Author Topic: [Resolved - K] Malware infections stopping spyware form working?  (Read 7110 times)

Offline Chalkie

  • Bronze Member
  • Posts: 76
I updated a three year licence for my anti-spam programme but now it is not working. Their technical support staff tried to charge me UKP 140 for someone to remove the infection and UKP 40 for a security product.

I need the spam app to work as I am being overwhelmed.

I have run my antivirus programme and Malwarebytes - they removed some infecyions but the problem persists with my anti-spam software.

I would be grateful for any help. My logs are pasted below. 

I have run DDS and am posting the log here:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17801  BrowserJavaVersion: 11.40.2
Run by Andrew Stucken at 9:53:40 on 2015-05-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.7882.4462 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dolsrvcbar2.exe
C:\Windows\system32\dol_start.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~2\GFI\GFIBAC~1\GFIFInst.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIFSC~1.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
C:\Windows\system32\PrintCtrl.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
C:\Program Files (x86)\Fighters\FighterSuiteService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\GFI\GFI BackUp Freeware\GFIAgent.exe
C:\Program Files (x86)\Dolphin\SnovaSuite1359\Snova.EXE
C:\Users\Andrew Stucken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\BuddyBackup\BuddyBackup.exe
C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files (x86)\Tenda\Common\RaUI.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Tenda\Common\RaRegistry.exe
C:\Program Files (x86)\Dolphin\Sam\sam.exe
C:\Program Files (x86)\Dolphin\Sam\vocalizer\SAM.Vocalizer.exe
C:\Program Files (x86)\Dolphin\Sam\eloquence\SAM.Eloquence.exe
C:\Program Files (x86)\Dolphin\Sam\orpheus\SAM.DOLOSTUB.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\Dolphin\SnovaSuite1359\AMD64\x64whook.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://mysearch.avg.com/?cid={FDF28913-6530-4AA2-8570-3D24EDB36AE5}&mid=c6431cc9591547d0b53a810f1b447e65-e3a72904cd12dffd849fafa32148ed2dc7c6909a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-02 09:34:36&v=4.1.0.411&pid=wtu&sg=&sap=hp
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uProxyServer = 
uProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: StumbleUpon Launcher: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Web TuneUp: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: StumbleUpon Toolbar: {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files (x86)\StumbleUpon\StumbleUponIEBar.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SkyDrive] "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [GFI BackUp Freeware] "C:\PROGRA~2\GFI\GFIBAC~1\GFIAgent.exe"
uRun: [DolphinOceanicAccess] "C:\Program Files (x86)\Dolphin\SnovaSuite1359\Snova.EXE"
uRun: [Spotify Web Helper] "C:\Users\Andrew Stucken\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_2] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314_2"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618\amd64"
uRunOnce: [Uninstall C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew Stucken\AppData\Local\Microsoft\SkyDrive\17.3.1166.0618"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
mRun: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [RIM PeerManager] "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
dRun: [Symform Status] "C:\Program Files\Symform\Node Service\symformstatus.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BUDDYB~1.LNK - C:\Program Files (x86)\BuddyBackup\BuddyBackup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TENDAW~1.LNK - C:\Program Files (x86)\Tenda\Common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: LastPass - C:\Users\Andrew Stucken\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Andrew Stucken\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: blank
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{1F347227-9D40-4E83-A73D-FB0369147557} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew Stucken\AppData\Roaming\Mozilla\Firefox\Profiles\05niw5ca.default-1425462641201\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/?gws_rd=ssl
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-3-11 213984]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-3-11 344544]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-4-3 137184]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2015-3-20 40928]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-27 19264]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2015-3-11 162784]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2015-4-9 284128]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2015-4-15 256992]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-4-7 291296]
R1 DolBoot;DolBoot;C:\Windows\System32\dolboot.sys [2015-2-11 57592]
R1 RapportCerberus_80128;RapportCerberus_80128;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [2015-2-18 844440]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2015-5-6 445816]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2015-5-6 558872]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-20 77128]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2015-4-15 3438032]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2015-4-15 311792]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 DolphinCBarSrv2;Dolphin CBar Service 2;C:\Windows\System32\dolsrvcbar2.exe [2015-2-11 445952]
R2 DolStart;Dolphin Starter Service;C:\Windows\System32\dol_start.exe [2015-2-11 239864]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-10-15 311184]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-1-27 151648]
R2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIFInst.exe [2014-3-20 1011056]
R2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIFSC~1.EXE [2014-3-20 2664816]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-27 170824]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-1-16 165760]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-8 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-8 1080120]
R2 MyEpson Portal Service;MyEpson Portal Service;C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe [2011-9-16 703584]
R2 Printer Control;Printer Control;C:\Windows\System32\PrintCtrl.exe [2014-3-27 121856]
R2 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Tenda\Common\RaRegistry.exe [2015-3-14 375872]
R2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2013-8-2 454208]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2015-5-6 1943832]
R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2015-3-19 396024]
R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [2015-3-19 1354488]
R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2014-4-30 216608]
R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2014-3-14 1282592]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-1-16 364416]
R2 vToolbarUpdater18.4.0;vToolbarUpdater18.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [2015-5-2 1875480]
R2 WtuSystemSupport;WtuSystemSupport;C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [2015-5-2 620056]
R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-10-31 588024]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-27 342528]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-27 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-27 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-8 136408]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-8 63704]
R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2015-3-19 18432]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-2 726160]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 Avira.OE.ServiceHost;Avira Service Host;C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [2015-4-10 205104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-1-27 135824]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-12-28 110336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-27 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-8-30 150464]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2013-5-1 30192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-13 114688]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2012-8-30 40144]
