Jump to content

Need help getting rid of some malware, please help.

david14433
 Share

Recommended Posts

MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
david14433

david14433

Posted
  • Author
Posted

OK so I have scanned the hard drive so far, and here it is.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.25.06
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
sarah :: SARAH-PC [administrator]
 
Protection: Enabled
 
8/25/2013 8:08:30 PM
MBAM-log-2013-08-26 (00-18-06).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 431299
Time elapsed: 1 hour(s), 43 minute(s), 57 second(s)
 
Memory Processes Detected: 3
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> 1708 -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> 3080 -> No action taken.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> 4544 -> No action taken.
 
Memory Modules Detected: 7
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
 
Registry Keys Detected: 30
HKCR\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCR\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCR\Interface\{022C9F90-2E96-47D6-A971-107650154563} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\TypeLib\{26A19260-CB61-486E-8654-C1C05C4FD1A5} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\TypeLib\{5B4144E1-B61D-495a-9A50-CD1A95D86D15} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader.1 (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader (PUP.Optional.Bandoo.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 (PUP.Optional.AppGraffiti.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> No action taken.
HKCU\Software\AppDataLow\gvtl (Adware.GameVance) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
 
Registry Values Detected: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data:  -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Data: C:\Program Files (x86)\SearchProtect\bin\cltmng.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.SearchProtect.A) -> Data: C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr) -> Data: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> No action taken.
 
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchBar) -> Bad: (http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language) Good: (http://www.google.com/) -> No action taken.
 
Folders Detected: 42
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\AppGraffiti (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\Update (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\Other\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> No action taken.
C:\Users\Other\AppData\Local\I Want This (Adware.GamePlayLab) -> No action taken.
C:\Users\Other\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> No action taken.
 
Files Detected: 149
C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll (PUP.Optional.SearchQu) -> No action taken.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> No action taken.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> No action taken.
C:\Program Files (x86)\MixiDJ_V37\MixiDJ_V37ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Adrian\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Adrian\Downloads\GamesSetup.exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\Adrian\Downloads\IWantThis.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\Adrian\Downloads\oi_setup.exe (PUP.BundleInstaller.OI) -> No action taken.
C:\Users\sarah\.frostwire5\updates\frostwire-5.3.4.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Local\Conduit\CT3298573\MixiDJ_V37AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\extensions\crushcalc@gameplaylabs.com\Zugo.exe (PUP.Adware.Zugo) -> No action taken.
C:\Users\sarah\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\sarah\Downloads\frostwire-5.2.11.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\Downloads\Moozy.exe (PUP.BundleInstaller.OI) -> No action taken.
C:\Users\sarah\Downloads\PDFCreatorSetup.exe (PUP.AdBundle) -> No action taken.
C:\Users\sarah\Downloads\SetupPlaySushi.exe ( .Agent) -> No action taken.
C:\Users\sarah\Downloads\unconfirmed 13070.download (PUP.Optional.AskToolbar) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> No action taken.
C:\Program Files (x86)\AppGraffiti\unins000.dat (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\AppGraffiti._dll (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\AppGraffiti._exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\unins000.exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> No action taken.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> No action taken.
C:\Users\Other\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> No action taken.
C:\Users\Other\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\2247.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295_p9v0.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy) -> No action taken.
 
(end)
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

MrC

Link to post
Share on other sites
david14433

david14433

Posted
  • Author
Posted

OK I did all of that. Here is the log from the quick scan.

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.27.07
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
sarah :: SARAH-PC [administrator]
 
Protection: Enabled
 
8/28/2013 3:21:41 AM
new MBAM-log-2013-08-28 (03-31-44).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272026
Time elapsed: 6 minute(s), 54 second(s)
 
Memory Processes Detected: 3
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> 1644 -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> 1340 -> No action taken.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> 2908 -> No action taken.
 
Memory Modules Detected: 7
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
 
Registry Keys Detected: 26
HKCR\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCR\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCR\Interface\{022C9F90-2E96-47D6-A971-107650154563} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} (PUP.Optional.AppGraffiti.A) -> No action taken.
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> No action taken.
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\TypeLib\{26A19260-CB61-486E-8654-C1C05C4FD1A5} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\TypeLib\{5B4144E1-B61D-495a-9A50-CD1A95D86D15} (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader.1 (PUP.Optional.Bandoo.A) -> No action taken.
HKCR\BrowserConnection.Loader (PUP.Optional.Bandoo.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 (PUP.Optional.AppGraffiti.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> No action taken.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> No action taken.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
 
Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data:  -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Data: C:\Program Files (x86)\SearchProtect\bin\cltmng.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.SearchProtect.A) -> Data: C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr) -> Data: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 46
C:\Program Files (x86)\AppGraffiti (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\Update (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> No action taken.
 
Files Detected: 170
C:\Program Files (x86)\AppGraffiti\AppGraffiti.dll (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll (PUP.Optional.SearchQu) -> No action taken.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> No action taken.
C:\Users\Adrian\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Adrian\Downloads\GamesSetup.exe (PUP.Optional.Inbox) -> No action taken.
C:\Users\Adrian\Downloads\oi_setup.exe (PUP.BundleInstaller.OI) -> No action taken.
C:\Users\sarah\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\sarah\Downloads\frostwire-5.2.11.windows.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\Downloads\Moozy.exe (PUP.BundleInstaller.OI) -> No action taken.
C:\Users\sarah\Downloads\PDFCreatorSetup.exe (PUP.AdBundle) -> No action taken.
C:\Users\sarah\Downloads\unconfirmed 13070.download (PUP.Optional.AskToolbar) -> No action taken.
C:\Program Files (x86)\AppGraffiti\unins000.dat (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\AppGraffiti._dll (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\AppGraffiti._exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\AppGraffiti\unins000.exe (PUP.Optional.AppGraffiti.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\rep.dat (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\sarah\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> No action taken.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\2247.ico (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295_p9v0.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy) -> No action taken.
 
(end)
Link to post
Share on other sites
david14433

david14433

Posted
  • Author
Posted

Here it is. I only did a quick scan.

 

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.30.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
sarah :: SARAH-PC [administrator]

Protection: Enabled

8/30/2013 5:43:47 PM
mbam-log-2013-08-30 (17-43-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272474
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> 1644 -> Delete on reboot.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.ConduitSearchProtect) -> 4564 -> Delete on reboot.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> 4656 -> Delete on reboot.

Memory Modules Detected: 2
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot.

