Jump to content

Search the Community

Showing results for tags 'log'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, I had overheating problems in my windows 10 laptop for about a week. I updated my bios and upon restarting, a window popped-up, with a certain WINRMSRV asking for permission through my firewall. I got suspicious and i run a malware scan with malwarebytes, who found 31 menaces and currently 27 are quarantined. Windows firewall and windows security are not working right now (I didn't realize they had been disabled, I see a blank page when opening windows security) , as well as AdobeReader, which I now uninstalled. I would like to know if I can delete these files from quarantine and how can I restore the applications that are not working right now: what happens if I delete the quarantined menaces, given some of them are under system32 folder? I can upload the findings log if is needed Thank you to whomever helps.
  2. Mohave 10.14.6 Macbook Pro 2018 Cloud Malwarebytes Customer steady flow of console logging on a MacBook host of this sort: error 13:20:28.570043 -0500 kernel Sandbox: RTProtectionDaem(108) System Policy: deny(1) file-read-data /Users/admin/Library/Messages error 13:20:28.570237 -0500 kernel Sandbox: RTProtectionDaem(108) System Policy: deny(1) file-read-data /Users/admin/Library/HomeKit error 13:20:28.571947 -0500 kernel Sandbox: RTProtectionDaem(108) System Policy: deny(1) file-read-data /Users/admin/Library/Mail error 13:20:28.585037 -0500 kernel Sandbox: RTProtectionDaem(108) System Policy: deny(1) file-read-data /Users/admin/Library/Safari error 13:20:28.586034 -0500 kernel Sandbox: RTProtectionDaem(108) System Policy: deny(1) file-read-data /Users/admin/Library/Suggestions There was a post about this in the home version, however the protection daemon is a different bundle for the business version (at least from what I can find) so the advice there in the Home version didn't help me to locate the "RTProtectionDaem" Resolution: I dragged... "Macintosh HD⁩ ▸ ⁨Library⁩ ▸ ⁨Application Support⁩ ▸ ⁨Malwarebytes⁩ ▸ ⁨NCEP⁩ ▸ ⁨Engine.bundle⁩ ▸ ⁨Contents⁩ ▸ ⁨PlugIns ▸ ⁨⁩Malwarebytes Protection" ...into the System Preferences control panel for Security Privacy tab location Full Disk Access. I'm wondering if I was on track with this approach. It appears to have stopped the logging, but now Im seeing Safari complaining (maybe unrelated) error 13:37:22.995343 -0500 Safari kill() returned unexpected error 1 error 13:37:23.002972 -0500 Safari kill() returned unexpected error 1 error 13:37:23.011062 -0500 Safari kill() returned unexpected error 1
  3. Hello, I had issues with my Malwarebytes updating. The error windows that pops up with, "An error has occurred." I uninstalled Malwarebytes and deleted the Malwarebytes folder under Programs. I downloaded and installed the mb.support tool and clicked "clean". After my my computer rebooted, I accepted the re-install for Malwarebytes. The install fails and the error windows that pops up with, "An error has occurred." and "Malwarebytes for Windows installation was aborted." I don't have a license, I use the free version for my pc. I have extracted and attached the logs. Please review the attached file and get back to me, thank you for your support. mbst-grab-results.zip
  4. Hi everyone, good Night! Due to the fact that Malwarebytes does not remove viruses completely, I have used other tools to assist in the analysis and complete removal of viruses that still exist. I ask the help of the analysts on duty, where below the logs generated for analysis and disinfection of the system. The logs shown in the link below by malwarebytes indicate viruses in browsers, where they open malicious pages. https://www.cjoint.com/c/IBbxTmaeTHM Obs: A infecção ainda continua Can you help me solve this problem?Is it possible to be a false positive of ZHPCleaner?Follow logsZHP Cleaner: https://www.cjoint.com/c/IBbs6YnsfDMZHP Diag : https://www.cjoint.com/c/IBbtA6AHGfMFarbar Recovery Scan Tool / FRST : https://www.cjoint.com/c/IBbtXGo4TwMFarbar Recovery Scan Tool / Addition : https://www.cjoint.com/c/IBbtZqGTppMFarbar Recovery Scan Tool / Shortcut : https://www.cjoint.com/c/IBbt0t45p8M Hijack This 2.0.5 Beta Log: https://www.cjoint.com/data/IBbt3yHmIpM_hijackthis.log I thank you for your attentionSerial.com
  5. I found trackerLog.txt file in documents folder this file contain this text 2018-07-01 12:19:28: reciver boot reciver,the mobile will power on 2018-07-01 12:19:28: BksService has onCreate 2018-07-01 12:19:28: PollingService has onCreate 2018-07-01 12:44:56: reciver shoudown brocast,the mobile will power off 2018-07-01 13:35:35: reciver boot reciver,the mobile will power on 2018-07-01 13:35:36: BksService has onCreate 2018-07-01 13:35:36: PollingService has onCreate when I delete this file it appears later by itself. file found on "Alcatel Shine Lite 5080x" phone. is this file part of the virus?
  6. I installed Premium last week and two scans have run. The first one took about an hour 40 mins (1:39:27) and scanned 520,805 objects - per the log report. Tonight the scan ran again but took 3:21:52 while also reportin 520,805 scanned objects. I didn't use the PC during tonight's scan but when I looked in on the progress at one point the app was reporting well into 900,000 objects scanned. Can anyone explain the discrepancy in the 900,000 vs the reported 520,805? And, why tonight's scan took almost two hours longer? (The first scan I *don't think* I was using the PC either - but maybe it went to sleep overnight?) Thanks in advance!
  7. Hey all, We configured our syslog settings to forward logs to our logging server. It appears to only sort of be working. We'll get a detection at 2:08AM, but they aren't forwarding to our logging server until a few hours later. And we're noticing sometimes nothing gets forwarded. Is there any better documentation outside of the "just put your syslog server settings here" that is in the Management Console? Or any hints or tips on how to make this work better?
  8. Where are the logs for MBAM for Mac stored? (the file path/directly location)
  9. Hello, The log file shows "Protection: Disabled". The admin console listed this PC is protected with no errors. What Protection: Disabled is or means? Management Console v 1.5.2701 Malwarebytes Anti-Malware (MEE) 1.75.0.1300 www.malwarebytes.org Database version: v2017.08.04.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18697 XXXXX :: XXXXX [administrator] Protection: Disabled 8/08/2017 10:28:50 AM mbam-log-2017-08-08 (10-28-50).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Registry | File System | PUP | PUM | P2P Objects scanned: 321419 Time elapsed: 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) C:\Users\XXXXXXXX\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs Thank you in advance.
