows\epplauncher.mif
2014-09-27 12:48 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-09-27 12:30 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-09-27 12:29 - 2006-11-02 06:22 - 48234496 _____ () C:\Windows\system32\config\software_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 41943040 _____ () C:\Windows\system32\config\components_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 23330816 _____ () C:\Windows\system32\config\system_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 04980736 _____ () C:\Windows\system32\config\default_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-09-27 12:29 - 2006-11-02 06:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-09-27 12:27 - 2013-08-03 23:46 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-27 12:27 - 2012-12-02 10:37 - 00000000 ____D () C:\Users\Valued Customer\AppData\Local\Akamai
2014-09-27 12:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-09-27 12:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-09-27 12:13 - 2012-12-02 11:55 - 00034093 _____ () C:\Windows\IE9_main.log
2014-09-27 11:21 - 2012-12-02 16:10 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-27 11:21 - 2012-12-02 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 02:41 - 2012-12-01 23:24 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Valued Customer\random.dat

Some content of TEMP:
====================
C:\Users\Valued Customer\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Valued Customer\AppData\Local\Temp\ose00000.exe
C:\Users\Valued Customer\AppData\Local\Temp\ose00001.exe
C:\Users\Valued Customer\AppData\Local\Temp\Quarantine.exe
C:\Users\Valued Customer\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-19 21:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2014
Ran by Valued Customer at 2014-10-19 21:57:31
Running from C:\Users\Valued Customer\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BitRaider Web Client (HKLM\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
Dell V505 (HKLM\...\Dell V505) (Version: - Dell, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GradeQuick Web Plugin (HKLM\...\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}) (Version: 1.00.0000 - Edline)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.5902.0 - IDT)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
K-Lite Codec Pack 6.2.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 6.2.0 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Panda Antivirus Pro 2013 (Version: 12.00.01 - Panda Security) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.7.0.0 - Pando Networks Inc.)
QuickShare (HKLM\...\{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}) (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14083.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Valued Customer\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