Registry Keys Detected: 8
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1 (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.SearchProtect.A) -> Data: C:\Program Files (x86)\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.ConduitSearchProtect) -> Data: C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr) -> Data: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 43
C:\Program Files (x86)\AppGraffiti (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AppGraffiti\Update (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

Files Detected: 136
C:\Users\Adrian\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Adrian\Downloads\GamesSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.
C:\Users\Adrian\Downloads\oi_setup.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\sarah\Downloads\DTLite4413-0173.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\Downloads\Flash Player 12.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\sarah\Downloads\frostwire-5.2.11.windows.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\Downloads\Moozy.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\sarah\Downloads\PDFCreatorSetup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.
C:\Users\sarah\Downloads\unconfirmed 13070.download (PUP.Optional.AskToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AppGraffiti\unins000.dat (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AppGraffiti\AppGraffiti.exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AppGraffiti\AppGraffiti._dll (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AppGraffiti\AppGraffiti._exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\AppGraffiti\unins000.exe (PUP.Optional.AppGraffiti.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\FirefoxModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\ChromeModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\bin\InternetExplorerModule.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\bin\SPHook32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\SPRunner.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Adrian\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Other\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\abstraction.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\application.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433} (PUP.Optional.Searchqu.A) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\SearchProtect\bin\cltmng.exe (PUP.Optional.ConduitSearchProtect) -> Delete on reboot.
C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr) -> Delete on reboot.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\2247.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\OpenCandy\4B7CAB1DA66E445F894FA4BA1DEAD369\TuneUp_OpenCandy_PC_2.4.2_CPMID_295_p9v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\sarah\AppData\Roaming\OpenCandy\OpenCandy_4B7CAB1DA66E445F894FA4BA1DEAD369\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC
Link to post
Share on other sites
david14433

david14433

Posted
  • Author
Posted

OK that didn't work out like I thought. Part of the problem is that the computer i'm working on that has this problem is not mine. It's my sisters. And she gets picky about me using it and installing things on there. So I will get try to get it done ASAP. But I still need to talk to her first before I do much of anything on there..

 

Thanks.

Link to post
Share on other sites
david14433

david14433

Posted
  • Author
Posted

OK here it is. Thanks.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by sarah (administrator) on SARAH-PC on 06-09-2013 17:31:02
Running from C:\Users\sarah\Desktop\softwares
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\ccSvcHst.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Google Inc.) C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2009-07-06] (CANON INC.)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Google Update] - C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-02-15] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [4910912 2011-08-02] (DT Soft Ltd)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-30] (Google Inc.)
HKCU\...\Run: [spotify Web Helper] - C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-08-09] (Spotify Ltd)
HKCU\...\Run: [spotify] - C:\Users\sarah\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-08-09] (Spotify Ltd)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [268640 2011-11-12] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [vProt] - "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [Anti-phishing Domain Advisor] - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [232616 2012-01-17] (Visicom Media Inc. (Powered by Panda Security))
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\Adrian\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-11-30] (Google Inc.)
HKU\Adrian\...\Run: [Google Update] - C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-14] (Google Inc.)
HKU\Adrian\...\Run: [spotify] - C:\Users\Adrian\AppData\Roaming\Spotify\Spotify.exe [7609560 2012-07-17] (Spotify Ltd)
HKU\Adrian\...\Run: [spotify Web Helper] - C:\Users\Adrian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1192664 2012-07-17] ()
HKU\Adrian\...\Run: [searchProtect] - C:\Users\Adrian\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Other\...\Run: [searchProtect] - C:\Users\Other\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll    [1791368 2011-12-08] (iMesh, Inc)
AppInit_DLLs-x32: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll [1233800 2011-12-08] (iMesh, Inc)
Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Other\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN17200070776729218&UM=2&UP=SP37BEA170-16C6-4977-9BA3-7CB2EFC5F7A5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: (No Name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -  No File
URLSearchHook: (No Name) - {eef3855c-fc2d-41e6-8d91-d368f51b3055} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1150&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {6EF2E011-FEE7-40C0-922B-811FB7907F67} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1150&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {6EF2E011-FEE7-40C0-922B-811FB7907F67} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN17200070776729218&UM=2
SearchScopes: HKCU - {45BC80C2-FFBE-40B5-83B7-96B033A33C29} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002U2US&apn_uid=41fb210d-0095-4146-88ce-37f0f75a82bd&apn_sauid=DD5906D3-9E9D-4EC9-9D83-F9025D1A4E1A
SearchScopes: HKCU - {6EF2E011-FEE7-40C0-922B-811FB7907F67} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298573&CUI=UN17200070776729218&UM=2
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6F7952B5-271F-404A-B90B-6BD42681FEEE}&mid=2c9c41595ba447d1b620d16f6416622b-733d390c622409d4338976f8e59133f30148332d〈=en&ds=ins12&pr=sa&d=2012-03-03 18:01:55&v=10.0.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL = http://dts.search-results.com/sr?src=ieb&appid=1150&systemid=1&sr=0&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80383&lng=en
BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files (x86)\blekkotb\auxi\blekkoAu.dll (Visicom Media)
BHO-x32: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
BHO-x32: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
BHO-x32: Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Family BHO - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL No File
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MixiDJ V37 Toolbar - {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll No File
Toolbar: HKLM-x32 - Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files (x86)\blekkotb\blekkoDx.dll ()
Toolbar: HKLM-x32 - Search Results Toolbar - {348bd83c-b2cd-4319-a605-c96bb458dd80} - C:\Program Files (x86)\toolbar2\searchresultsDx.dll (Ask.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - MixiDJ V37 Toolbar - {eef3855c-fc2d-41e6-8d91-d368f51b3055} - C:\Program Files (x86)\MixiDJ_V37\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {EEF3855C-FC2D-41E6-8D91-D368F51B3055} -  No File
DPF: HKLM-x32 {68459DB3-59C9-449D-815B-65F729385C16} http://www.voice4web.com/vs.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default


FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\inbox-search.xml
FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\mixidj-v37-customized-web-search.xml
FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: AppGraffiti - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\AppGraffiti@AppGraffiti.com
FF Extension: No Name - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\crossriderapp2258@crossrider.com
FF Extension: Secret Crush Revealer - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\crushcalc@gameplaylabs.com
FF Extension: Spam Free Search Bar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
FF Extension: Wincore Mediabar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
FF Extension: Search Results Toolbar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{348bd83c-b2cd-4319-a605-c96bb458dd80}
FF Extension: Searchqu Toolbar - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: MixiDJ V37  - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
FF Extension: No Name - C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mk9ldjlj.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\
FF Extension: Norton Family - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw\