S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2012-8-30 42192]
S3 Olympus DVR Service;Olympus DVR Service;C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [2012-7-23 174592]
S3 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2013-8-2 621632]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2013-3-11 535576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-21 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-12-28 206080]
S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe [2010-3-25 120232]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]
.
=============== Created Last 30 ================
.
2015-05-13 15:14:35   --------   d-----w-   C:\Program Files (x86)\BlackBerry
2015-05-13 15:14:13   --------   d-----w-   C:\Program Files (x86)\Research In Motion
2015-05-13 15:13:53   --------   d-----w-   C:\ProgramData\Research In Motion
2015-05-13 15:11:59   --------   d-----w-   C:\Program Files (x86)\Common Files\Research In Motion
2015-05-13 10:46:51   124112   ----a-w-   C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:46:51   102608   ----a-w-   C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 08:42:54   328704   ----a-w-   C:\Windows\System32\services.exe
2015-05-13 08:41:58   2543104   ----a-w-   C:\Windows\System32\wpdshext.dll
2015-05-13 08:41:58   2311168   ----a-w-   C:\Windows\SysWow64\wpdshext.dll
2015-05-13 08:41:58   1195008   ----a-w-   C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
2015-05-13 08:41:55   142336   ----a-w-   C:\Windows\System32\poqexec.exe
2015-05-13 08:41:55   123904   ----a-w-   C:\Windows\SysWow64\poqexec.exe
2015-05-13 08:41:53   72192   ----a-w-   C:\Windows\System32\aelupsvc.dll
2015-05-13 08:41:53   6656   ----a-w-   C:\Windows\System32\shimeng.dll
2015-05-13 08:41:53   5120   ----a-w-   C:\Windows\SysWow64\shimeng.dll
2015-05-13 08:41:53   342016   ----a-w-   C:\Windows\System32\apphelp.dll
2015-05-13 08:41:53   295936   ----a-w-   C:\Windows\SysWow64\apphelp.dll
2015-05-13 08:41:53   23552   ----a-w-   C:\Windows\System32\sdbinst.exe
2015-05-13 08:41:53   20992   ----a-w-   C:\Windows\SysWow64\sdbinst.exe
2015-05-11 08:45:03   --------   d-----w-   C:\Program Files\Adblock Plus for IE
2015-05-04 07:18:38   --------   d-----w-   C:\ProgramData\IsolatedStorage
2015-05-02 08:34:54   --------   d-----w-   C:\Users\Andrew Stucken\AppData\Local\AVG Web TuneUp
2015-05-02 08:34:31   --------   d-----w-   C:\ProgramData\AVG Secure Search
2015-05-02 08:34:29   --------   d-----w-   C:\Program Files (x86)\Common Files\AVG Secure Search
2015-05-02 08:34:19   --------   d-----w-   C:\ProgramData\AVG Web TuneUp
2015-05-02 08:34:18   --------   d-----w-   C:\Program Files (x86)\AVG Web TuneUp
2015-04-29 16:33:21   --------   d-----w-   C:\extensions
2015-04-26 11:28:06   --------   d-----w-   C:\xampp
2015-04-25 14:53:11   --------   d-----w-   C:\ProgramData\Avira
2015-04-25 14:53:11   --------   d-----w-   C:\Program Files (x86)\Avira
.
==================== Find3M  ====================
.
2015-05-18 07:56:47   136408   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-05-06 14:21:46   535576   ----a-w-   C:\Windows\System32\drivers\RapportKE64.sys
2015-05-05 01:29:39   342016   ----a-w-   C:\Windows\System32\schannel.dll
2015-05-05 01:12:49   248832   ----a-w-   C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36   5569984   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35   155584   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21   1728960   ----a-w-   C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57   47104   ----a-w-   C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57   404992   ----a-w-   C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53   112640   ----a-w-   C:\Windows\System32\smss.exe
2015-04-27 19:22:47   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46   43008   ----a-w-   C:\Windows\System32\relog.exe
2015-04-27 19:22:35   31232   ----a-w-   C:\Windows\System32\lsass.exe
2015-04-27 19:22:34   104448   ----a-w-   C:\Windows\System32\logman.exe
2015-04-27 19:22:26   19456   ----a-w-   C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08   338432   ----a-w-   C:\Windows\System32\conhost.exe
2015-04-27 19:21:37   64000   ----a-w-   C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37   60416   ----a-w-   C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25   146432   ----a-w-   C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55   3934144   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54   3989440   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02   1310744   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40   172032   ----a-w-   C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35   65536   ----a-w-   C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34   635392   ----a-w-   C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29   92160   ----a-w-   C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17   221184   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11   259584   ----a-w-   C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37   17408   ----a-w-   C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33   641536   ----a-w-   C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24   40448   ----a-w-   C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24   364544   ----a-w-   C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12   37888   ----a-w-   C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04   82944   ----a-w-   C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58   17408   ----a-w-   C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52   50176   ----a-w-   C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33   60416   ----a-w-   C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22   146432   ----a-w-   C:\Windows\SysWow64\msaudite.dll
2015-04-27 18:06:48   36864   ----a-w-   C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 17:08:08   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2015-04-21 17:07:54   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2015-04-21 16:51:08   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2015-04-21 16:50:14   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2015-04-21 16:50:12   584192   ----a-w-   C:\Windows\System32\vbscript.dll
2015-04-21 16:50:03   417792   ----a-w-   C:\Windows\System32\html.iec
2015-04-21 16:48:40   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2015-04-21 16:35:51   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-04-21 16:35:40   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2015-04-21 16:34:59   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2015-04-21 16:31:56   6025728   ----a-w-   C:\Windows\System32\jscript9.dll
2015-04-21 16:26:35   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2015-04-21 16:25:34   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2015-04-21 16:14:33   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-04-21 16:11:10   504320   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2015-04-21 16:11:07   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2015-04-21 16:10:12   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2015-04-21 16:09:57   341504   ----a-w-   C:\Windows\SysWow64\html.iec
2015-04-21 16:08:41   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2015-04-21 15:58:45   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-04-21 15:57:57   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2015-04-21 15:47:04   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2015-04-21 15:46:50   2125824   ----a-w-   C:\Windows\System32\inetcpl.cpl
2015-04-21 15:43:28   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-04-21 15:31:13   4305920   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2015-04-21 15:27:25   2352128   ----a-w-   C:\Windows\System32\wininet.dll
2015-04-21 15:25:45   2052608   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 15:24:48   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2015-04-21 15:02:00   1882112   ----a-w-   C:\Windows\SysWow64\wininet.dll