  10. I have this trojan called Imminent it won't leave my system it comes back everyday! It hijacks firefox's logs and won't leave please help! here is a log from the scan, The file is usually about 30 bytes for some reason but it wont go away! Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/10/2016 Scan Time: 3:15 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.10.07 Rootkit Database: v2016.09.26.02 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: avfor Scan Type: Threat Scan Result: Completed Objects Scanned: 418507 Time Elapsed: 17 min, 26 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 1 Trojan.StolenData, C:\Users\avfor\AppData\Roaming\Imminent\Logs, Quarantined, [f49b2077495190a6dd4a458bd3309769], Files: 3 Trojan.Agent.Trace, C:\Users\avfor\AppData\Roaming\Imminent\Path.dat, Quarantined, [a1eea1f6732712246c7b378eca39f50b], Trojan.StolenData, C:\Users\avfor\AppData\Roaming\Imminent\Logs\09-10-2016, Quarantined, [f49b2077495190a6dd4a458bd3309769], Trojan.StolenData, C:\Users\avfor\AppData\Roaming\Imminent\Logs\10-10-2016, Quarantined, [f49b2077495190a6dd4a458bd3309769], Physical Sectors: 0 (No malicious items detected) (end)
  11. Hi, Im wondering if there are any registry entries, that shouldnt be removed. (File as attachment) Note: Its okay fo rme that it deletes unnecceary parts of AVG. Greetings and thank you already! AdwCleaner[S1].txt
  12. Right now my company is using the corporate edition of Malwarebytes Anti-Malware version 1.80.1.1011. I have been wanting to write a script to process the log files, right now the log files are in a text file format. I see in the consumer version 2.0 they changed the log file format from text file to an XML file format. I would like to pursue making a script to process text files on the corporate edition, but need to know if Malwarebytes plans on sticking to the text file format, or is there a planned change in a near future version to switch to the XML format? Any input would be much appreciated, thanks.
  13. This is my log. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/23/2015Scan Time: 5:20 PMLogfile: d.txtAdministrator: Yes Version: 2.2.0.1024Malware Database: v2015.11.23.09Rootkit Database: v2015.11.23.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 10CPU: x64File System: NTFSUser: Bryce Scan Type: Threat ScanResult: CompletedObjects Scanned: 348568Time Elapsed: 10 min, 37 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 21PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, , [3f36f988018a8da9f3c5ff8fcb381be5], PUP.Optional.Spigot, HKU\S-1-5-21-1355267718-3768092833-4180230419-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A8CC9878-F4D9-424D-A521-24870AFC3C97}, , [8ee7bfc28ffc4de9522b940a3ac92ed2], Registry Values: 1PUP.Optional.Spigot, HKU\S-1-5-21-1355267718-3768092833-4180230419-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{A8CC9878-F4D9-424D-A521-24870AFC3C97}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms},, [8ee7bfc28ffc4de9522b940a3ac92ed2] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 6PUP.Optional.Spigot, C:\Users\Bryce\AppData\Local\Temp\offer-63F74DA8-63A0-4788-AEEE-A0D5658600EA.exe, , [84f13b46cac19e9822ea0f76699ba957], PUP.Optional.OpenCandy, C:\Users\Bryce\AppData\Local\Temp\HYDE82B.tmp.1447297453\HTA\install.1447297453.zip, , [92e3136e5b3081b583fc3dc22fd210f0], PUP.Optional.OpenCandy, C:\Users\Bryce\AppData\Local\Temp\HYDE82B.tmp.1447297453\HTA\3rdparty\OCComSDK.dll, , [9ed75f22454681b56e11659ae51c7090], PUP.Optional.PCMechanic, C:\Users\Bryce\AppData\Local\Temp\is-HDH37.tmp\pm-standalone-setup.exe, , [690c285990fbf83e8ba8e93060a131cf], PUP.Optional.PCMechanic, C:\Users\Bryce\Downloads\pcmechanicpm.exe, , [98dd4140a6e5c5713af9d74240c1a858], PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, , [adc8b1d0fd8ea096ddd91f6f71929769], Physical Sectors: 0(No malicious items detected) (end)
  14. # AdwCleaner v5.016 - Creato file registro eventi 01/11/2015 in 23:50:53 # Aggiornato 01/11/2015 da Xplode # Database : 2015-11-01.2 [server] # Sistema operativo : Windows 7 Home Premium Service Pack 1 (x86) # Nome utente : Gakutenou - FROSTIE # In esecuzione da : C:\Documents\Downloads\adwcleaner_5.016.exe # Opzione : Analisi # Supporto : http://toolslib.net/forum ***** [ Servizi ] ***** ***** [ Cartelle ] ***** ***** [ File ] ***** ***** [ DLLs ] ***** ***** [ Collegamenti ] ***** ***** [ Attività pianificate ] ***** ***** [ Registry ] ***** Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04F3C4CF-8DCD-4D80-92B5-6A016E316869} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07202B0D-149C-4568-90DF-ACC2B4057809} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0722A2AC-4CF8-4310-AFEE-F87AA9BE10AA} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F09AFE-75AD-4E52-AB43-E09E9351CE17} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13B58989-8D66-4F69-922F-B608C38397C1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1631550F-191D-4826-B069-D9439253D926} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{19BA983C-1D6E-4373-8675-C4371D0440AA} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A1B64F9-2033-49BF-A3B9-0FE0F1953BDC} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A6DC111-B030-4C3E-BE65-299284128B91} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E905554-CF1D-4C5B-9085-A74F8E76A042} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1ED65C88-1259-484B-A9FA-6731E0D15743} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{291A109C-1B6A-4E04-8538-DF15E9F599C3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D891923-34B7-4186-9B47-752624535DC1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3475D2C4-BBD1-4255-A70D-4125A4D30956} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{397CFDD8-762F-44D4-9517-E3969F89639E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3A6BE320-DC9B-4D24-A6E8-621B81544F4B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3C490BF5-4244-4310-B4A7-3361F288DAC5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41069220-F72A-40EA-A8F3-BCD5E1FBC8F0} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A0BA746-D4D6-41A6-81EF-413E52B5F8D6} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AD44D3E-7316-4251-B754-9B10EC96AF92} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AE33511-8993-448C-8BA7-69E252D69207} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F383657-A595-4DF9-9AB3-FF69312BE9CC} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{547395D9-934A-CED6-B851-F238C86079E5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{558B5DEA-A789-4BDE-A83F-2046EE1F64ED} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{586D895F-13B4-4202-8C5D-F075F2505676} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59802B67-952A-45A2-A5D4-054417ED4A2C} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5BE1ED16-E6DD-4C4E-A596-6CFD5EE7C1EE} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5DE59E4B-12D4-4BF0-B3C0-B1E8730DC70B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6704E2EA-6213-4D17-BB3D-4AE9E3609536} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6D301CB8-19E8-4EA1-A648-63E43F577CD0} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E13D095-45C3-4271-9475-F3B48227DD9F} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6FACFC3D-5C5E-4A12-828F-5F9CBA84CF17} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{703740C1-0F1A-4CEC-A4DF-D78DB0158477} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{759EE566-C608-434F-A186-DDB68BB1C724} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A66EB91-F7D3-4DE2-8CA9-12C12AF3D5F2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7DA17D5A-5718-4130-A605-FC316C827836} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FF99715-3016-4381-84CE-E4E4C9673020} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8270927A-FB8B-4647-8E21-C9459BB2610D} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{82EA3E77-7BD2-4744-A8F2-670770767EC5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{84395E42-9FF9-4B85-9264-B1762D069593} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{91C1AE56-D2C9-4017-8BF1-75EA182CEB38} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{963B125B-8B21-49A2-A3A8-E37092276531} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9D717F81-9148-4F12-8568-69135F087DB0} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E09CCCC-5C2B-4E45-8BF7-401B9181BFF2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A0E8BC7D-6959-40B6-8E05-204D9768AD6E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A5877FA8-A875-41DB-AEF5-B1124CEF74B6} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A7543596-01C2-4323-B1C9-BF0FCC7833DE} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A83C3565-302C-4BF8-B000-6B6F1811D892} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB720781-0670-4E46-B82E-376AEF228F25} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ADE1FF98-B82B-4954-B447-0E513C675441} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1DF652F-3A33-4F9F-B809-59870C4E9027} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B278D9F8-0FA9-465E-9938-0C392605D8E3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B6EF6C45-5E8D-4C3B-B580-A5073261A381} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B7D3F515-9DBD-4C56-A743-89D5C0927443} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B939CF93-F2CB-443D-956C-DC523D85C9DB} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFF6582B-F558-4964-B4C7-10BFBA9B8790} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C0A13BA0-B498-46EE-8DE0-B66FEC9FB86E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C4BF6897-41A2-454B-AC3B-437F30BEA671} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBF53489-AD8D-4637-965A-413861EEC7CF} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CC01FC6C-2319-A88B-FCF7-416288B4E61A} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CD5B3EA2-522A-45B2-84A4-FCBEF03E8237} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF23C8EF-82FA-4524-9B69-952794B18314} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D281251E-9D68-4B62-B751-64DFE15FCD6A} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB536AF2-E422-402D-B7FD-887297F1A198} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2E7733E-F86C-4A47-BEF1-7A6268831EE1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2E94F8D-4323-4943-A269-2E9EF6280434} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA4AF226-01C2-442D-B204-7B55EFD072F1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4FE8DB4-7FC9-4C50-A25D-033A02D36298} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F52C6F92-7033-438F-BE30-20C87E2D9978} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9E44926-2497-46F3-8A25-928136AC079E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6439F4-B6D5-41A9-97B6-69D650D265FD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11111111-1111-1111-1111-110011431152} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE48C704-8876-4EB2-9227-6CA5382694C5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D3626E66-B13B-C628-ACDF-BDABCFA265E1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4D367733-AFF9-4943-9757-D37DAD8F33EB} ***** [ Browser web ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [14178 byte] ########## (Subsequent scans turned up clean - MBAM Chameleon and JRT scans resulted clean)