12-10-2014 15:02:37 Windows Update
15-10-2014 03:48:46 Windows Update
17-10-2014 00:10:50 Installed Java 7 Update 71
18-10-2014 00:00:10 Removed QuickShare
18-10-2014 00:01:18 Removed QuickShare
18-10-2014 12:27:32 Scheduled Checkpoint
19-10-2014 04:07:29 Windows Update
19-10-2014 18:42:28 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2014-10-15 21:21 - 00450692 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 www.123simsen.com
127.0.0.1 123simsen.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3AA4CFCD-8073-4A3E-94DF-B248ACEEBC7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {441B57FC-69C6-42A5-A41C-523DE993C6C4} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5836FF26-3E9D-4548-BB43-982230494B04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {786ACB0D-BF7A-428E-AC04-93519C9306FE} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {AD3E0A82-9A4E-40F5-BBE9-9C8830B9A15C} - System32\Tasks\Installation App Launcher => C:\Program Files\Dell V505\dldwamon.exe [2008-06-05] ()
Task: {D3063372-8F10-42B4-AF3B-D0E8129A5EF5} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ED63E97E-99AD-434B-B4D0-F344C51A7A27} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-27] (Adobe Systems Incorporated)
Task: {F8FEA8B7-9AC3-4225-AD2A-162EDEE4D13A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FEF4CC27-EABD-4AA6-AE87-AC77F39A91A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-01-01 20:23 - 2009-11-04 09:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dleadrpp.dll
2012-12-02 16:52 - 2009-07-02 13:41 - 00155648 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dldwdrpp.dll
2013-01-01 20:20 - 2009-11-26 04:49 - 00086180 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleaCFG.dll
2013-01-01 20:21 - 2009-05-18 09:29 - 00819200 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleaptpc.dll
2013-01-01 20:21 - 2009-11-04 09:14 - 00165376 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleadrui.dll
2013-01-01 20:21 - 2009-11-09 04:06 - 00159744 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\dleaPRPR.DLL
2013-01-21 12:53 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-01-21 12:53 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-21 12:53 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-21 12:53 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-21 12:53 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2012-10-11 21:56 - 2012-10-11 21:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 21:56 - 2012-10-11 21:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-21 12:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2012-12-02 16:47 - 2008-06-05 00:49 - 00677104 _____ () C:\Program Files\Dell V505\dldwmon.exe
2012-12-02 16:47 - 2008-05-28 17:37 - 00380928 _____ () C:\Program Files\Dell V505\dldwscw.dll
2012-12-02 16:47 - 2008-04-25 02:44 - 00077906 _____ () C:\Program Files\Dell V505\dldwcfg.dll
2008-03-10 07:30 - 2008-03-10 12:30 - 00188416 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dldwdatr.dll
2012-12-02 16:47 - 2008-05-28 17:37 - 01036288 _____ () C:\Program Files\Dell V505\dldwDRS.dll
2012-12-02 16:47 - 2008-04-23 03:53 - 00081920 _____ () C:\Program Files\Dell V505\dldwcaps.dll
2012-12-02 16:47 - 2008-02-26 15:24 - 00069632 _____ () C:\Program Files\Dell V505\dldwcnv4.dll
2012-12-02 16:47 - 2008-04-23 03:51 - 00151552 _____ () C:\Program Files\Dell V505\dldwmonr.dll
2013-01-01 20:20 - 2012-11-27 02:04 - 00771432 _____ () C:\Program Files\Dell V310-V510 Series\dleamon.exe
2013-01-01 20:20 - 2009-11-26 04:49 - 00086180 _____ () C:\Program Files\Dell V310-V510 Series\dleacfg.dll
2013-01-01 20:20 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files\Dell V310-V510 Series\dleascw.dll
2013-01-01 20:21 - 2009-05-27 08:16 - 00192512 _____ () C:\Windows\system32\spool\drivers\w32x86\3\dleadatr.dll
2013-01-01 20:20 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files\Dell V310-V510 Series\dleaDRS.dll
2013-01-01 20:20 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Dell V310-V510 Series\dleacaps.dll
2013-01-01 20:20 - 2009-03-05 13:55 - 00059904 _____ () C:\Program Files\Dell V310-V510 Series\dleacnv4.dll
2013-01-01 20:19 - 2009-02-20 04:49 - 00299008 _____ () C:\Windows\system32\dleasm.dll
2013-01-01 20:19 - 2009-02-20 04:50 - 00028672 _____ () C:\Windows\system32\dleasmr.dll
2013-01-01 20:20 - 2012-11-27 02:04 - 00140648 _____ () C:\Program Files\Dell V310-V510 Series\ezprint.exe
2013-01-01 20:20 - 2009-06-22 09:08 - 00708608 _____ () C:\Program Files\Dell V310-V510 Series\Epwizard.DLL
2013-01-01 20:20 - 2009-06-22 09:06 - 00159744 _____ () C:\Program Files\Dell V310-V510 Series\customui.dll
2013-01-01 20:20 - 2009-06-22 09:06 - 00114688 _____ () C:\Program Files\Dell V310-V510 Series\Eputil.DLL
2013-01-01 20:20 - 2009-06-22 09:05 - 00139264 _____ () C:\Program Files\Dell V310-V510 Series\Imagutil.DLL
2013-01-01 20:20 - 2009-06-22 09:06 - 00061440 _____ () C:\Program Files\Dell V310-V510 Series\Epfunct.DLL
2013-01-01 20:20 - 2009-06-22 09:08 - 02203648 _____ () C:\Program Files\Dell V310-V510 Series\EPWizRes.dll
2013-01-01 20:20 - 2009-06-22 09:08 - 00045056 _____ () C:\Program Files\Dell V310-V510 Series\epstring.dll
2013-01-01 20:20 - 2009-06-22 09:08 - 00196608 _____ () C:\Program Files\Dell V310-V510 Series\EPOEMDll.dll
2013-01-01 20:20 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Dell V310-V510 Series\iptk.dll
2013-01-01 20:20 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Dell V310-V510 Series\dleaptp.dll
2013-08-03 23:45 - 2013-08-03 23:46 - 04287536 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2012-12-02 16:47 - 2008-06-05 00:49 - 00025840 _____ () C:\Program Files\Dell V505\dldwMsdMon.exe
2012-12-02 16:47 - 2008-05-19 01:58 - 00028672 _____ () C:\Program Files\Dell V505\App4R.Monitor.Common.dll
2012-12-02 16:47 - 2008-05-19 01:58 - 00036864 _____ () C:\Program Files\Dell V505\App4R.Monitor.Core.dll
2012-12-02 16:47 - 2008-05-19 01:57 - 00065536 _____ () C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.dll
2012-12-02 16:47 - 2008-03-25 04:53 - 00012288 _____ () C:\Program Files\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll
2014-09-14 20:16 - 2014-09-03 23:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-14 20:16 - 2014-09-03 23:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-14 20:16 - 2014-09-03 23:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-10-19 21:47 - 2014-10-19 21:47 - 00098816 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32api.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00110080 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\pywintypes27.dll
2014-10-19 21:47 - 2014-10-19 21:47 - 00364544 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\pythoncom27.dll
2014-10-19 21:47 - 2014-10-19 21:47 - 00045568 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\_socket.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 01160704 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\_ssl.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00320512 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32com.shell.shell.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00713216 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\_hashlib.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 01175040 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._core_.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00805888 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._gdi_.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00811008 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._windows_.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 01062400 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._controls_.pyd
2014-10-19 21:46 - 2014-10-19 21:47 - 00735232 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._misc_.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00128512 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\_elementtree.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00127488 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\pyexpat.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00557056 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\pysqlite2._sqlite.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00007168 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\hashobjs_ext.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00087552 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\_ctypes.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00119808 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32file.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00108544 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32security.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00018432 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32event.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00038912 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32inet.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00070656 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._html2.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00167936 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32gui.pyd
2014-10-19 21:46 - 2014-10-19 21:46 - 00011264 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32crypt.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00027136 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\_multiprocessing.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00686080 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\unicodedata.pyd
2014-10-19 21:46 - 2014-10-19 21:46 - 00122368 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._wizard.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00010240 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\select.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00024064 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32pipe.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00025600 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32pdh.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00525640 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\windows._lib_cacheinvalidation.pyd
2014-10-19 21:46 - 2014-10-19 21:46 - 00035840 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32process.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00017408 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32profile.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00022528 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\win32ts.pyd
2014-10-19 21:47 - 2014-10-19 21:47 - 00078336 _____ () C:\Users\Valued Customer\AppData\Local\Temp\_MEI24002\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4440A77E
AlternateDataStreams: C:\ProgramData\TEMP:9D76B46F