2015-04-20 03:17:07   1647104   ----a-w-   C:\Windows\System32\DWrite.dll
2015-04-20 03:17:07   1179136   ----a-w-   C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29   1250816   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23   3204608   ----a-w-   C:\Windows\System32\win32k.sys
2015-04-18 03:10:57   460800   ----a-w-   C:\Windows\System32\certcli.dll
2015-04-18 02:56:57   342016   ----a-w-   C:\Windows\SysWow64\certcli.dll
2015-04-15 12:06:02   256992   ----a-w-   C:\Windows\System32\drivers\avgldx64.sys
2015-04-14 17:30:22   778416   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-14 17:30:22   142512   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 08:37:56   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2015-04-14 08:37:46   107736   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2015-04-14 08:37:42   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2015-04-14 02:38:52   1217192   ----a-w-   C:\Windows\SysWow64\FM20.DLL
2015-04-09 13:11:14   284128   ----a-w-   C:\Windows\System32\drivers\avgidsdrivera.sys
2015-04-08 03:29:07   275456   ----a-w-   C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07   24576   ----a-w-   C:\Windows\System32\jnwmon.dll
.
============= FINISH:  9:55:03.86 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25/01/2013 15:10:55
System Uptime: 18/05/2015 08:49:07 (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | P8H77-I
Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz | LGA1155 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 729.21 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1863 GiB total, 153.962 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
ABBYY ScanTo Office 1.0
Adblock Plus for IE (32-bit and 64-bit)
Adobe AIR
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader X (10.1.4)
Adobe Refresh Manager
Adobe Shockwave Player 12.1
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
AudibleManager
AVG 2015
AVG Web TuneUp
Avira
BECKLex
BECKLex Dietl Lorenz
BlackBerry 10 Desktop Software
BlackBerry Blend
BlackBerry Communication Drivers
BlackBerry Device Drivers
BlackBerry Link
BlackBerry Link Remover
Bonjour
BuddyBackup
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CPUID CPU-Z 1.71.1
D3DX10
Definition Update for Microsoft Office 2010 (KB3015642) 32-Bit Edition
DiagramStudio 5.7
Dolphin Orpheus
Dolphin Remote Support
Dolphin SuperNova Access Suite 13.59
Dolphin Synthesiser Access Manager
Dragon NaturallySpeaking 12
DriverUpdate
DVD Shrink 3.2
e-Dictionaries
Epson Connect Guide
Epson Connect Printer Setup
Epson E-Web Print
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
Epson FAX Utility
Epson Network Guide XP-800 Series
Epson PC-FAX Driver
Epson Print CD
EPSON Printer Finder
EPSON Scan
Epson User's Guide XP-800 Series
EPSON XP-800 Series Printer Uninstall
EpsonNet Print
Ernst Deutsch-Englisch
FairStars CD Ripper 1.80
FileZilla Client 3.8.1
FlashPlayer
Foxit Reader
Futuremark SystemInfo
GFI BackUp Freeware
GIMP 2.8.14
GIMP Packages
Google Chrome
Google Desktop
Google Drive
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Image Converter
Image Editor Packages
ImgBurn
Iminent
InfraRecorder
Intel(R) Management Engine Components
Intel(R) Network Connections 17.3.63.0
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 8 Update 40
Java Auto Updater
Junk Mail filter update
LastPass (uninstall only)
lookinglink
MailStore Home 8.2.1.10082
MakeMKV v1.8.14
Malwarebytes Anti-Malware version 2.1.6.1022
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office Home and Student 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Language Pack 2010 - German/Deutsch
Microsoft Office O MUI (German) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Office X MUI (German) 2010
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Works 4.5
Microsoft Works Calendar 1.0
Microsoft Works Setup Launcher
Movie Maker
Mozilla Firefox 37.0.2 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyEpson Portal
MyFreeCodec
Office-Bibliothek 4.0
Olympus Sonority
OmegaT version 3.0.8_04_Beta
OpenOffice 4.0.1
OpenOffice Beta 4.1.0
OpenOffice Packages
Photo Common
Photo Crop Editor 2.03
Photo Gallery
QuickTime 7
Ralink RT2870 Wireless LAN Card
Rapport
Readit
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Samsung Kies
Samsung Kies3
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)
Security Update for Microsoft Excel 2010 (KB2965240) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956076) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2965242) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2999412) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2920812) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2999420) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553428) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2965237) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition
Skype™ 7.0
Software Updater
SPAMfighter
Spotify
StumbleUpon IE Toolbar
swMSM
Tenda Wireless LAN Card
Trusteer Endpoint Protection
Update for Microsoft Access 2010 (KB2837601) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2956084) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2881026) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956141) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965291) 32-Bit Edition
Update for Microsoft Office 2010 (KB2965301) 32-Bit Edition
Update for Microsoft Office 2010 (KB2999439) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956205) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2965295) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB3015585) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2965292) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2881021) 32-Bit Edition
VisionAid International English Vocalizer Voice Pack
VisionAid International German Vocalizer Voice Pack
Visual Studio 2010 x64 Redistributables
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinX DVD Ripper 5.6.0
WinZip 17.0
Wisdom-soft ScreenHunter 6.0 Plus
Wisdom-soft ScreenHunter 6.0 Pro
XAMPP
.
==== Event Viewer Messages From Past Week ========
.
18/05/2015 08:52:03, Error: Service Control Manager [7023]  - The HP Network Devices Support service terminated with the following error:  The specified module could not be found.
18/05/2015 08:50:39, Error: Service Control Manager [7034]  - The Avira Service Host service terminated unexpectedly.  It has done this 3 time(s).
18/05/2015 08:50:24, Error: Service Control Manager [7031]  - The Avira Service Host service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
18/05/2015 08:50:10, Error: Service Control Manager [7031]  - The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
17/05/2015 20:22:53, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
17/05/2015 14:30:55, Error: volsnap [27]  - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
17/05/2015 14:23:16, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
17/05/2015 14:21:00, Error: Ntfs [137]  - The default transaction resource manager on volume \Device\HarddiskVolumeShadowCopy31 encountered a non-retryable error and could not start.  The data contains the error code.
17/05/2015 14:20:01, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f020b: SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile MTP Device.
16/05/2015 16:53:06, Error: Service Control Manager [7000]  - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
16/05/2015 16:53:01, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
14/05/2015 10:18:44, Error: Service Control Manager [7031]  - The Diagnostics Tracking Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
13/05/2015 18:51:15, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
13/05/2015 16:13:49, Error: Service Control Manager [7030]  - The RIM MDNS service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
13/05/2015 12:37:17, Error: Service Control Manager [7023]  -
13/05/2015 12:32:49, Error: Service Control Manager [7043]  - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
12/05/2015 19:14:08, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/05/2015 08:19:35, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
.
==== End Of File ===========================