Chrome:
=======


CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN35743545431406832&ctid=CT3298573&UM=2
CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN35743545431406832&UM=2
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\sarah\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\sarah\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\sarah\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (registryAccess) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.15.1.22682_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U21) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave for Director) - C:\windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Family) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.8.0.14_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [aaaaaaooaijelonlmbcbjkocdnicdfmo] - C:\Users\sarah\AppData\Local\APN\GoogleCRXs\aaaaaaooaijelonlmbcbjkocdnicdfmo_7.14.1.0.crx
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\sarah\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\Extensions\Chrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\sarah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 NSM; C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\ccSvcHst.exe [143928 2012-08-18] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [919352 2011-09-25] (Trusteer Ltd.)
S2 SwOffScheduler; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec)
S2 SwOffWeb; C:\Program Files\Airytec\Switch Off\swoff.exe [173056 2011-05-28] (Airytec)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
R1 ccSet_NSM; C:\Windows\system32\drivers\NSMx64\0208000.00E\ccSetx64.sys [168096 2012-08-06] (Symantec Corporation)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-09-07] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-26] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-08-13] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\ENG64.SYS [126040 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20130905.018\EX64.SYS [2099288 2013-08-28] (Symantec Corporation)
R1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
R1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-10-30] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-09-25] (Trusteer Ltd.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-09-25] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [64272 2011-09-25] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-09-25] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-09-25] (Trusteer Ltd.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [446976 2009-08-20] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [526392 2011-09-07] ()
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}; C:\Windows\system32\drivers\NSMx64\0208000.00E\SymRdrS.SYS [243872 2012-07-20] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
U3 ackp4bod; C:\Windows\System32\Drivers\ackp4bod.sys [0 ] (Intel Corporation)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-06 00:47 - 2013-09-06 00:47 - 00003410 _____ C:\windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2013-09-05 20:51 - 2013-09-05 20:51 - 00000956 _____ C:\Users\Public\Desktop\Airytec Switch Off.lnk
2013-09-04 17:23 - 2013-09-04 17:23 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Airytec
2013-09-04 00:05 - 2013-09-04 00:05 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Airytec
2013-09-03 21:22 - 2013-09-03 21:22 - 00000000 ____D C:\ProgramData\Airytec
2013-09-03 20:56 - 2013-09-04 20:59 - 00000000 ____D C:\Users\Other\AppData\Roaming\Airytec
2013-09-03 20:40 - 2013-09-03 21:23 - 00000000 ____D C:\Users\Other\AppData\Local\CrashDumps
2013-09-03 18:04 - 2013-09-06 17:28 - 00000000 ____D C:\Users\sarah\Desktop\softwares
2013-09-03 16:58 - 2013-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\uvnc bvba
2013-09-03 16:51 - 2013-09-05 20:51 - 00000000 ____D C:\Program Files\Airytec
2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default\AppData\Local\Toshiba
2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Toshiba
2013-09-03 12:47 - 2013-09-03 12:47 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Malwarebytes
2013-08-28 21:37 - 2013-08-28 21:37 - 03948219 _____ C:\Users\sarah\Downloads\IMG_0267.MOV
2013-08-28 21:25 - 2013-08-28 21:25 - 05263319 _____ C:\Users\sarah\Downloads\IMG_0909.MOV
2013-08-28 21:22 - 2013-08-28 21:22 - 05033922 _____ C:\Users\sarah\Downloads\IMG_0258.MOV
2013-08-28 21:21 - 2013-08-28 21:22 - 03409133 _____ C:\Users\sarah\Downloads\IMG_0030.MOV
2013-08-27 22:58 - 2013-08-27 22:58 - 00000000 ____D C:\Users\Other\AppData\Roaming\Unity
2013-08-27 21:30 - 2013-08-27 21:30 - 00648144 _____ (Unity Technologies ApS) C:\Users\Other\Downloads\UnityWebPlayer.exe
2013-08-27 21:30 - 2013-08-27 21:30 - 00000000 ____D C:\Users\Other\AppData\Local\Unity
2013-08-27 21:12 - 2013-08-27 21:12 - 00000000 ____D C:\Users\Other\AppData\Local\Macromedia
2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Roaming\Mozilla
2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Local\Mozilla
2013-08-27 21:10 - 2013-08-27 21:10 - 00000000 ____D C:\Users\Other\AppData\Local\Best_Buy®
2013-08-26 20:48 - 2013-08-26 20:48 - 00000000 ____D C:\Users\Other\AppData\Local\Logitech® Webcam Software
2013-08-26 20:46 - 2013-08-30 18:02 - 00000000 ____D C:\Users\Other\AppData\Roaming\SearchProtect
2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Malwarebytes
2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 20:05 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-25 19:51 - 2013-08-25 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-25 19:11 - 2013-08-25 19:11 - 00000034 _____ C:\Users\sarah\Desktop\trogans.txt
2013-08-23 22:02 - 2013-08-30 18:02 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\SearchProtect
2013-08-22 23:09 - 2013-08-23 00:00 - 00000027 _____ C:\Users\sarah\Desktop\temp.txt
2013-08-22 20:40 - 2013-08-22 20:41 - 01445960 _____ C:\windows\Minidump\082213-43461-01.dmp
2013-08-22 20:40 - 2013-08-22 20:40 - 541178427 _____ C:\windows\MEMORY.DMP
2013-08-22 20:40 - 2013-08-22 20:40 - 00000000 ____D C:\windows\Minidump
2013-08-22 15:51 - 2013-08-22 15:52 - 02497632 _____ C:\Users\sarah\Downloads\k9-webprotection.exe
2013-08-22 15:49 - 2013-08-30 18:55 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V37
2013-08-22 15:49 - 2013-08-22 15:49 - 00000000 ____D C:\Users\sarah\AppData\Local\Conduit
2013-08-22 15:47 - 2013-08-30 18:05 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-22 15:47 - 2013-08-30 18:02 - 00000000 ____D C:\Users\sarah\AppData\Roaming\SearchProtect
2013-08-22 15:47 - 2013-08-22 15:49 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-22 15:47 - 2013-08-22 15:48 - 00000000 ____D C:\Users\sarah\AppData\Local\CRE
2013-08-22 15:46 - 2013-08-22 15:51 - 00000009 _____ C:\END
2013-08-22 15:45 - 2013-08-22 15:45 - 00584600 _____ C:\Users\sarah\Desktop\cbsidlm-tr1_14-K9_Web_Protection-SEO-10487710.exe
2013-08-22 15:33 - 2013-08-22 15:33 - 02395901 _____ C:\Users\sarah\Downloads\SentrySuite.exe
2013-08-22 15:07 - 2013-08-22 15:07 - 02395901 _____ C:\Users\Other\Downloads\SentrySuite.exe
2013-08-22 15:04 - 2013-08-22 15:04 - 00584600 _____ C:\Users\Adrian\Downloads\cbsidlm-tr1_14-Sentry_Total_Family_Protection-SEO-10850491.exe
2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\windows\system32\Drivers\NSMx64
2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\Program Files (x86)\Norton Family
2013-08-20 12:43 - 2013-08-20 13:01 - 00001290 _____ C:\Users\Adrian\Desktop\Norton Installation Files.lnk
2013-08-20 12:43 - 2013-08-20 12:43 - 00915768 _____ (Symantec Corporation) C:\Users\Adrian\Downloads\NF_Installer.exe
2013-08-19 18:08 - 2013-08-19 18:08 - 03010440 _____ (GamingWonderland) C:\Users\Adrian\Downloads\GamingWonderlandCrxSetup.91D2CA31-F53D-40CC-A9BD-C9A69324A54D.exe
2013-08-18 15:33 - 2013-08-18 15:33 - 01146184 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\wlsetup-web.exe