  15. Hi, please some expert would help me with this hijackthis log. My computer is slow and the task manger is showing 100% of disk usage. Logfile of HijackThis v1.99.1Scan saved at 16:59:42, on 05/08/2015Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.17840) Running processes:C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\hp touch\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exeC:\Program Files (x86)\Evernote\Evernote\Evernote.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\WINDOWS\SysWOW64\cmd.exeC:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coNatHst.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\hp touch\Downloads\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=nis&pvid=21.6.0.32R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\hp touch\AppData\LocalLow\NCH\prxtbNCH.dllF2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL (file missing)O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dllO2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: NCH - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\hp touch\AppData\LocalLow\NCH\prxtbNCH.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dllO3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Users\hp touch\AppData\LocalLow\NCH\prxtbNCH.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dllO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeO4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeO4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKCU\..\Run: [Dropbox Update] "C:\Users\hp touch\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /cO4 - Startup: Dropbox.lnk = hp touch\AppData\Roaming\Dropbox\bin\Dropbox.exeO4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeO4 - Startup: EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exeO8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200O8 - Extra context menu item: Capturar esta página - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1O8 - Extra context menu item: Capturar imagem - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4O8 - Extra context menu item: Capturar seleção - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3O8 - Extra context menu item: Capturar URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.htmlO8 - Extra context menu item: Nova nota - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlO9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htmlO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htmlO10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO11 - Options group: [iNTERNATIONAL] InternationalO13 - Gopher Prefix: O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Skype Click to Call Updater (c2cautoupdatesvc) - Unknown owner - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service (file missing)O23 - Service: Skype Click to Call PNR Service (c2cpnrsvc) - Unknown owner - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service (file missing)O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeO23 - Service: @oem19.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)O23 - Service: Norton 360 (N360) - Unknown owner - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\diMaster.dll" /prefetch:1 (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exeO23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30014 (w3logsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - %ProgramFiles%\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
  16. Hi, Today I scanned my computer and MBAM found javaws.exe and called it a Backdoor.Bot. I'm thinking this is a false positive because a little research said that it was Java Web Start. It is digitally signed by Sun Microsystems, Inc. In the zipped attached you will find the log file and the detected object. The object was found here: C:\Windows\System32\javaws.exe
  17. will someone look at my log and see if I need to do anythingCheckResults.txt
  18. Incredible software. TY!! Quick scan found 300 PUPs in over 30k files. Do I only delete the 3 software selected checked ones or the entire 300 list from the MalwarBytes results log? Are any of them important to keep? Below are the 3 selected 'Adware's followed by two similar software-unselected PUP files. All dealing with FlashPlayer. After that is the entire list of 300. My problem is tons of ads popping up and an especially upper right hand screen corner rolling down in various degrees to reveal an underlying ad. Further, my cursor and screen freeze. C:\Users\N\Downloads\FlashPlayer (1).exe (Adware.DomaIQ) -> No action taken. C:\Users\N\Downloads\FlashPlayer (2).exe (Adware.DomaIQ) -> No action taken.C:\Users\N\Downloads\FlashPlayer.exe (Adware.DomaIQ) -> No action taken. C:\Users\N\Downloads\FlashPlayer_V.aFxGFgqnc.exe (PUP.FakeFlash.Domaiq) -> No action taken.C:\Users\N\Downloads\FlashPlayer_V.NjfpUD75c.exe (PUP.FakeFlash.Domaiq) Entire 300 list:Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.23.07 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16521N :: I3 [administrator] Protection: Enabled 3/23/2014 12:06:43 PMMBAM-log-2014-03-23 (12-54-35).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 283665Time elapsed: 20 minute(s), 35 second(s) Memory Processes Detected: 2C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (PUP.Optional.SoftwareUpdater.A) -> 1868 -> No action taken.C:\ProgramData\WebShield\WebShieldService.exe (PUP.Optional.InternetUpdater.A) -> 2208 -> No action taken. Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 24HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater (PUP.Optional.SoftwareUpdater.A) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\WebShield (PUP.Optional.InternetUpdater.A) -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> No action taken.HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken.HKCR\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} (PUP.Optional.WebSteroids.A) -> No action taken.HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> No action taken.HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> No action taken.HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.SoftwareUpdater) -> No action taken.HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> No action taken.HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> No action taken.HKCR\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} (PUP.Optional.DynConIE.A) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4} (PUP.Optional.PlayTopus) -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4} (PUP.Optional.PlayTopus) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> No action taken.HKLM\SOFTWARE\MediaViewV1alpha1243 (PUP.Optional.MediaView.A) -> No action taken.HKLM\SOFTWARE\SOFTWAREUPDATER (PUP.Optional.SoftwareUpdater.A) -> No action taken.HKLM\SOFTWARE\Vittalia\AxtanInstaller (PUP.Optional.BundleInstaller.A) -> No action taken.HKLM\Software\InstallIQ (PUP.Optional.InstallBrain.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaViewV1alpha1243 (PUP.Optional.MediaView.A) -> No action taken.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9b47a47-5082-41ba-bdef-89a0002dd891} (PUP.Optional.MediaView.A) -> No action taken.HKCR\CLSID\{d9b47a47-5082-41ba-bdef-89a0002dd891} (PUP.Optional.MediaView.A) -> No action taken.HKCR\TypeLib\{1701083b-2c7c-4cf9-b2fe-546f90863ae2} (PUP.Optional.MediaView.A) -> No action taken.HKCR\Interface\{54070D67-0FFE-4E83-B1DE-4A593AE5B004} (PUP.Optional.MediaView.A) -> No action taken. Registry Values Detected: 3HKLM\SOFTWARE\Mozilla\Firefox\Extensions|ext@MediaViewV1alpha1243.net (PUP.Optional.MediaView.A) -> Data: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff -> No action taken.HKLM\SOFTWARE\SoftwareUpdater|partner_keyword (PUP.Optional.SoftwareUpdater.A) -> Data: ALLFILEWINCOM -> No action taken.HKLM\SYSTEM\CurrentControlSet\Services\SrvUpdater|ImagePath (PUP.Optional.SoftwareUpdater.A) -> Data: C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe -> No action taken. Registry Data Items Detected: 2HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> No action taken.HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3324415&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPB03DBD25-858F-4FF4-A150-B77F77B271CB&SSPV=) Good: (http://www.google.com) -> No action taken. Folders Detected: 32C:\Program Files (x86)\SoftwareUpdater (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Users\N\AppData\Roaming\player (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243 (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ch (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content\icons (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content\icons\default (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ie (PUP.Optional.MediaView.A) -> No action taken. Files Detected: 244C:\Program Files (x86)\SoftwareUpdater\UpdaterService.exe (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\ProgramData\WebShield\WebShieldService.exe (PUP.Optional.InternetUpdater.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> No action taken.C:\Users\N\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> No action taken.C:\Users\N\AppData\Local\Temp\nsb14FC.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\N\AppData\Local\Temp\nsj7626.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\N\AppData\Local\Temp\nsl6F3F.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\N\AppData\Local\Temp\nst1C1.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\N\AppData\Local\Temp\nsv7B47.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\N\AppData\Local\Temp\nsz1CCD.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Users\N\AppData\Local\Temp\setapp.exe (PUP.Optional.MediaView.A) -> No action taken.C:\Users\N\AppData\Local\Temp\spstub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\N\AppData\Local\Temp\verifier.exe (PUP.Optional.Conduit) -> No action taken.C:\Users\N\AppData\Local\Temp\nso41F5\SpSetup.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\N\AppData\Local\Temp\nsu1FF3.tmp\aminsis.dll (PUP.Optional.Amonetize) -> No action taken.C:\Users\N\Downloads\FileZipperSetup-bootable windows 7 USB.exe (PUP.Optional.InstallBrain) -> No action taken.C:\Users\N\Downloads\FlashPlayer (1).exe (Adware.DomaIQ) -> No action taken.C:\Users\N\Downloads\FlashPlayer (2).exe (Adware.DomaIQ) -> No action taken.C:\Users\N\Downloads\FlashPlayer.exe (Adware.DomaIQ) -> No action taken.C:\Users\N\Downloads\FlashPlayer_V.aFxGFgqnc.exe (PUP.FakeFlash.Domaiq) -> No action taken.C:\Users\N\Downloads\FlashPlayer_V.NjfpUD75c.exe (PUP.FakeFlash.Domaiq) -> No action taken.C:\Users\N\Downloads\installer_avg_anti-virus_free_edition_English.exe (PUP.Optional.VIT) -> No action taken.C:\Users\N\Downloads\nuancepdf.exe (PUP.Optional.InstallIQ.A) -> No action taken.C:\Users\N\Downloads\Setup (1)-for priv msg.