« Last Edit: June 01, 2015, 03:03:41 PM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #1 on: May 18, 2015, 04:14:45 AM »
Hello Chalkie and welcome to SpywareHammer,

Continue as follows please:

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.
'Could not load DDA driver'

  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....
Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Let me see those logs in your reply....

Thank you,

Kevin...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #2 on: May 21, 2015, 02:21:33 AM »
Do you still need help?

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #3 on: May 21, 2015, 06:08:00 AM »
Hi Kevin

Thanks for your help. I have taken all the steps which you suggest.

I tried pasting the four log files into a single reply but it exceeded the character limit, so I willplace each in a separe reply, starting with MWBAM here:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/05/2015
Scan Time: 11:36:39
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.20.02
Rootkit Database: v2015.05.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Andrew Stucken

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 538449
Time Elapsed: 59 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181110}, Quarantined, [ae34a3f20c7ec076f2a58be657ae40c0],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}, Quarantined, [04debcd9a2e8a492088f2d44de2702fe],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181110}, Quarantined, [736f296c335776c05b3ce58c8a7bf709],

Registry Values: 3
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181110}|AppName, Giant Savings Extension-bg.exe, Quarantined, [ae34a3f20c7ec076f2a58be657ae40c0]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}|AppName, Supreme Savings-bg.exe, Quarantined, [04debcd9a2e8a492088f2d44de2702fe]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110211181110}|AppName, Giant Savings Extension-bg.exe, Quarantined, [736f296c335776c05b3ce58c8a7bf709]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #4 on: May 21, 2015, 06:08:58 AM »
# AdwCleaner v4.204 - Logfile created 20/05/2015 at 12:57:32
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Andrew Stucken - ANDREWSTUCKEN
# Running from : C:\Users\Andrew Stucken\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.4.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Fighters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\JustCloud
Folder Deleted : C:\Program Files (x86)\StumbleUpon
Folder Deleted : C:\Program Files (x86)\Fighters
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\SparkTrust
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Folder Deleted : C:\Users\Andrew Stucken\AppData\LocalLow\StumbleUpon
Folder Deleted : C:\Users\Andrew Stucken\AppData\Roaming\Fighters
Folder Deleted : C:\Users\Andrew Stucken\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
Folder Deleted : C:\Users\Skydrive\AppData\Roaming\Fighters
File Deleted : C:\Users\Andrew Stucken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Deleted : C:\Users\Andrew Stucken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_kazaa-lite.en.softonic.com_0.localstorage
File Deleted : C:\Users\Andrew Stucken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_kazaa-lite.en.softonic.com_0.localstorage-journal
File Deleted : C:\Users\Andrew Stucken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
File Deleted : C:\Users\Andrew Stucken\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : SparkTrust Registration3

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CommonToolkitTray]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6C6F0D45-FC86-4AD9-9F57-41C49A4F8B46}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [2]
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StumbleUpon
Key Deleted : HKCU\Software\Fighters
Key Deleted : HKLM\SOFTWARE\FlvPlayer
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\Fighters
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKU\.DEFAULT\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Packages
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\216F88E93A00F2B5494EDDCFD502D42E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B417119DEEF2AE52B41C910B4B269FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E57992E78D3ECB52A43797B178A03CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82306010F2A8A02519C2D6D1A4B48415
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF767AE36C8829547ACD71A4249A42B9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5A3D970028CA2A5C9EFA01AAB3969F7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9A2A2663AD8ED75E83332ACA3689A31
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDCBFFB76F9A2B15D9A475A10FA793A6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\526AB318AF0B8D84B9579557C9882C91
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v37.0.2 (x86 en-GB)

[05niw5ca.default-1425462641201\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v43.0.2357.65

[C:\Users\Andrew Stucken\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.safesearch.net/?utm_medium=ch&utm_campaign=52&utm_source=sm&utm_content=1&utm_term=A9E5A4D3C1ED4515
[C:\Users\Andrew Stucken\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] :