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2702734608-1330795866-846813408-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2702734608-1330795866-846813408-1003 - Limited - Enabled)
Guest (S-1-5-21-2702734608-1330795866-846813408-501 - Limited - Disabled)
Valued Customer (S-1-5-21-2702734608-1330795866-846813408-1000 - Administrator - Enabled) => C:\Users\Valued Customer

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2014 09:45:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2014 09:08:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14443477

Error: (10/19/2014 09:08:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14443477

Error: (10/19/2014 09:08:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 09:08:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14441637

Error: (10/19/2014 09:08:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14441637

Error: (10/19/2014 09:08:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/19/2014 05:07:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3089

Error: (10/19/2014 05:07:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3089

Error: (10/19/2014 05:07:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (10/19/2014 09:45:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: dleaCATSCustConnectService%%1053

Error: (10/19/2014 09:45:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000dleaCATSCustConnectService

Error: (10/19/2014 09:44:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll

Error: (10/19/2014 09:44:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll

Error: (10/19/2014 09:44:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: C:\Windows\System32\bcmihvsrv.dll

Error: (10/19/2014 09:43:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Interactive Services Detection1

Error: (10/19/2014 09:43:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service

Error: (10/19/2014 09:43:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Security Center Service1600001Restart the service

Error: (10/19/2014 09:43:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Updating Service1600001Restart the service

Error: (10/19/2014 09:43:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Live ID Sign-in Assistant1100001Restart the service

Microsoft Office Sessions:
=========================
Error: (05/05/2013 09:17:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 497 seconds with 420 seconds of active time. This session ended with a crash.