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\N\Downloads\Setup.exe (PUP.Optional.InternetUpdater.A) -> No action taken.C:\Users\N\Downloads\WiseConvert_B.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\N\Downloads\zip.exe (PUP.Optional.InstallIQ.A) -> No action taken.C:\Users\N\Local Settings\Temporary Internet Files\IE\EYT94S65\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\N\Local Settings\Temporary Internet Files\IE\LF0L7VP0\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\N\Local Settings\Temporary Internet Files\IE\VXXKDZGV\SPIdentifierImpl[1].exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.C:\Program Files (x86)\SoftwareUpdater\KeyGen.dll (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Program Files (x86)\SoftwareUpdater\AppsUpdater.exe.config (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Program Files (x86)\SoftwareUpdater\config.xml (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Program Files (x86)\SoftwareUpdater\Interop.Shell32.dll (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Program Files (x86)\SoftwareUpdater\translations.xml (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Program Files (x86)\SoftwareUpdater\uninstall.exe (PUP.Optional.SoftwareUpdater.A) -> No action taken.C:\Users\N\AppData\Roaming\player\playlist.vpl (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\config.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_103.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_11.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_120.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_121.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_122.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_123.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_124.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_125.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_126.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_127.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_136.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_137.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_140.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_141.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_149.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_150.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_160.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_165.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_181.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_191.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_193.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_199.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_200.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_201.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_204.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_219.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_221.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_224.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_268.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_28.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_34.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_37.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_49.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_57.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_86.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Users\N\AppData\Roaming\player\images\channel_ld_99.png (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\AxInterop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\ComponentFactory.Krypton.Toolkit.dll (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\FileBrowser.dll (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\Interop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\libreria.ico (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\Newtonsoft.Json.dll (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\UltraID3Lib.dll (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\Uninstall.exe (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\uninstall.ico (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\VAFPlayer.exe (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\VAFPlayer.exe.config (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\VAFPlayer.InstallState (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\VAFUpdate.exe (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\wmp.dll (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Arabic.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Arabic.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Bulgarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Bulgarian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Catalan.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Catalan.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Czech.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Czech.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Danish.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Danish.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Dutch.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Dutch.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\English.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\English.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Estonian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Estonian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Finnish.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Finnish.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\French.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\French.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\German.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\German.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Greek.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Greek.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Haitian Creole.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Haitian Creole.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hebrew.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hebrew.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hindi.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hindi.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hungarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Hungarian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Indonesian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Indonesian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Italian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Italian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Japanese.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Japanese.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Korean.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Korean.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Latvian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Latvian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Lithuanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Lithuanian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Norwegian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Norwegian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Polish.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Polish.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Portuguese.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Portuguese.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Romanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Romanian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Russian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Russian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Slovak.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Slovak.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Slovenian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Slovenian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Spanish.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Spanish.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Swedish.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Swedish.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Thai.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Thai.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Turkish.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Turkish.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Ukrainian.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Ukrainian.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Vietnamese.gif (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\Tuguu SL\VAFPlayer\languages\Vietnamese.ini (PUP.Optional.VPLMedia.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\uninstall.exe (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ch\MediaViewV1alpha1243.crx (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome.manifest (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\install.rdf (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content\ffMediaViewV1alpha1243.js (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content\ffMediaViewV1alpha1243ffaction.js (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content\overlay.xul (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content\icons\Thumbs.db (PUP.Optional.MediaView.A) -> No action taken.C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1243\ff\chrome\content\icons\default\MediaViewV1alpha1243_32.png (PUP.Optional.MediaView.A) -> No action taken. (end)
  19. Hello everybody, I installed MEE some time ago. Great Software. No problems. Until now. We had some problems with a workstations browser functionality. I analyzed the problem and found that the MySearchResults.com search engine was installed. I started a totalscan from the management console. Totalscan was started (blue) Totalscan finished after some time (green) Nothing found. We use MEE-Client in silent mode. I installed the Client again with a new policy so I could start it on the Workstation. I started totalscan directly on the workstation again and it found over 30 infections. In the management console I couldn't find nothing in the logs about the Scan I started directly on the Workstation. I have two questions: 1. How is it possible that the scan started with the management console didn't find nothing? 2. Why can't i see the scanresult of the manually started scan on the workstation. A User can start a scan and I as an Administrator can't see that the User startet a scan, nor the scan results?