*************************

AdwCleaner[R0].txt - [22384 bytes] - [25/04/2014 10:46:05]
AdwCleaner[R1].txt - [21875 bytes] - [27/04/2014 11:17:09]
AdwCleaner[R2].txt - [23918 bytes] - [05/05/2015 18:39:38]
AdwCleaner[R3].txt - [54447 bytes] - [20/05/2015 12:50:56]
AdwCleaner[S0].txt - [22264 bytes] - [27/04/2014 11:19:53]
AdwCleaner[S1].txt - [23393 bytes] - [20/05/2015 12:57:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [23453  bytes] ##########

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #5 on: May 21, 2015, 06:11:07 AM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.5 (05.20.2015:1)
OS: Windows 7 Home Premium x64
Ran by Andrew Stucken on 20/05/2015 at 14:22:28.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] spamfighter update service
Successfully deleted: [Service] spamfighter update service
Successfully stopped: [Service] suite service
Successfully deleted: [Service] suite service



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sfagent
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3772110883-3129243704-2712842087-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update lookinglink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util lookinglink



~~~ Files

Successfully deleted: [File] C:\Users\Andrew Stucken\appdata\local\google\chrome\user data\default\local storage\http_www.cartridgesave.co.uk_0.localstorage
Successfully deleted: [File] C:\Users\Andrew Stucken\appdata\local\google\chrome\user data\default\local storage\http_www.cartridgesave.co.uk_0.localstorage-journal
Successfully deleted: [File] C:\Users\Andrew Stucken\appdata\local\google\chrome\user data\default\local storage\http_www.similarsitesearch.com_0.localstorage
Successfully deleted: [File] C:\Users\Andrew Stucken\appdata\local\google\chrome\user data\default\local storage\http_www.similarsitesearch.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Andrew Stucken\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage
Successfully deleted: [File] C:\Users\Andrew Stucken\appdata\local\google\chrome\user data\default\local storage\https_static.olark.com_0.localstorage-journal
Successfully deleted: [File] C:\users\public\desktop\driverupdate.lnk