==================== One Month Modified Files and Folders =======

2013-09-06 17:31 - 2009-12-21 11:11 - 01168137 _____ C:\windows\WindowsUpdate.log
2013-09-06 17:30 - 2013-09-06 17:30 - 00000000 ____D C:\FRST
2013-09-06 17:28 - 2013-09-03 18:04 - 00000000 ____D C:\Users\sarah\Desktop\softwares
2013-09-06 17:26 - 2011-03-14 23:17 - 00002380 _____ C:\Users\sarah\Desktop\Google Chrome.lnk
2013-09-06 17:24 - 2012-05-14 04:06 - 00000000 ____D C:\ProgramData\Anti-phishing Domain Advisor
2013-09-06 01:38 - 2012-03-14 02:48 - 00002385 _____ C:\Users\Adrian\Desktop\Google Chrome.lnk
2013-09-06 01:38 - 2012-03-14 02:47 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA.job
2013-09-06 01:11 - 2012-05-08 18:33 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 01:00 - 2010-02-16 11:34 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA.job
2013-09-06 01:00 - 2010-02-15 00:42 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 00:47 - 2013-09-06 00:47 - 00003410 _____ C:\windows\System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9
2013-09-06 00:37 - 2012-03-14 02:47 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core.job
2013-09-06 00:01 - 2010-02-15 00:42 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 00:00 - 2010-02-16 11:34 - 00000856 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core.job
2013-09-05 21:09 - 2009-07-13 21:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 21:09 - 2009-07-13 21:45 - 00016080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 20:53 - 2012-09-24 17:37 - 00008822 _____ C:\windows\setupact.log
2013-09-05 20:53 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-05 20:51 - 2013-09-05 20:51 - 00000956 _____ C:\Users\Public\Desktop\Airytec Switch Off.lnk
2013-09-05 20:51 - 2013-09-03 16:51 - 00000000 ____D C:\Program Files\Airytec
2013-09-05 20:45 - 2012-01-26 11:12 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Spotify
2013-09-05 20:44 - 2011-04-11 08:12 - 00000000 ____D C:\Users\Adrian\AppData\Local\CrashDumps
2013-09-04 20:59 - 2013-09-03 20:56 - 00000000 ____D C:\Users\Other\AppData\Roaming\Airytec
2013-09-04 17:23 - 2013-09-04 17:23 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Airytec
2013-09-04 12:58 - 2009-07-13 22:13 - 01359678 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-04 00:07 - 2012-04-19 18:11 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Spotify
2013-09-04 00:05 - 2013-09-04 00:05 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Airytec
2013-09-03 21:23 - 2013-09-03 20:40 - 00000000 ____D C:\Users\Other\AppData\Local\CrashDumps
2013-09-03 21:22 - 2013-09-03 21:22 - 00000000 ____D C:\ProgramData\Airytec
2013-09-03 18:47 - 2012-12-25 01:31 - 00000000 ____D C:\Users\Other\AppData\Roaming\Google
2013-09-03 16:58 - 2013-09-03 16:58 - 00000000 ____D C:\Program Files (x86)\uvnc bvba
2013-09-03 16:14 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2013-09-03 15:42 - 2012-01-26 11:12 - 00000000 ____D C:\Users\sarah\AppData\Local\Spotify
2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default\AppData\Local\Toshiba
2013-09-03 12:49 - 2013-09-03 12:49 - 00000000 ____D C:\Users\Default User\AppData\Local\Toshiba
2013-09-03 12:48 - 2009-07-13 22:08 - 00032542 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-09-03 12:47 - 2013-09-03 12:47 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Malwarebytes
2013-09-02 16:12 - 2010-09-12 11:49 - 00000000 ____D C:\Baby Left brain
2013-09-02 01:35 - 2012-05-14 04:06 - 00000000 ____D C:\Users\Other\AppData\Local\Google
2013-08-30 18:55 - 2013-08-22 15:49 - 00000000 ____D C:\Program Files (x86)\MixiDJ_V37
2013-08-30 18:05 - 2013-08-22 15:47 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-08-30 18:05 - 2009-11-30 21:44 - 00377286 _____ C:\windows\PFRO.log
2013-08-30 18:02 - 2013-08-26 20:46 - 00000000 ____D C:\Users\Other\AppData\Roaming\SearchProtect
2013-08-30 18:02 - 2013-08-23 22:02 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\SearchProtect
2013-08-30 18:02 - 2013-08-22 15:47 - 00000000 ____D C:\Users\sarah\AppData\Roaming\SearchProtect
2013-08-28 21:37 - 2013-08-28 21:37 - 03948219 _____ C:\Users\sarah\Downloads\IMG_0267.MOV
2013-08-28 21:25 - 2013-08-28 21:25 - 05263319 _____ C:\Users\sarah\Downloads\IMG_0909.MOV
2013-08-28 21:22 - 2013-08-28 21:22 - 05033922 _____ C:\Users\sarah\Downloads\IMG_0258.MOV
2013-08-28 21:22 - 2013-08-28 21:21 - 03409133 _____ C:\Users\sarah\Downloads\IMG_0030.MOV
2013-08-27 22:58 - 2013-08-27 22:58 - 00000000 ____D C:\Users\Other\AppData\Roaming\Unity
2013-08-27 21:30 - 2013-08-27 21:30 - 00648144 _____ (Unity Technologies ApS) C:\Users\Other\Downloads\UnityWebPlayer.exe
2013-08-27 21:30 - 2013-08-27 21:30 - 00000000 ____D C:\Users\Other\AppData\Local\Unity
2013-08-27 21:12 - 2013-08-27 21:12 - 00000000 ____D C:\Users\Other\AppData\Local\Macromedia
2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Roaming\Mozilla
2013-08-27 21:11 - 2013-08-27 21:11 - 00000000 ____D C:\Users\Other\AppData\Local\Mozilla
2013-08-27 21:10 - 2013-08-27 21:10 - 00000000 ____D C:\Users\Other\AppData\Local\Best_Buy®
2013-08-26 21:54 - 2012-06-24 16:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 20:48 - 2013-08-26 20:48 - 00000000 ____D C:\Users\Other\AppData\Local\Logitech® Webcam Software
2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Malwarebytes
2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 20:05 - 2013-08-25 20:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 19:51 - 2013-08-25 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-25 19:11 - 2013-08-25 19:11 - 00000034 _____ C:\Users\sarah\Desktop\trogans.txt
2013-08-23 21:29 - 2010-02-14 23:35 - 00000000 ____D C:\Users\sarah\AppData\Local\Google
2013-08-23 00:11 - 2010-06-08 18:07 - 00000000 ____D C:\Users\sarah\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
2013-08-23 00:00 - 2013-08-22 23:09 - 00000027 _____ C:\Users\sarah\Desktop\temp.txt
2013-08-22 23:38 - 2012-12-20 16:43 - 00000000 ____D C:\Users\sarah\AppData\Roaming\BitTorrent
2013-08-22 23:08 - 2009-07-13 20:20 - 00000000 ____D C:\windows\Registration
2013-08-22 20:41 - 2013-08-22 20:40 - 01445960 _____ C:\windows\Minidump\082213-43461-01.dmp
2013-08-22 20:40 - 2013-08-22 20:40 - 541178427 _____ C:\windows\MEMORY.DMP
2013-08-22 20:40 - 2013-08-22 20:40 - 00000000 ____D C:\windows\Minidump
2013-08-22 15:52 - 2013-08-22 15:51 - 02497632 _____ C:\Users\sarah\Downloads\k9-webprotection.exe
2013-08-22 15:51 - 2013-08-22 15:46 - 00000009 _____ C:\END
2013-08-22 15:49 - 2013-08-22 15:49 - 00000000 ____D C:\Users\sarah\AppData\Local\Conduit
2013-08-22 15:49 - 2013-08-22 15:47 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-22 15:48 - 2013-08-22 15:47 - 00000000 ____D C:\Users\sarah\AppData\Local\CRE
2013-08-22 15:45 - 2013-08-22 15:45 - 00584600 _____ C:\Users\sarah\Desktop\cbsidlm-tr1_14-K9_Web_Protection-SEO-10487710.exe