  20. Hello, i have ran malwarebytes/hijackthis and i think i have a virus on my computer but i have no idea of what this code below means i would appreciate if someone could check it for me and let me know if i do and how to get rid of the virus. Thank you, Matthew. Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 04:54:37, on 16/11/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) FIREFOX: 25.0.1 (en-US) Boot mode: Normal Running processes: C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\ApVxdWin.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavBckPT.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\AVAST Software\Avast\avastUi.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Matthew\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\Inicio.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [uTorrent] "C:\Users\Matthew\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1954793911-2519562933-29054630-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1954793911-2519562933-29054630-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AsusSE - Realtek - C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\pavsrvx86.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda internet security 2012\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\PskSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Internet Security 2012\TPSrvWow.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15737 bytes
  21. Hello everyone, Today I performed a full system scan with MBAM which detected several , about 100 infected registry keys , I know that deleting registry key can be very dangerous to the functioning of the OI, so I do not know if I should delete all the files appearing in the scan.Which one of them will be SAFE to delete ? Should I delete all the files from the Scan or just some of them, How I should continue? Thank you very much, I'll appreciate any help or suggestion! Here is the Log Database version: v2013.09.29.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [administrator] Protection: Enabled 29.9.2013 4:08:26 MBAM-log-2013-09-29 (13-34-09).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 348441 Time elapsed: 6 hour(s), 22 minute(s), 20 second(s) Memory Processes Detected: 3 C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> 3008 -> No action taken. C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe (PUP.Optional.AdvancedSystemProtector.A) -> 3444 -> No action taken. C:\Program Files\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> 2988 -> No action taken. Memory Modules Detected: 8 C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> No action taken. C:\Program Files\Advanced System Protector\aspsys.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\System.Data.SQLite.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Xceed.Compression.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Xceed.FileSystem.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Xceed.Zip.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. Registry Keys Detected: 66 HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> No action taken. HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> No action taken. HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> No action taken. HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> No action taken. HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken. HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> No action taken. HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> No action taken. HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> No action taken. HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken. HKCR\AppID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken. HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken. HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> No action taken. HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken. HKCR\DefaultTabBHO.DefaultTabBrowserActiveX.1 (PUP.Optional.DefaultTab.A) -> No action taken. HKCR\DefaultTabBHO.DefaultTabBrowserActiveX (PUP.Optional.DefaultTab.A) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> No action taken. HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken. HKCR\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken. HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetIM) -> No action taken. HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM) -> No action taken. HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EB03EF39-C655-D560-FA95-79182B837D64} (PUP.Optional.SilentInstall.A) -> No action taken. HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Adware.Magnipic) -> No action taken. HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Adware.Magnipic) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1 (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEXPLORE.EXE (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaner_is1 (PUP.Optional.PCCleaner.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab.A) -> No action taken. HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken. HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken. HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> No action taken. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken. HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> No action taken. HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> No action taken. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken. HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> No action taken. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken. Registry Values Detected: 9 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Data: -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE (PUP.Optional.SweetIM) -> Data: 1 -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL (PUP.Optional.SweetIM) -> Data: 1 -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PC Cleaner (PUP.Optional.PCCleaner.A) -> Data: C:\Program Files\PC Cleaner\PCCLauncher.exe -> No action taken. HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.3.0 -> No action taken. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> No action taken. HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {307CD0C0-693D-11E2-9A72-00E0913A09E7} -> No action taken. HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.2.3.0 -> No action taken. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {307CD0C0-693D-11E2-9A72-00E0913A09E7} -> No action taken. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchab.com/?aff=7&uid=8a09c400-7c06-11e2-8cc3-00e0913a09e7) Good: (http://www.google.com) -> No action taken. Folders Detected: 31 C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> No action taken. C:\Users\User\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken. C:\Program Files\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\clamunpack (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\PC Cleaner (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\Toolbar (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.10905 (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10845 (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10905 (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\Logs\Temp (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BitGuard.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Local\Temp\CT3220468 (PUP.Optional.Conduit.A) -> No action taken. C:\Program Files\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange (PUP.Optional.SweetIM.A) -> No action taken. Files Detected: 279 C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll (PUP.Optional.PerformerSoft.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> No action taken. C:\Users\User\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken. C:\Program Files\wrapper_inst\service.exe (PUP.Optional.Chatzum) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll (PUP.Optional.SweetIM) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe (PUP.Optional.PerformerSoft.