Error: (04/22/2013 08:13:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1505 seconds with 720 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2014-10-19 21:57:26.509
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-19 21:57:26.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-19 21:57:25.924
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-19 21:57:25.631
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-19 21:57:25.037
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-19 21:57:24.748
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-19 21:57:24.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-19 21:57:24.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 20:19:40.739
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-18 20:19:40.442
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 3535 MB
Available physical RAM: 1937.3 MB
Total Pagefile: 7300.97 MB
Available Pagefile: 5712.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.94 MB

==================== Drives ================================

Drive c: (Main Drive) (Fixed) (Total:74.53 GB) (Free:31.03 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (FLASH) (Fixed) (Total:14.9 GB) (Free:6.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 3331A8D1)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 1358EE50)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C)

==================== End Of Log ============================

ken.kingwell

2014-10-20, 04:30

For now, all seems to be well. Thank you so much for your assistance.

fbfbfb

2014-10-20, 14:24

Hello, ken.kingwell.

Good to hear that your computer is working better. However, there are still several infected entries we need to remove.

Please run the following Fix

Please open Notepad: Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

Copy and paste the entire contents of the code box below: To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
Save this to the same directory you saved FRST / FRST64 > Save it as fixlist.txt.

Note: In order for the fix to work, fixlist.txt must be placed next to FRST / FRST64. You can use your mouse to drag it in place.

Start
CloseProcesses:

(MyOSCompany) C:\Program Files\Web Protect\MyOSProtect.exe
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 29 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
R3 MyOSProtect; C:\Program Files\Web Protect\MyOSProtect.exe [1317096 2014-09-01] (MyOSCompany) [File not signed]
R1 pcwatch; C:\Windows\system32\Drivers\pcwatch.sys [19840 2014-09-01] () [File not signed] <==== ATTENTION
2014-10-19 21:45 - 2014-10-19 21:45 - 00004144 _____ () C:\Windows\system32\MyOSProtect.ini
2014-10-19 21:45 - 2014-10-19 21:45 - 00002072 _____ () C:\Windows\system32\MyOSProtectOff.ini
2014-10-19 21:43 - 2014-09-17 19:59 - 00000000 ____D () C:\Program Files\Web Protect
QuickShare (HKLM\...\{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}) (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2702734608-1330795866-846813408-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pcwatch.sys => ""="Driver" <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\pcwatch.sys => ""="Driver" <==== ATTENTION

Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST / FRST64, press the Fix button once and wait.
When finished, the tool will generate a log on the Desktop (Fixlog.txt). Please post it to your next reply.

fbfbfb

2014-10-23, 04:07

Hello, ken.kingwell.

Are you still with me? If you wish to continue cleaning your machine, please reply in the next 24 hours to avoid closing this thread.

Thank you.

fbfbfb

2014-10-24, 02:37

Hello, ken.kingwell.

As you have not responded to my last post, this thread is now closed.

Since we have not completed the cleaning process, the remaining bad entries may continue to cause problems.

Good to hear that your computer is working better. However, there are still several infected entries we need to remove.

If you need assistance in the future, please take time to reread the section Before You Post found HERE. (http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-%28Please-read-this-Procedure-Before-Requesting-Assistance%29-Updated)

Towards the end of a cleanup please make sure you follow through with any final log requested, even if it appears to you that your computer is back to normal operation, and when asked to post back one more time please do so. As much as we like our members we would rather not see you back in a few weeks because the disinfecting wasn't finished and final instructions given.

All the best,
fbfbfb