2013-08-22 15:33 - 2013-08-22 15:33 - 02395901 _____ C:\Users\sarah\Downloads\SentrySuite.exe
2013-08-22 15:07 - 2013-08-22 15:07 - 02395901 _____ C:\Users\Other\Downloads\SentrySuite.exe
2013-08-22 15:04 - 2013-08-22 15:04 - 00584600 _____ C:\Users\Adrian\Downloads\cbsidlm-tr1_14-Sentry_Total_Family_Protection-SEO-10850491.exe
2013-08-20 18:12 - 2012-05-08 18:33 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 18:12 - 2012-05-08 18:33 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 18:12 - 2011-09-03 11:59 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 13:01 - 2013-08-20 12:43 - 00001290 _____ C:\Users\Adrian\Desktop\Norton Installation Files.lnk
2013-08-20 13:01 - 2009-12-21 11:47 - 00000000 ____D C:\ProgramData\Norton
2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\windows\system32\Drivers\NSMx64
2013-08-20 12:55 - 2013-08-20 12:55 - 00000000 ____D C:\Program Files (x86)\Norton Family
2013-08-20 12:55 - 2011-03-31 22:20 - 00177312 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-20 12:55 - 2011-03-31 22:20 - 00007466 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-20 12:55 - 2011-03-31 22:19 - 00000000 ____D C:\Program Files\Symantec
2013-08-20 12:43 - 2013-08-20 12:43 - 00915768 _____ (Symantec Corporation) C:\Users\Adrian\Downloads\NF_Installer.exe
2013-08-20 12:43 - 2011-03-31 21:32 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-08-19 18:08 - 2013-08-19 18:08 - 03010440 _____ (GamingWonderland) C:\Users\Adrian\Downloads\GamingWonderlandCrxSetup.91D2CA31-F53D-40CC-A9BD-C9A69324A54D.exe
2013-08-19 01:17 - 2011-01-18 10:52 - 00000410 ____H C:\windows\Tasks\Norton Security Scan for sarah.job
2013-08-18 15:33 - 2013-08-18 15:33 - 01146184 _____ (Microsoft Corporation) C:\Users\Adrian\Downloads\wlsetup-web.exe
2013-08-17 13:36 - 2011-09-26 12:46 - 00002057 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-17 13:36 - 2011-09-26 12:46 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-17 00:32 - 2012-03-14 02:47 - 00003884 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA
2013-08-17 00:32 - 2012-03-14 02:47 - 00003488 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core
2013-08-17 00:03 - 2009-11-30 21:31 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-17 00:02 - 2011-03-14 23:17 - 00000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-16 23:55 - 2010-02-16 11:34 - 00003878 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA
2013-08-16 23:55 - 2010-02-16 11:34 - 00003482 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core
2013-08-16 23:55 - 2010-02-15 00:42 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-16 23:55 - 2010-02-15 00:42 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\f98a58313a1fd7498cd9848cdf163d31\mono-1-vc.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\f98a58313a1fd7498cd9848cdf163d31\webplayer_win.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\f98a58313a1fd7498cd9848cdf163d31\wrap_oal.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\ab73f016194db34baacb0013746e316c\mono-1-vc.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\ab73f016194db34baacb0013746e316c\webplayer_win.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\ab73f016194db34baacb0013746e316c\wrap_oal.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\a4c3df3ca1fb234aa6f2d4f7035827e2\mono-1-vc.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\a4c3df3ca1fb234aa6f2d4f7035827e2\webplayer_win.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\a4c3df3ca1fb234aa6f2d4f7035827e2\wrap_oal.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\92925a31c5f59e40969e24c7ea343518\mono-1-vc.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\92925a31c5f59e40969e24c7ea343518\webplayer_win.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\92925a31c5f59e40969e24c7ea343518\wrap_oal.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\0e5fdfb2fc1c58448bf404171662454d\mono-1-vc.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\0e5fdfb2fc1c58448bf404171662454d\webplayer_win.dll
C:\Users\Adrian\AppData\Local\Temp\UnityWebPlayer\temp\0e5fdfb2fc1c58448bf404171662454d\wrap_oal.dll
C:\Users\Other\AppData\Local\Temp\UnityWebPlayer\temp\a63cab2b9863e14399176a94b10aab52\mono-1-vc.dll
C:\Users\Other\AppData\Local\Temp\UnityWebPlayer\temp\a63cab2b9863e14399176a94b10aab52\webplayer_win.dll
C:\Users\Other\AppData\Local\Temp\UnityWebPlayer\temp\a63cab2b9863e14399176a94b10aab52\wrap_oal.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\985e905f1aa16f49a6982f2594008f82\mono-1-vc.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\985e905f1aa16f49a6982f2594008f82\webplayer_win.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\3a11715753735646816a9b41cd8ead64\mono-1-vc.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\3a11715753735646816a9b41cd8ead64\webplayer_win.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\3a11715753735646816a9b41cd8ead64\wrap_oal.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\09461e930f4e9342ad167734c214c459\mono-1-vc.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\09461e930f4e9342ad167734c214c459\webplayer_win.dll
C:\Users\Other\AppData\Local\Temp\Low\UnityWebPlayer\temp\09461e930f4e9342ad167734c214c459\wrap_oal.dll
C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\curl.exe
C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\hide.exe
C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\syslog.exe
C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\tu_guid.exe
C:\Users\sarah\AppData\Local\Temp\TuneUpMedia\tu_prefs.exe
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\D3DCompiler_43.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\Opera-12.16-1860.i386.autoupdate.exe
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\opera.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\opera.exe
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\OperaUpgrader.exe
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\updatechecker\opera_autoupdate.exe
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\mapi\OperaMAPI.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\gstreamer.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioconvert.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstaudioresample.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstautodetect.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstcoreplugins.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdecodebin2.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstdirectsound.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstffmpegcolorspace.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstoggdec.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwaveform.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwavparse.dll
C:\Users\sarah\AppData\Local\Temp\CProgram Files (x86)Opera\gstreamer\plugins\gstwebmdec.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 18:58