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.PerformerSoft.A) -> No action taken. C:\ProgramData\MagniPic\uninstall.exe (PUP.Optional.SilentInstall.A) -> No action taken. C:\Users\User\AppData\Local\0GOzOLM.exe (Trojan.FakeMS) -> No action taken. C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\mgHelperGCFB.dll (PUP.Optional.SweetIM) -> No action taken. C:\Users\User\AppData\Local\Conduit\CT3220468\uTorrentControl_v2AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> No action taken. C:\Users\User\AppData\Local\Temp\Updater.exe (PUP.Optional.Amonetize.A) -> No action taken. C:\Users\User\AppData\Local\Temp\setup_fsu_cid.exe (PUP.Optional.FileScout.A) -> No action taken. C:\Users\User\AppData\Local\Temp\Shortcut_sweetim_0711-adf025c2.exe (PUP.Optional.SweetIM) -> No action taken. C:\Users\User\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken. C:\Users\User\AppData\Local\Temp\nsu5FFA.tmp\sweetim_0711-adf025c2.exe (PUP.Optional.SweetIM) -> No action taken. C:\Users\User\AppData\Local\Temp\E66A8868-BAB0-7891-AC2A-9F6D759F8A2A\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken. C:\Users\User\AppData\Local\Temp\E66A8868-BAB0-7891-AC2A-9F6D759F8A2A\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> No action taken. C:\Users\User\AppData\Local\Temp\E66A8868-BAB0-7891-AC2A-9F6D759F8A2A\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> No action taken. C:\Users\User\AppData\Local\Temp\E66A8868-BAB0-7891-AC2A-9F6D759F8A2A\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> No action taken. C:\Users\User\AppData\Local\Temp\E66A8868-BAB0-7891-AC2A-9F6D759F8A2A\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> No action taken. C:\Users\User\AppData\Local\Temp\E66A8868-BAB0-7891-AC2A-9F6D759F8A2A\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> No action taken. C:\Users\User\AppData\Local\Temp\E66A8868-BAB0-7891-AC2A-9F6D759F8A2A\Latest\Setup.exe (PUP.Optional.Babylon.A) -> No action taken. C:\Users\User\AppData\Local\Temp\is1615585457\MeloDXInstaller.exe (PUP.Optional.Melodx.A) -> No action taken. C:\Users\User\AppData\Local\Temp\is357113909\34104892_stp\rcpsetup_adppi_adppi.exe (PUP.Optional.RegCleanerPro) -> No action taken. C:\Users\User\AppData\Local\Temp\is357113909\34104844_stp\DeltaTB.exe (PUP.Optional.Babylon.A) -> No action taken. C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42698175-5ab43b1f (Trojan.Agent.ED) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\update.exe (PUP.Optional.DefaultTab) -> No action taken. C:\Users\User\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> No action taken. C:\Users\User\Downloads\Express_Installer.exe (PUP.Optional.Optimum) -> No action taken. C:\Users\User\Downloads\Malwarebytes Anti-Malware Pro v1.75.0.1300 Incl Keygen-BRD\Keygen-BRD\Keygen.exe (Dont.Steal.Our.Software) -> No action taken. C:\Windows\Installer\8dbb5fd.msi (PUP.Optional.SweetIM) -> No action taken. C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken. C:\ProgramData\MagniPic\5125eb835dcd5.tlb (PUP.Adware.Magnipic) -> No action taken. C:\ProgramData\MagniPic\settings.ini (PUP.Adware.Magnipic) -> No action taken. C:\Users\User\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken. C:\Program Files\Advanced System Protector\loading_withWhiteBG.avi (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\norwegian_asp_NO.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe.config (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\AppResource.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\asp.ico (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\AspManager.exe (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\aspsys.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\categories.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Chinese_asp_ZH-CN.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Communication.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\danish_asp_DA.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\dutch_asp_NL.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\eng_asp_en.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\filetypehelper.exe (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Finnish_asp_FI.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\french_asp_FR.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\german_asp_DE.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Interop.IWshRuntimeLibrary.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\italian_asp_IT.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\japanese_asp_JA.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Microsoft.Win32.TaskScheduler.DLL (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\portuguese_asp_PT-BR.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\russian_asp_ru.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\scandll.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\spanish_asp_ES.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\swedish_asp_SV.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\System.Core.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\System.Data.SQLite.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\unins000.dat (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\unins000.exe (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\unins000.msg (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\unrar.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Xceed.Compression.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Xceed.Compression.Formats.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Xceed.FileSystem.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Xceed.Zip.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\clamunpack\clamscan.exe (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\clamunpack\libclamav.dll (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\clamunpack\readme.txt (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.com (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.exe (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.pif (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\asp-fixer.scr (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\ASP-Troubleshooter.chm (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\firefox.com (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\iexplore.exe (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\Advanced System Protector\Troubleshooter\iexplore.lnk (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Program Files\PC Cleaner\file_id.diz (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\English.ini (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\HomePage.url (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\license.txt (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCGuard.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCLauncher.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCleaner.chm (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCleaner.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCReminder.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCSchedule.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCSmartScan.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCUninstaller.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\PCCWelcome.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\scan.gif (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\sqlite3.dll (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\unins000.dat (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\unins000.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\PC Cleaner\Toolbar\conduitinstaller.exe (PUP.Optional.PCCleaner.A) -> No action taken. C:\Program Files\DefaultTab\DefaultTab.crx (PUP.Optional.DefaultTab.A) -> No action taken. C:\Program Files\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab.A) -> No action taken. C:\Program Files\DefaultTab\uid (PUP.Optional.DefaultTab.A) -> No action taken. C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> No action taken. C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> No action taken. C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences (PUP.Optional.BProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1503mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1504update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1505update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1506update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1507update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1508update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1509update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1510update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1511update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1512update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1513update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1514update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1515update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1516update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1517update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1518update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1519update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1520update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1521update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1522update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1523update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1524update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\1525update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\ProgramData\Systweak\Advanced System Protector\updates\914completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10845\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\2.1.1000.10905\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_15-09-13_01-37-49.xml (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\Logs\SMLog.xml (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\Systweak\Advanced System Protector\Logs\Temp\log_15-09-13_01-37-4913mtfvpc.xml (PUP.Optional.AdvancedSystemProtector.A) -> No action taken. C:\Users\User\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.settings (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BitGuard.A) -> No action taken. C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BitGuard.