~~~ Folders

Failed to delete: [Folder] C:\Program Files (x86)\avg web tuneup
Successfully deleted: [Folder] C:\Program Files (x86)\driverupdate
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\avg web tuneup
Successfully deleted: [Folder] C:\ProgramData\microsoft\windows\start menu\programs\driverupdate
Successfully deleted: [Folder] C:\ProgramData\slimware utilities inc
Successfully deleted: [Folder] C:\Users\Andrew Stucken\appdata\local\avg web tuneup
Successfully deleted: [Folder] C:\Users\Andrew Stucken\appdata\local\downloaded installers
Successfully deleted: [Folder] C:\Users\Andrew Stucken\appdata\local\slimware utilities inc
Successfully deleted: [Folder] C:\Users\Andrew Stucken\appdata\local\stronghold_llc
Successfully deleted: [Folder] C:\Users\Andrew Stucken\appdata\locallow\avg web tuneup



~~~ FireFox

Emptied folder: C:\Users\Andrew Stucken\AppData\Roaming\mozilla\firefox\profiles\05niw5ca.default-1425462641201\minidumps [3 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/05/2015 at 14:29:01.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #6 on: May 21, 2015, 06:17:43 AM »
I am attaching Addition.txt here.

The FRST log file apparently exceeds 65,000 characters so as a workaround I am attaching it also. I hope this is OK.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #7 on: May 21, 2015, 01:34:22 PM »
Thanks for those logs, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:

  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs, also let me know if there are any remaining issues or concerns...

Thanks,

Kevin...


Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #8 on: May 22, 2015, 08:20:28 AM »
Hi Kevin

I hope I did this correctly - please find pasted below the log that FRST enerated: 

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015
Ran by Andrew Stucken at 2015-05-22 14:58:00 Run:1
Running from C:\Users\Andrew Stucken\Desktop
Loaded Profiles: Andrew Stucken (Available profiles: Andrew Stucken & Skydrive & Administrator & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 HPSLPSVC; C:\Users\ANDREW~1\AppData\Local\Temp\7zS46E0\hpslpsvc64.dll [X]
S3 StumbleUponUpdateService; "C:\Program Files (x86)\StumbleUpon\StumbleUponUpdateService.exe" [X]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [X]
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
2015-04-25 15:53 - 2015-05-08 16:55 - 00000000 ____D () C:\ProgramData\Avira
2015-04-25 15:53 - 2015-05-08 16:55 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-25 15:53 - 2015-05-08 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-25 15:53 - 2015-04-25 15:53 - 00001207 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-25 15:51 - 2015-04-25 15:51 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Andrew Stucken\Downloads\avira_en_av_553ba8e905c9f__ws (1).exe
2015-04-25 15:47 - 2015-04-25 15:47 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Andrew Stucken\Downloads\avira_en_av_553ba8e905c9f__ws.exe
C:\ProgramData\a9LNjXED.dat
C:\Users\Andrew Stucken\AppData\Local\Temp\avgnt.exe
C:\Users\Andrew Stucken\AppData\Local\Temp\Execute2App.exe
C:\Users\Andrew Stucken\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Andrew Stucken\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Andrew Stucken\AppData\Local\Temp\msvcp90.dll
C:\Users\Andrew Stucken\AppData\Local\Temp\msvcr90.dll
C:\Users\Andrew Stucken\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrew Stucken\AppData\Local\Temp\scpD561.tmp.exe
C:\Users\Andrew Stucken\AppData\Local\Temp\sqlite3.dll
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_6837E9DF-C954-11E3-86E4-50465DA09796.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe
C:\Program Files (x86)\SparkTrust
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Windows\win.ini:WINDOWS
AlternateDataStreams: C:\Windows\system32\desktop.ini:WIN64
AlternateDataStreams: C:\ProgramData\jLUiWq.theme:NTOSCHK
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:D346F792
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Emptytemp:
End
*****************

"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
HPSLPSVC => Service Removed successfully
StumbleUponUpdateService => Service Removed successfully
WtuSystemSupport => Service Removed successfully
ALSysIO => Service Removed successfully
cpuz135 => Service Removed successfully
dgderdrv => Service Removed successfully
esgiguard => Service Removed successfully
Avira.OE.ServiceHost => Service Removed successfully
C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe => Moved successfully.
C:\ProgramData\Avira => Moved successfully.

"C:\Program Files (x86)\Avira" folder move:

Could not move "C:\Program Files (x86)\Avira" folder => Scheduled to move on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira => Moved successfully.
C:\Users\Public\Desktop\Avira.lnk => Moved successfully.
C:\Users\Andrew Stucken\Downloads\avira_en_av_553ba8e905c9f__ws (1).exe => Moved successfully.
C:\Users\Andrew Stucken\Downloads\avira_en_av_553ba8e905c9f__ws.exe => Moved successfully.
C:\ProgramData\a9LNjXED.dat => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\avgnt.exe => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\Execute2App.exe => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\jre-8u40-windows-au.exe => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\jre-8u45-windows-au.exe => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\msvcp90.dll => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\msvcr90.dll => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\scpD561.tmp.exe => Moved successfully.
C:\Users\Andrew Stucken\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_6837E9DF-C954-11E3-86E4-50465DA09796.job => Moved successfully.
"C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe" => File/Folder not found.
"C:\Program Files (x86)\SparkTrust" => File/Folder not found.
C:\Windows => ":nlsPreferences" ADS Removed successfully.
C:\Windows\win.ini => ":WINDOWS" ADS Removed successfully.
C:\Windows\system32\desktop.ini => ":WIN64" ADS Removed successfully.
C:\ProgramData\jLUiWq.theme => ":NTOSCHK" ADS Removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS Removed successfully.
C:\ProgramData\TEMP => ":7FFED16F" ADS Removed successfully.
C:\ProgramData\TEMP => ":D346F792" ADS Removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS Removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-22 15:18:38)<=

==> ATTENTION: System is not rebooted.
"C:\Program Files (x86)\Avira" => Could not move

==== End of Fixlog 15:18:40 ====

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #9 on: May 22, 2015, 09:36:37 AM »
Thanks for the log, post other logs when ready. Also let me know if any remaining issues or concerns..

Thanks,

Kevin...

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #10 on: May 24, 2015, 04:02:47 AM »
Hi Kevin

I ran the online scanner yesterday but overlooked the complication of my eternal hard disk's automatic daily backup (GFI free) which stalled the scan 75% of the way through.

I reckon the simplest step here is to format the external drive - which is obviously infected too - and disconnect it while I sort out the infection son the C: drive.

And then run the online scanner again.

What do you think?

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #11 on: May 24, 2015, 02:29:19 PM »
Yes to disconnect the Hard drive, do not format yet.... That can be scanned later for infection. Continue with the online scan...

Thanks,

Kevin....