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013
Ran by sarah at 2013-09-06 17:32:29
Running from C:\Users\sarah\Desktop\softwares
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
3DVIA player 5.0 (x32 Version: 5.0.0.12)
3DVIA player 5.0.0.20 (x32 Version: 5.0.20)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Airytec Switch Off (Version: 3.4.1)
Anti-phishing Domain Advisor (x32 Version: 1.0.0.0)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
AVG Security Toolbar (x32 Version: 10.0.0.7)
Best Buy Software Installer (Version: 2.1.0.29)
Best Buy Software Installer (x32 Version: 2.1.0.29)
Bird and Robinson 2.0 (x32 Version: 2.0)
Bonjour (Version: 3.0.0.10)
Brain Workshop 4.8.1 (x32 Version: 4.8.1)
CameraHelperMsi (x32 Version: 13.31.1038.0)
Canon IJ Network Scan Utility (x32)
Canon IJ Network Tool (x32)
Canon MP Navigator EX 2.1 (x32)
Canon MX860 series MP Drivers
Canon MX860 series User Registration (x32)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.4518.1014)
Content Transfer (x32 Version: 1.2.0.07300)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
DANB Tutorial and Demo (x32 Version: 2.3.803.335)
DealBulldog Toolbar (x32)
dows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
DVD Decrypter (Remove Only) (x32)
erLT (x32 Version: 1.20.138.34)
Facebook Plug-In (HKCU)
FREE Hi-Q Recorder 1.92 (x32)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
HyperCam 2 (x32 Version: 2.25.01)
iLivid (x32 Version: 1.92.0.109635)
iMesh (x32 Version: 11.0.0.118611)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
IrfanView (remove only) (x32 Version: 4.27)
iTunes (Version: 10.5.3.3)
Java 6 Update 21 (x32 Version: 6.0.210)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Kid-Key-Lock 1.7.0.0 (x32)
LeapFrog Connect (x32 Version: 3.2.19.13664)
LeapFrog Leapster2 Plugin (x32 Version: 3.2.19.13664)
LimeWire 5.4.6 (x32 Version: 5.4.6)
Logitech Webcam Software (x32 Version: 2.31)
LWS Facebook (x32 Version: 13.31.1038.0)
LWS Gallery (x32 Version: 13.31.1038.0)
LWS Help_main (x32 Version: 13.31.1044.0)
LWS Launcher (x32 Version: 13.31.1038.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.31.1038.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Tool Web Package:diskpart.exe (x32 Version: 1.0.0.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
MixiDJ V37 Toolbar (x32 Version: 6.15.0.27)
Moozy (x32)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
Norton Family (x32 Version: 2.8.0.14)
Norton Security Scan (x32 Version: 3.0.0.103)
Norton Security Suite (x32 Version: 4.4.0.12)
NWZ-E340 WALKMAN Guide (x32 Version: 2.0.00.07010)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Opera 11.64 (x32 Version: 11.64.1403)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerFlashCard (x32)
QuickTime (x32 Version: 7.71.80.42)
Rapport (x32 Version: 3.5.1105.59)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101)
Realtek WLAN Driver (x32 Version: 2.00.0006)
Roxio Burn (x32 Version: 1.2)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Roxio Burn (x32 Version: 1.0.0)
Roxio Update Manager (x32 Version: 6.0.0)
Search Results Toolbar (x32 Version: 1.0.0.12)
SoundCapture (x32 Version: 1.1.0)
Souptoys (x32 Version: 1.6.0.8)
Spam Free Search Bar (x32 Version: 1.0.0.12)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
TOSHIBA Application Installer (x32 Version: 9.0.1.0)
TOSHIBA Assist (x32 Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA Bulletin Board (x32 Version: 1.5.05.64)
TOSHIBA ConfigFree (x32 Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0)
TOSHIBA Media Controller (x32 Version: 1.0.65)
TOSHIBA Quality Application (x32 Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA ReelTime (x32 Version: 1.5.07.64)
TOSHIBA Service Station (x32 Version: 2.1.33)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C)
TOSHIBA Value Added Package (Version: 1.2.26.64)
TOSHIBA Value Added Package (x32 Version: 1.2.26.64)
ToshibaRegistration (x32 Version: 1.0.3)
TrustyFiles (x32)
TuneUp Companion 2.4.2 (x32 Version: 2.4.2)
Tux of Math Command (remove only) (x32)
TweetDeck (x32 Version: 0.36.2)
Update for Microsoft Office Word 2007 (KB974631) (x32)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (x32)
Utility Common Driver (x32 Version: 1.0.50.27C)
VLC media player 2.0.2 (x32 Version: 2.0.2)
VOICE4WEB (x32 Version: 1.0.0)
Wincore MediaBar (x32 Version: 3.0.0.118597)
Windows iLivid Toolbar (x32 Version: 3.0.0.112200)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0A5A3F85-A8F0-4DA3-B4CD-A8C52875472F} - System32\Tasks\{6A5DF337-86C3-4AC4-8B37-5C47DE87F057} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {22DFD68F-0CF5-47F7-AF0F-8EDF5E9753E3} - System32\Tasks\{BFA4DA1E-A1CC-4E29-9435-D0367327EB77} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {3331E4EB-06BE-4A94-B589-36C03EA219D4} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {42928985-4AA4-469E-B483-B0411BB64702} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2009-07-13] (Microsoft Corporation)
Task: {451534AC-CD6F-41E7-AA27-28C37E3B7F5F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {4880B092-57BC-43CC-BD2D-CAE34ACA5DB0} - System32\Tasks\{05DE2E19-528C-4725-BE8C-EF73EE629E76} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {58E33642-CF8C-4408-8C28-748BBC8B9ECB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5F05709A-4A22-458E-BB23-5435F4FFCA70} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\tampmon.exe [2013-07-24] (Symantec Corporation)
Task: {7737400C-2BD7-4880-90FA-8082FE840B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {8D6D286C-BF19-4470-96D4-357061FF9D65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {90160B7D-9A15-45DE-A263-2730694A196E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2844117050-2618380543-1804570796-1003 => C:\Windows\System32\portabledeviceapi.dll [2009-07-13] (Microsoft Corporation)
Task: {97AC04C8-D462-4827-AA11-11B1B560B15C} - System32\Tasks\{01618015-C59A-4DFC-ACC2-DDF9FD91D913} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {A09B9669-7426-4333-BDC8-562E3088FEF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {A50E74C4-1942-4542-AEA1-3D775CFFE013} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {A6C36EE7-002D-4975-A7B4-8E34302F2620} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {AC29B55C-FF67-414B-A9FD-4B9446E9AEFB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {C2D1BE75-D225-45E9-A186-47337AD2D01D} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {CF20D084-C2EC-46FF-995C-0DE98583E027} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {D4049FC0-2981-4ECC-A17B-9E4FDFA23BCF} - System32\Tasks\Norton Security Scan for sarah => C:\Program Files (x86)\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2012-10-03] (Symantec Corporation)
Task: {DC0B0A9E-83F3-44F6-8C07-CB2B08CA1A39} - System32\Tasks\{E8FE5DDC-25E0-4403-8FCC-B3E83782FBBA} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for sarah.job => C:\PROGRA~2\NORTON~2\Engine\300~1.103\Nss.exe