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\addon.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\DT.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico (PUP.Optional.DefaultTab.A) -> No action taken. C:\Users\User\AppData\Local\Temp\CT3220468\conduit.xml (PUP.Optional.Conduit.A) -> No action taken. C:\Users\User\AppData\Local\Temp\CT3220468\CT3220468.txt (PUP.Optional.Conduit.A) -> No action taken. C:\Users\User\AppData\Local\Temp\CT3220468\initData.json (PUP.Optional.Conduit.A) -> No action taken. C:\Users\User\AppData\Local\Temp\CT3220468\manifest.json (PUP.Optional.Conduit.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png (PUP.Optional.SweetIM.A) -> No action taken. C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png (PUP.Optional.SweetIM.A) -> No action taken. (end)
  22. I suspect that my colleague has installed a keylogger or similar software that sends him information about my activities on the PC to my laptop. Can you please check my log? Thank you so much in advance! Logfile of random's system information tool 1.09 (written by random/random) Run by Renca at 2013-06-22 14:08:22 Microsoft Windows 7 Professional Service Pack 1 System drive C: has 193 GB (81%) free of 238 GB Total RAM: 3033 MB (57% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:08:36, on 22.6.2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16611) Boot mode: Normal Running processes: C:\ProgramData\DatacardService\DCSHelper.exe C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\trend micro\Renca.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Renca\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\WEB Partner\WEB Partner O4 - HKCU\..\Run: [googletalk] C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7042 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch winlogon.exe C:\Windows\system32\svchost.exe -k RPCSS "c:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe "taskhost.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" "C:\ProgramData\DatacardService\DCSHelper.exe" C:\Windows\SysWOW64\rpcnet.exe "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe" /c "C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe" /autostart "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" C:\Windows\system32\svchost.exe -k imgsvc "c:\Program Files\Microsoft Security Client\NisSrv.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Windows Media Player\wmpnetwk.exe" "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2124.0.712598899\214242287" --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2302 --ignored=" --type=renderer " /prefetch:822062411 "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/4/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-accelerated-2d-canvas --channel="2124.2.1483782974\483403213" /prefetch:673131151 "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/4/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-accelerated-2d-canvas --channel="2124.3.1033461813\2037108886" /prefetch:673131151 "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Padding1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/4/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --disable-accelerated-2d-canvas --channel="2124.4.1283402643\1393150312" /prefetch:673131151 "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignaturesUpdateService -ScheduleJob -UnmanagedUpdate \??\C:\Windows\system32\conhost.exe "-532467685-7400630701635661876543761802572154354646499343-580462447-50501113 C:\Windows\system32\svchost.exe -k bthsvcs "C:\Users\Renca\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2124.6.1794813806\1878685711" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702 C:\Windows\servicing\TrustedInstaller.exe "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 96715962-8F2D-C548-6C4D-9B734DFE83EF -Reinvoke "C:\Users\Renca\Downloads\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1001Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1001UA.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005UA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1232745917-3098099244-947842590-1005UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-30 449512] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-30 157672] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304] "MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Users\Renca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 116648] "Facebook Update"=C:\Users\Renca\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-06 138096] "Mobile Partner"=C:\Program Files (x86)\WEB Partner\WEB Partner [] "googletalk"=C:\Users\Renca\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648] "ShowBatteryBar"=C:\Program Files\BatteryBar\ShowBatteryBar.exe [2013-04-11 89600] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-02-11 272896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "MSVideo8"=VfWWDM32.dll ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 2 months====== 2013-06-22 14:08:22 ----D---- C:\rsit 2013-06-22 14:08:22 ----D---- C:\Program Files\trend micro 2013-06-17 19:49:50 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-06-17 19:49:50 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-06-17 19:49:50 ----A---- C:\Windows\system32\iesetup.dll 2013-06-17 19:49:50 ----A---- C:\Windows\system32\iernonce.dll 2013-06-17 19:49:50 ----A---- C:\Windows\system32\ie4uinit.exe 2013-06-17 19:49:49 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-06-17 19:49:49 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-06-17 19:49:49 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-06-17 19:49:49 ----A---- C:\Windows\system32\iesysprep.dll 2013-06-17 19:49:48 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-06-17 19:49:48 ----A---- C:\Windows\system32\msfeeds.dll 2013-06-17 19:49:47 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-06-17 19:49:47 ----A---- C:\Windows\system32\jscript9.dll 2013-06-17 19:49:47 ----A---- C:\Windows\system32\jscript.dll 2013-06-17 19:49:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-06-17 19:49:43 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-06-17 19:49:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-06-17 19:49:43 ----A---- C:\Windows\system32\wininet.dll 2013-06-17 19:49:43 ----A---- C:\Windows\system32\jsproxy.dll 2013-06-17 19:49:09 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-06-17 19:49:09 ----A---- C:\Windows\system32\urlmon.dll 2013-06-17 19:49:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-06-17 19:49:07 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-06-17 19:49:07 ----A---- C:\Windows\system32\ieui.dll 2013-06-17 19:49:07 ----A---- C:\Windows\system32\iertutil.dll 2013-06-17 19:49:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-06-17 19:49:05 ----A---- C:\Windows\system32\ieframe.dll 2013-06-17 19:49:03 ----A---- C:\Windows\system32\mshtml.dll 2013-06-17 19:49:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-06-17 14:20:55 ----D---- C:\Users\Renca\AppData\Roaming\Mozilla 2013-06-17 13:51:43 ----A---- C:\Windows\SYSWOW64\win32spl.dll 2013-06-17 13:51:43 ----A---- C:\Windows\system32\win32spl.dll 2013-06-17 13:51:42 ----A---- C:\Windows\system32\drivers\tcpip.sys 2013-06-17 13:51:36 ----A---- C:\Windows\SYSWOW64\cryptdlg.dll 2013-06-17 13:51:36 ----A---- C:\Windows\system32\cryptdlg.dll 2013-06-17 13:51:29 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll 2013-06-17 13:51:29 ----A---- C:\Windows\system32\WindowsCodecs.dll 2013-06-17 13:51:18 ----A---- C:\Windows\system32\certutil.exe 2013-06-17 13:51:17 ----A---- C:\Windows\SYSWOW64\certutil.exe 2013-06-17 13:51:17 ----A---- C:\Windows\system32\crypt32.dll 2013-06-17 13:51:16 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-06-17 13:51:16 ----A---- C:\Windows\system32\cryptsvc.dll 2013-06-17 13:51:16 ----A---- C:\Windows\system32\cryptnet.dll 