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #12 on: May 26, 2015, 01:52:32 AM »
Hi Kevin

I have disconnected the external hard drive and run the online scanner.

I have looked for the log file (the exact file path is C:\Program Files\ESET\ESETNOD32 AntiVirus) but I cannot see any obvious log file in there - what exactly should the file be called?

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #13 on: May 26, 2015, 02:29:45 AM »
Logs usually saved here:

"C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

Before reconnecting the ext hard drive install the following: http://www.mcshield.net/ MCShiels is free and will scan any external device when connected....

Let me see the log from ESET, also give an update on any remaining issues or concerns...

Thanks,

Kevin....

Offline Chalkie

  • Bronze Member
  • Posts: 76
Re: [Resolved - K] Malware infections stopping spyware form working?
« Reply #14 on: May 26, 2015, 03:03:19 AM »
Hi Kevin

MY apologies,i was looking in the wrong place. Shall I reconnect and scan the external drive now?

Here is the log menwhile:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=
# engine=23984
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-23 07:59:50
# local_time=2015-05-23 08:59:50 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10310646 184876240 0 0
# scanned=456874
# found=84
# cleaned=0
# scan_time=34883
sh=0ED4B9FCCE9A375DDF372F3368DF2C541215BBBE ft=1 fh=c71c00118bf034d2 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\Uninstall.exe.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0D99BE4B-B6B8-46F6-954E-43F4E309E06A.data"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1B46AE38-0110-46A6-B1CB-55055F88F3E4.data"
sh=F98CFF47A9866B20AE35B54676C9AE6205EA9092 ft=1 fh=8ff09098caced262 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2F334E02-A066-44C9-AEBC-FF90C7610DDC.data"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\449BDFFA-DB25-430A-8205-673012A45E9C.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\62EBAD83-BA3F-43F2-83BD-C8C5A6BFDFCD.data"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\76B77A70-EF26-48C8-917D-74D83152487D.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A80FC34-CE6E-4F22-AE6F-19A980A44729.data"
sh=63D8A233223061D42538AD5F8A1552A86C0420CA ft=1 fh=0b75d8cb754ba137 vn="multiple threats" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7AE66787-456F-4A94-B27D-78E792A21265.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C581AF1-E674-4D0A-A756-A4B303F9959B.data"
sh=872918BB02B724FF42CF3239649BBE399F06BB7A ft=1 fh=b94ff4533a0bbc0d vn="a variant of Win32/bProtector.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8E5219FA-D1BE-40FA-AA46-5DC5602A1C30.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\985D6919-C257-410A-9791-43E5A790BF62.data"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A126B32C-DB0A-48AD-BF7E-4C6498B990D6.data"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A7DD3694-FA47-47F5-B4FF-7C31724F8849.data"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A87E1368-3160-4303-9A75-B745C0C14F2A.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D4160BC2-04D9-43AB-AD1D-FC1CD4BC4FF0.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FF70E1E5-34D5-4254-999F-4123FE74DFF3.data"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=56911BA04365C06368461AF8DCADCEFA94E127D6 ft=1 fh=2e9c8e48fae5b893 vn="a variant of Win32/SmartInline.A potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\ii-download.com\ii-download.com\prerequisites\SmartInline\smartinline.exe"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\Mozilla\Firefox\Profiles\Andrew Stucken\AppData\Roaming\Mozilla\Profiles\433yq68c.Andrew Stukken\extensions\ffxtlbr@delta.com\uninstall.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-Photo_Crop_Editor-ORG-10536710.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246(1).exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi183-Infix_PDF_Editor-ORG-10391701.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi188-ZapGrab-ORG-75329767.exe"
sh=7E3775D2F7676449670C4E0DE78332FFCF54D9A8 ft=1 fh=748eca0038f890e5 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\FlashPlayer_V.51453454b.exe.part"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim(1).exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim.exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(1).exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(2).exe"
sh=83989CC14765D52D0ED271CE957308EE8D32FAB4 ft=1 fh=931f16acb365e0a6 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170.exe"
sh=0E8849B5BEBC329AD29F3BD052B02D0368CD269B ft=1 fh=42c65c8862f6f1e1 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\zipper_V.6685996.exe"
sh=1A43F9C0CF7AA6D4D52C1C6DAB494311246C6F51 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\edf7e1.msi"
sh=44902DFC96A8D337ED3853198B75E42B34899FAB ft=1 fh=29775c310e88ad96 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI1C.tmp"
sh=61B3FDF2953CA49F770A6A209B2EE80893204FFA ft=1 fh=4283fe3a030c4bea vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI7B09.tmp"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=1705DF90990509BF38CB43E3E850AF3B7FADE6E6 ft=0 fh=0000000000000000 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 1.zip"
sh=1536E88BC2FD7E89AE3B54A80A755CFD36AB381D ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 147.zip"
sh=88981141ABCA6BF74DD8F658696C99CACBBE9990 ft=0 fh=0000000000000000 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 148.zip"
sh=4AF7BB322C077A3B80052155CA69F569585A305F ft=0 fh=0000000000000000 vn="a variant of Win32/SoftPulse.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 149.zip"
sh=5EDE8AEF331A4F004B4758F11D2C2771459838D5 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.G potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 150.zip"
sh=7A6A342439F38EB22C17EA24DF6C135DB84FC50C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 263.zip"
sh=3AE4F73C0716B0D15CD18571C17E2E6D01DFDB09 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-29 133112\Backup files 80.zip"
sh=9228ADEB9C007AE858A8FB70AFE58738A6AC0289 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-30 110010\Backup files 1.zip"
sh=CFB112BE9CC974D8081F171F6BAB21A076517D29 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2014-12-29 133112\Backup Files 2014-12-31 110001\Backup files 1.zip"
sh=1FC78E54F77880657A9739F58CB57A34451EFA37 ft=0 fh=0000000000000000 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-01 110001\Backup files 1.zip"
sh=84AC550F190231405641E113B4D21C4ED2449C73 ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 172.zip"
sh=B8A209D3BBC9080907BB190618681FE035AFB3DF ft=0 fh=0000000000000000 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 173.zip"
sh=9E18BC69077F5C027CE736C1426DC9A8E6FDA24A ft=0 fh=0000000000000000 vn="a variant of Win32/SoftPulse.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 174.zip"
sh=AA02D5A12F11DA46BF6B5000840A941F9A032E3C ft=0 fh=0000000000000000 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 175.zip"
sh=3F03C2DE0A5C93CB9D34BE2B7875812B0D5148D9 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 299.zip"
sh=2CAAC5F862534A4C70B507CA6CCC48D73A3D87B7 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-02 110001\Backup files 69.zip"
sh=E460A376AC2E29E2E7E91A4B2CDB1E230149F649 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-03 110001\Backup files 1.zip"
sh=E3AAA1D295A8453BCC930960E2279143E589A379 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-04 161731\Backup files 1.zip"