==================== Loaded Modules (whitelisted) =============

2011-10-31 14:52 - 2010-03-18 14:37 - 02495344 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll
2011-10-31 14:52 - 2011-08-03 21:25 - 00985472 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccL90U.dll
2011-10-31 14:52 - 2011-08-21 19:53 - 00087976 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\EFACli64.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00113024 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccVrTrst.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00419712 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccSet.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00230784 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccIPC.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00200064 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccGEvt.dll
2009-07-13 17:22 - 2009-07-13 18:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-01-24 17:52 - 2009-07-06 18:07 - 00104448 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\cnmpu.dll
2012-01-24 17:52 - 2009-07-06 18:07 - 00093184 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2009-08-03 19:18 - 2009-08-03 19:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-08-03 19:19 - 2009-08-03 19:19 - 00265584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2013-08-16 23:50 - 2013-08-16 23:50 - 00853896 ____T (Google Inc.) C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\goopdate.dll
2012-01-17 12:18 - 2012-01-17 12:18 - 00309416 _____ (Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
2011-09-14 10:19 - 2011-09-14 10:19 - 02348544 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
2011-09-14 10:19 - 2011-09-14 10:19 - 08500224 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
2011-11-12 13:05 - 2011-11-12 13:05 - 00085856 _____ (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterDeviceHook.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\windows\system32\dnssd.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-09-25 19:00 - 2011-09-25 19:00 - 02680632 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll
2011-09-19 20:38 - 2011-09-19 20:38 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-10-30 03:37 - 2012-10-30 03:37 - 00688440 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll
2012-05-28 15:51 - 2012-05-28 15:51 - 00520464 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
2011-03-31 19:14 - 2011-09-25 19:00 - 00522040 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.DLL
2011-03-31 19:14 - 2011-09-25 19:00 - 00505656 _____ (Trusteer Ltd.) c:\program files (x86)\trusteer\rapport\bin\rooksdol.dll
2011-03-31 19:14 - 2011-03-10 21:09 - 00198456 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1


==================== Faulty Device Manager Devices =============

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 151601

Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 151601

Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 146656

Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 146656

Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 137811

Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 137811

Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2013 01:49:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 128700


System errors:
=============
Error: (09/06/2013 05:32:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/06/2013 05:31:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (09/06/2013 05:31:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.

Error: (09/06/2013 05:30:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (09/06/2013 05:30:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Error: (09/06/2013 05:29:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/06/2013 05:29:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (09/06/2013 05:28:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (09/06/2013 05:28:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.

Error: (09/06/2013 05:27:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 2936.89 MB
Available physical RAM: 1918.5 MB
Total Pagefile: 5871.92 MB
Available Pagefile: 4458.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:116.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites
david14433

david14433

Posted
  • Author
Posted

And this.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013
Ran by sarah at 2013-09-06 17:32:29
Running from C:\Users\sarah\Desktop\softwares
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
3DVIA player 5.0 (x32 Version: 5.0.0.12)
3DVIA player 5.0.0.20 (x32 Version: 5.0.20)
Adobe AIR (x32 Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Airytec Switch Off (Version: 3.4.1)
Anti-phishing Domain Advisor (x32 Version: 1.0.0.0)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
AVG Security Toolbar (x32 Version: 10.0.0.7)
Best Buy Software Installer (Version: 2.1.0.29)
Best Buy Software Installer (x32 Version: 2.1.0.29)
Bird and Robinson 2.0 (x32 Version: 2.0)
Bonjour (Version: 3.0.0.10)
Brain Workshop 4.8.1 (x32 Version: 4.8.1)
CameraHelperMsi (x32 Version: 13.31.1038.0)
Canon IJ Network Scan Utility (x32)
Canon IJ Network Tool (x32)
Canon MP Navigator EX 2.1 (x32)
Canon MX860 series MP Drivers
Canon MX860 series User Registration (x32)
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.4518.1014)
Content Transfer (x32 Version: 1.2.0.07300)
DAEMON Tools Lite (x32 Version: 4.41.3.0173)
DANB Tutorial and Demo (x32 Version: 2.3.803.335)
DealBulldog Toolbar (x32)
dows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
DVD Decrypter (Remove Only) (x32)
erLT (x32 Version: 1.20.138.34)
Facebook Plug-In (HKCU)
FREE Hi-Q Recorder 1.92 (x32)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752)
Google Update Helper (x32 Version: 1.3.21.153)
HyperCam 2 (x32 Version: 2.25.01)
iLivid (x32 Version: 1.92.0.109635)
iMesh (x32 Version: 11.0.0.118611)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
IrfanView (remove only) (x32 Version: 4.27)
iTunes (Version: 10.5.3.3)
Java 6 Update 21 (x32 Version: 6.0.210)
Junk Mail filter update (x32 Version: 14.0.8089.726)
Kid-Key-Lock 1.7.0.0 (x32)
LeapFrog Connect (x32 Version: 3.2.19.13664)
LeapFrog Leapster2 Plugin (x32 Version: 3.2.19.13664)
LimeWire 5.4.6 (x32 Version: 5.4.6)
Logitech Webcam Software (x32 Version: 2.31)
LWS Facebook (x32 Version: 13.31.1038.0)
LWS Gallery (x32 Version: 13.31.1038.0)
LWS Help_main (x32 Version: 13.31.1044.0)
LWS Launcher (x32 Version: 13.31.1038.0)
LWS Motion Detection (x32 Version: 13.30.1395.0)
LWS Pictures And Video (x32 Version: 13.31.1038.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Video Mask Maker (x32 Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (x32 Version: 13.31.1038.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 2 (SP2) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Silverlight (x32 Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Tool Web Package:diskpart.exe (x32 Version: 1.0.0.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Works (x32 Version: 9.7.0621)
MixiDJ V37 Toolbar (x32 Version: 6.15.0.27)
Moozy (x32)
Mozilla Firefox 23.0.1 (x86 en-US) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
Norton Family (x32 Version: 2.8.0.14)
Norton Security Scan (x32 Version: 3.0.0.103)
Norton Security Suite (x32 Version: 4.4.0.12)
NWZ-E340 WALKMAN Guide (x32 Version: 2.0.00.07010)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Opera 11.64 (x32 Version: 11.64.1403)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerFlashCard (x32)
QuickTime (x32 Version: 7.71.80.42)
Rapport (x32 Version: 3.5.1105.59)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101)
Realtek WLAN Driver (x32 Version: 2.00.0006)
Roxio Burn (x32 Version: 1.2)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Roxio Burn (x32 Version: 1.0.0)
Roxio Update Manager (x32 Version: 6.0.0)
Search Results Toolbar (x32 Version: 1.0.0.12)
SoundCapture (x32 Version: 1.1.0)
Souptoys (x32 Version: 1.6.0.8)
Spam Free Search Bar (x32 Version: 1.0.0.12)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
TOSHIBA Application Installer (x32 Version: 9.0.1.0)
TOSHIBA Assist (x32 Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA Bulletin Board (x32 Version: 1.5.05.64)
TOSHIBA ConfigFree (x32 Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0)
TOSHIBA Media Controller (x32 Version: 1.0.65)
TOSHIBA Quality Application (x32 Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA ReelTime (x32 Version: 1.5.07.64)
TOSHIBA Service Station (x32 Version: 2.1.33)
TOSHIBA Speech System Applications (x32 Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (x32)
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (x32)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C)
TOSHIBA Value Added Package (Version: 1.2.26.64)
TOSHIBA Value Added Package (x32 Version: 1.2.26.64)
ToshibaRegistration (x32 Version: 1.0.3)
TrustyFiles (x32)
TuneUp Companion 2.4.2 (x32 Version: 2.4.2)
Tux of Math Command (remove only) (x32)
TweetDeck (x32 Version: 0.36.2)
Update for Microsoft Office Word 2007 (KB974631) (x32)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (x32)
Utility Common Driver (x32 Version: 1.0.50.27C)
VLC media player 2.0.2 (x32 Version: 2.0.2)
VOICE4WEB (x32 Version: 1.0.0)
Wincore MediaBar (x32 Version: 3.0.0.118597)
Windows iLivid Toolbar (x32 Version: 3.0.0.112200)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Photo Gallery (x32 Version: 14.0.8081.709)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0A5A3F85-A8F0-4DA3-B4CD-A8C52875472F} - System32\Tasks\{6A5DF337-86C3-4AC4-8B37-5C47DE87F057} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {22DFD68F-0CF5-47F7-AF0F-8EDF5E9753E3} - System32\Tasks\{BFA4DA1E-A1CC-4E29-9435-D0367327EB77} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {3331E4EB-06BE-4A94-B589-36C03EA219D4} - System32\Tasks\Symantec\Symantec Error Analyzer 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {42928985-4AA4-469E-B483-B0411BB64702} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2009-07-13] (Microsoft Corporation)
Task: {451534AC-CD6F-41E7-AA27-28C37E3B7F5F} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {4880B092-57BC-43CC-BD2D-CAE34ACA5DB0} - System32\Tasks\{05DE2E19-528C-4725-BE8C-EF73EE629E76} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {58E33642-CF8C-4408-8C28-748BBC8B9ECB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5F05709A-4A22-458E-BB23-5435F4FFCA70} - System32\Tasks\229B350D-034F-4c01-BAF2-3EA03DCAE0B9 => C:\Program Files (x86)\Norton Family\Engine\2.8.0.14\tampmon.exe [2013-07-24] (Symantec Corporation)
Task: {7737400C-2BD7-4880-90FA-8082FE840B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {8D6D286C-BF19-4470-96D4-357061FF9D65} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {90160B7D-9A15-45DE-A263-2730694A196E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2844117050-2618380543-1804570796-1003 => C:\Windows\System32\portabledeviceapi.dll [2009-07-13] (Microsoft Corporation)
Task: {97AC04C8-D462-4827-AA11-11B1B560B15C} - System32\Tasks\{01618015-C59A-4DFC-ACC2-DDF9FD91D913} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: {A09B9669-7426-4333-BDC8-562E3088FEF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {A50E74C4-1942-4542-AEA1-3D775CFFE013} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {A6C36EE7-002D-4975-A7B4-8E34302F2620} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14] (Google Inc.)
Task: {AC29B55C-FF67-414B-A9FD-4B9446E9AEFB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {C2D1BE75-D225-45E9-A186-47337AD2D01D} - System32\Tasks\Symantec\Symantec Error Processor 4.4.0.12 => C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {CF20D084-C2EC-46FF-995C-0DE98583E027} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-15] (Google Inc.)
Task: {D4049FC0-2981-4ECC-A17B-9E4FDFA23BCF} - System32\Tasks\Norton Security Scan for sarah => C:\Program Files (x86)\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2012-10-03] (Symantec Corporation)
Task: {DC0B0A9E-83F3-44F6-8C07-CB2B08CA1A39} - System32\Tasks\{E8FE5DDC-25E0-4403-8FCC-B3E83782FBBA} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000Core.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1000UA.job => C:\Users\sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003Core.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2844117050-2618380543-1804570796-1003UA.job => C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for sarah.job => C:\PROGRA~2\NORTON~2\Engine\300~1.103\Nss.exe