2013-06-17 13:51:15 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll 2013-06-17 13:51:15 ----A---- C:\Windows\SYSWOW64\cryptnet.dll 2013-06-17 13:51:15 ----A---- C:\Windows\system32\certenc.dll 2013-06-17 13:51:14 ----A---- C:\Windows\SYSWOW64\certenc.dll 2013-06-17 13:50:22 ----A---- C:\Windows\SYSWOW64\d3d11.dll 2013-06-17 13:50:22 ----A---- C:\Windows\system32\d3d11.dll 2013-05-22 11:04:59 ----D---- C:\Windows\SYSWOW64\Adobe 2013-05-16 13:40:35 ----A---- C:\Windows\system32\drivers\dxgmms1.sys 2013-05-16 13:40:35 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys 2013-05-16 13:40:35 ----A---- C:\Windows\system32\cdd.dll 2013-05-16 13:40:25 ----A---- C:\Windows\system32\shell32.dll 2013-05-16 13:40:24 ----A---- C:\Windows\system32\shdocvw.dll 2013-05-16 13:40:24 ----A---- C:\Windows\system32\authui.dll 2013-05-16 13:40:23 ----A---- C:\Windows\SYSWOW64\shell32.dll 2013-05-16 13:40:23 ----A---- C:\Windows\SYSWOW64\shdocvw.dll 2013-05-16 13:40:23 ----A---- C:\Windows\SYSWOW64\authui.dll 2013-05-16 13:40:23 ----A---- C:\Windows\system32\consent.exe 2013-05-16 13:40:22 ----A---- C:\Windows\system32\appinfo.dll 2013-05-16 13:40:07 ----A---- C:\Windows\system32\wwansvc.dll 2013-05-16 13:40:07 ----A---- C:\Windows\system32\wwanprotdim.dll 2013-05-16 13:40:04 ----A---- C:\Windows\system32\win32k.sys 2013-04-29 10:01:09 ----A---- C:\Windows\system32\mstscax.dll 2013-04-29 10:01:08 ----A---- C:\Windows\SYSWOW64\mstscax.dll 2013-04-29 10:01:07 ----A---- C:\Windows\SYSWOW64\tsgqec.dll 2013-04-29 10:01:07 ----A---- C:\Windows\SYSWOW64\aaclient.dll 2013-04-29 10:01:07 ----A---- C:\Windows\system32\tsgqec.dll 2013-04-29 10:01:07 ----A---- C:\Windows\system32\aaclient.dll 2013-04-29 10:00:50 ----A---- C:\Windows\system32\drivers\ntfs.sys 2013-04-29 10:00:50 ----A---- C:\Windows\system32\drivers\fvevol.sys 2013-04-29 10:00:47 ----A---- C:\Windows\system32\ntoskrnl.exe 2013-04-29 10:00:46 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe 2013-04-29 10:00:46 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe 2013-04-29 10:00:45 ----A---- C:\Windows\SYSWOW64\apisetschema.dll 2013-04-29 10:00:45 ----A---- C:\Windows\system32\smss.exe 2013-04-29 10:00:45 ----A---- C:\Windows\system32\csrsrv.dll 2013-04-28 21:44:50 ----D---- C:\Program Files (x86)\O2 2013-04-28 21:17:32 ----D---- C:\HUAWEI ======List of files/folders modified in the last 2 months====== 2013-06-22 14:08:36 ----D---- C:\Windows\Prefetch 2013-06-22 14:08:22 ----RD---- C:\Program Files 2013-06-22 14:06:55 ----D---- C:\Windows\Temp 2013-06-22 14:04:46 ----D---- C:\Windows\system32\config 2013-06-22 14:04:08 ----D---- C:\Windows\tracing 2013-06-22 13:54:06 ----A---- C:\Windows\system32\rpcnetp.exe 2013-06-22 13:53:57 ----A---- C:\Windows\SYSWOW64\rpcnet.dll 2013-06-21 12:10:45 ----D---- C:\Windows\winsxs 2013-06-21 12:10:38 ----A---- C:\Windows\SYSWOW64\rpcnetp.dll 2013-06-21 12:09:50 ----A---- C:\Windows\SYSWOW64\rpcnetp.exe 2013-06-21 12:09:08 ----D---- C:\Windows\system32\drivers 2013-06-21 12:09:08 ----D---- C:\Program Files (x86)\Internet Explorer 2013-06-21 12:09:07 ----D---- C:\Windows\SysWOW64 2013-06-21 12:09:07 ----D---- C:\Windows\System32 2013-06-21 12:09:07 ----D---- C:\Program Files\Internet Explorer 2013-06-21 12:09:05 ----D---- C:\Windows\SYSWOW64\cs-CZ 2013-06-21 12:09:05 ----D---- C:\Windows\system32\cs-CZ 2013-06-17 19:52:03 ----SHD---- C:\Windows\Installer 2013-06-17 19:52:03 ----D---- C:\ProgramData\Microsoft Help 2013-06-17 19:50:25 ----A---- C:\Windows\system32\MRT.exe 2013-06-17 19:50:09 ----D---- C:\Windows\system32\catroot2 2013-06-17 19:50:09 ----D---- C:\Windows\system32\catroot 2013-06-17 19:48:18 ----SHD---- C:\System Volume Information 2013-06-17 15:34:44 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2013-06-17 13:41:41 ----D---- C:\Windows\inf 2013-06-17 13:41:41 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-06-06 16:32:51 ----D---- C:\Program Files\BatteryBar 2013-06-01 11:36:37 ----D---- C:\Users\Renca\AppData\Roaming\BatteryBar 2013-05-22 11:09:50 ----D---- C:\Windows 2013-05-22 11:05:00 ----D---- C:\Windows\Downloaded Program Files 2013-05-21 13:38:00 ----D---- C:\Windows\rescache 2013-05-21 11:55:43 ----D---- C:\Windows\Microsoft.NET 2013-05-21 11:55:42 ----RSD---- C:\Windows\assembly 2013-05-17 10:33:14 ----D---- C:\Windows\AppPatch 2013-05-10 18:39:07 ----A---- C:\Windows\SYSWOW64\identprv.dll 2013-05-02 17:29:56 ----N---- C:\Windows\system32\MpSigStub.exe 2013-04-28 21:44:50 ----D---- C:\Program Files (x86) 2013-04-28 21:31:32 ----D---- C:\Windows\system32\NDF 2013-04-28 21:11:28 ----D---- C:\Windows\Tasks 2013-04-28 21:11:28 ----D---- C:\Windows\system32\wfp 2013-04-28 21:11:28 ----D---- C:\Windows\system32\drivers\UMDF 2013-04-28 21:11:27 ----D---- C:\Windows\system32\wbem 2013-04-28 21:10:35 ----D---- C:\Windows\system32\DriverStore 2013-04-28 21:10:35 ----D---- C:\Windows\system32\CodeIntegrity 2013-04-28 21:10:33 ----D---- C:\Windows\AppCompat 2013-04-28 21:10:28 ----D---- C:\Windows\registration ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-07-08 2769400] R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984] R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 86016] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640] R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056] S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248] S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\Windows\system32\DRIVERS\ewusbwwan.sys [2010-12-23 421376] S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\Windows\system32\DRIVERS\ewdcsc.sys [2010-10-08 32768] S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-02-25 98816] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2010-12-24 221312] S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760] S3 WinUsb;Ovladač WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136] R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976] R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056] R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\SysWOW64\rpcnet.exe [2013-02-15 58288] R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-17 256904] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-20 1255736] -----------------EOF-----------------
  23. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:26:50, on 09/04/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Citrix\ICA Client\concentr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\darrell.lunt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE C:\Users\darrell.lunt\AppData\Roaming\Spotify\spotify.exe C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe E:\HijackThis-2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?cc=gb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?cc=gb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Plymouth Pavilions R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\bin\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\darrell.lunt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\darrell.lunt\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - Global Startup: Online plug-in.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pp.local O17 - HKLM\Software\..\Telephony: DomainName = pp.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pp.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = pp.local,tr.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pp.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = pp.local,tr.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pp.local,tr.local O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll (file missing) O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.34 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe O23 - Service: VMware View Client Service (wsnm) - VMware, Inc. - C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- End of file - 11560 bytes
  24. Protection log and Scan log doesnt log the realtime scan which detectes malware and shows a red pop up. Also I have seen that some files (like packers), tagged as malware are never logged in any place. It will be nice to add a exclude option in the red pop up warning for detected malware and not having to exclude it manually.
  25. Hi guys, I'm trying to fix a friend's laptop. Appears to be affected with the Ukash virus. I can't follow the instructions as per the 'guide' in the other forum - since I can't boot to safe mode with networking. It automatically logs me off as soon as I enter either safe mode or safe mode with networking. I found another thread with a similar issue and the user was asked to use FRST.exe to diagnose. I've followed those steps and have attached it here. Please let me know if there is something else I need to do. Appreciate any help with this. FRST.txt Search.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.