sh=F0E4613E8BCCD5149535F18DE05068AD5F1A21AD ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-05 110002\Backup files 1.zip"
sh=F9441B19DFF187C78FF210B07BC1C6E61DA6BE97 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-06 110002\Backup files 1.zip"
sh=125A45B8BA482897791653EC7A07C5C433B4ECF2 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-07 110002\Backup files 1.zip"
sh=161E4BE9E9EFD86D754D4E7ED79024A88466755E ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-08 110001\Backup files 1.zip"
sh=109E9935DDFDF9CBF779BBAFF56FC6FC5158C3C1 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-10 110003\Backup files 1.zip"
sh=023C94095D252841BB824B49B09F9CD59E9F2B6F ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-11 110005\Backup files 1.zip"
sh=963E0853E2A8F06227D6854DDFEDAC773AB3F3B8 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-12 110003\Backup files 1.zip"
sh=357FA2C6D57D2D06F7E30D3D07847CBF02AF56B9 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-13 110002\Backup files 1.zip"
sh=D8153EC65BB0D22F2BB8160ECC0EA85C53D1994B ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-14 110001\Backup files 1.zip"
sh=D7AB5A49DC6A6A56B27F81F85030B28E9D7C420C ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-15 110001\Backup files 1.zip"
sh=68B31BAD463692E7212B449C3EF6853EA6D30C05 ft=0 fh=0000000000000000 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-01 110001\Backup Files 2015-01-17 110001\Backup files 1.zip"
sh=22120D336AFEE24AE5276E6E46B7A57897AFC728 ft=0 fh=0000000000000000 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-18 094457\Backup Files 2015-01-18 094457\Backup files 1.zip"
sh=6981BB92F5530AEB59A1A8CA43A1FB629FE6EE6D ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-18 094457\Backup Files 2015-01-19 110003\Backup files 171.zip"
sh=15548EE8ED901165A38EF692FF505A430C9D49C9 ft=0 fh=0000000000000000 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="E:\ANDREWSTUCKEN\Backup Set 2015-01-18 094457\Backup Files 2015-01-19 110003\Backup files 172.zip"
# product=EOS
# version=8
# iexplore.exe=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=
# engine=24014
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-25 08:03:28
# local_time=2015-05-25 09:03:28 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 10483664 185049258 0 0
# scanned=456926
# found=53
# cleaned=0
# scan_time=11440
sh=0ED4B9FCCE9A375DDF372F3368DF2C541215BBBE ft=1 fh=c71c00118bf034d2 vn="Win32/AirAdInstaller.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Software Updater\Uninstall.exe.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe.vir"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Skydrive\AppData\Roaming\Fighters\Tray\Updates\TKTRAY-DM\DM.exe.vir"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0D99BE4B-B6B8-46F6-954E-43F4E309E06A.data"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\1B46AE38-0110-46A6-B1CB-55055F88F3E4.data"
sh=F98CFF47A9866B20AE35B54676C9AE6205EA9092 ft=1 fh=8ff09098caced262 vn="Win32/Packed.ScrambleWrapper.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\2F334E02-A066-44C9-AEBC-FF90C7610DDC.data"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\449BDFFA-DB25-430A-8205-673012A45E9C.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\62EBAD83-BA3F-43F2-83BD-C8C5A6BFDFCD.data"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\76B77A70-EF26-48C8-917D-74D83152487D.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7A80FC34-CE6E-4F22-AE6F-19A980A44729.data"
sh=63D8A233223061D42538AD5F8A1552A86C0420CA ft=1 fh=0b75d8cb754ba137 vn="multiple threats" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\7AE66787-456F-4A94-B27D-78E792A21265.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8C581AF1-E674-4D0A-A756-A4B303F9959B.data"
sh=872918BB02B724FF42CF3239649BBE399F06BB7A ft=1 fh=b94ff4533a0bbc0d vn="a variant of Win32/bProtector.A potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\8E5219FA-D1BE-40FA-AA46-5DC5602A1C30.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\985D6919-C257-410A-9791-43E5A790BF62.data"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A126B32C-DB0A-48AD-BF7E-4C6498B990D6.data"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A7DD3694-FA47-47F5-B4FF-7C31724F8849.data"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A87E1368-3160-4303-9A75-B745C0C14F2A.data"
sh=A162B71CC53FE98776FD6F1336FFFAA201777F18 ft=1 fh=1b5a6455fb2a1ee5 vn="a variant of Win32/InstallCore.BH potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\D4160BC2-04D9-43AB-AD1D-FC1CD4BC4FF0.data"
sh=E8627A94D0E61D52AC1B699CB7CD5386BC188AC0 ft=1 fh=1baca7d68471de9e vn="a variant of Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FF70E1E5-34D5-4254-999F-4123FE74DFF3.data"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=16B519EE1642AB71302CF80521A1F2840B1DC142 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip"
sh=06AEEE97A8E40D82E97A0945E61C9EF1C0E7DDE7 ft=1 fh=8c61c410b53542e1 vn="a variant of Win32/SlowPCfighter.A potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\Fighters\Tray\AutoInstall\DM.exe"
sh=56911BA04365C06368461AF8DCADCEFA94E127D6 ft=1 fh=2e9c8e48fae5b893 vn="a variant of Win32/SmartInline.A potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\ii-download.com\ii-download.com\prerequisites\SmartInline\smartinline.exe"
sh=F66F477B53B39DF2C2C561D4AF1C7C8F87C89046 ft=1 fh=d0f38e5e390c9502 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\AppData\Roaming\Mozilla\Firefox\Profiles\Andrew Stucken\AppData\Roaming\Mozilla\Profiles\433yq68c.Andrew Stukken\extensions\ffxtlbr@delta.com\uninstall.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-Photo_Crop_Editor-ORG-10536710.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246(1).exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi176-ScreenHunter_Free-ORG-10063246.exe"
sh=23B050563A81A1C57DABA7805B1E3E6B4C874F2B ft=1 fh=b4fe666c57930953 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi183-Infix_PDF_Editor-ORG-10391701.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\cbsidlm-cbsi188-ZapGrab-ORG-75329767.exe"
sh=7E3775D2F7676449670C4E0DE78332FFCF54D9A8 ft=1 fh=748eca0038f890e5 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\FlashPlayer_V.51453454b.exe.part"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim(1).exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Andrew Stucken\Downloads\Shockwave_Installer_Slim.exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(1).exe"
sh=CC3B0F691E7C2DBF420AA63B42AD5272AE58781E ft=1 fh=0072ff3393d764dd vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170(2).exe"
sh=83989CC14765D52D0ED271CE957308EE8D32FAB4 ft=1 fh=931f16acb365e0a6 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\WinZip170.exe"
sh=0E8849B5BEBC329AD29F3BD052B02D0368CD269B ft=1 fh=42c65c8862f6f1e1 vn="Win32/DomaIQ.C potentially unwanted application" ac=I fn="C:\Users\Andrew Stucken\Downloads\zipper_V.6685996.exe"
sh=1A43F9C0CF7AA6D4D52C1C6DAB494311246C6F51 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\edf7e1.msi"
sh=44902DFC96A8D337ED3853198B75E42B34899FAB ft=1 fh=29775c310e88ad96 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI1C.tmp"
sh=61B3FDF2953CA49F770A6A209B2EE80893204FFA ft=1 fh=4283fe3a030c4bea vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\MSI7B09.tmp"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"
sh=E59194FD68C8FD20DD6082F63274E8771AE6A2E6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-SPE[1].7z"