==================== Loaded Modules (whitelisted) =============

2011-10-31 14:52 - 2010-03-18 14:37 - 02495344 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\buShell.dll
2011-10-31 14:52 - 2011-08-03 21:25 - 00985472 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccL90U.dll
2011-10-31 14:52 - 2011-08-21 19:53 - 00087976 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\EFACli64.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00113024 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccVrTrst.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00419712 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccSet.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00230784 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccIPC.dll
2011-10-31 14:52 - 2011-08-03 21:19 - 00200064 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine64\4.4.0.12\ccGEvt.dll
2009-07-13 17:22 - 2009-07-13 18:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm
2012-01-24 17:52 - 2009-07-06 18:07 - 00104448 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\cnmpu.dll
2012-01-24 17:52 - 2009-07-06 18:07 - 00093184 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2009-08-03 19:18 - 2009-08-03 19:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-08-03 19:19 - 2009-08-03 19:19 - 00265584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2013-08-16 23:50 - 2013-08-16 23:50 - 00853896 ____T (Google Inc.) C:\Users\sarah\AppData\Local\Google\Update\1.3.21.153\goopdate.dll
2012-01-17 12:18 - 2012-01-17 12:18 - 00309416 _____ (Visicom Media Inc. (Powered by Panda Security)) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
2011-09-14 10:19 - 2011-09-14 10:19 - 02348544 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
2011-09-14 10:19 - 2011-09-14 10:19 - 08500224 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
2011-11-12 13:05 - 2011-11-12 13:05 - 00085856 _____ (LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\DeviceHooks\LeapsterDeviceHook.dll
2010-03-15 16:57 - 2010-03-15 16:57 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\windows\system32\dnssd.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2011-09-25 19:00 - 2011-09-25 19:00 - 02680632 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll
2011-09-19 20:38 - 2011-09-19 20:38 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2012-10-30 03:37 - 2012-10-30 03:37 - 00688440 _____ (Trusteer Ltd.) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus.dll
2012-05-28 15:51 - 2012-05-28 15:51 - 00520464 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
2011-03-31 19:14 - 2011-09-25 19:00 - 00522040 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.DLL
2011-03-31 19:14 - 2011-09-25 19:00 - 00505656 _____ (Trusteer Ltd.) c:\program files (x86)\trusteer\rapport\bin\rooksdol.dll
2011-03-31 19:14 - 2011-03-10 21:09 - 00198456 _____ (Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\rookscom.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1


==================== Faulty Device Manager Devices =============

Name: Canon MX860 ser Network
Description: Canon MX860 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 151601

Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 151601

Error: (09/06/2013 01:49:36 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 146656

Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 146656

Error: (09/06/2013 01:49:31 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 137811

Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 137811

Error: (09/06/2013 01:49:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2013 01:49:13 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 128700


System errors:
=============
Error: (09/06/2013 05:32:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/06/2013 05:31:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (09/06/2013 05:31:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.

Error: (09/06/2013 05:30:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (09/06/2013 05:30:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

Error: (09/06/2013 05:29:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/06/2013 05:29:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (09/06/2013 05:28:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

Error: (09/06/2013 05:28:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.

Error: (09/06/2013 05:27:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 2936.89 MB
Available physical RAM: 1918.5 MB
Total Pagefile: 5871.92 MB
Available Pagefile: 4458.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (TI105756W0B) (Fixed) (Total:222.43 GB) (Free:116.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: CE865B76)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Download, install and run CCleaner free to clean out temp files.
Here's a Tutorial if needed.
You may want to uncheck "cookies" and please stay away from the registry cleaner.

---------------------------

Please uninstall MixiDJ V37 Toolbar (x32 Version: 6.15.0.27) from your add/remove programs

Then......

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.