Jump to content

Search Conduit, FilesFrog Update Checker, SpeedyPC Pro -- Oops!


Recommended Posts

Hello Again =)

 

I've done it again!  I was looking for a repair manual for a tractor from an unknown website, tried to download something, and now I have a few infection symptoms to report.

 

 

1. IE tabs now automatically navigate to  "seach.conduit.com" 

 

2. Google Chrome told me my settings are unable to be loaded due to file corruption.

 

3. Strange File now on desktop  Type of file: "TRACTORS File (.tractors)"

                                                   "Opens with: Windows Shell Common Dll" 

 

4. New programs in Start menu: "FilesFrog Update Checker," "SpeedyPC PRO"

 

 

This is all I have noticed so far.  Infection took place 20 minutes ago.  Where should I start?

 

Thank you in advance!

-Nathan

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

P2P/Piracy Warning:

    
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Kevin

Link to post
Share on other sites

AdwCleaner Log:

 

# AdwCleaner v3.018 - Report created 29/01/2014 at 14:25:09
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : server - SERVER-PC
# Running from : C:\Users\server\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : CltMngSvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\SpeedyPC Software
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\SpeedyPC Software
Folder Deleted : C:\Program Files (x86)\Common Files\SpeedyPC Software
Folder Deleted : C:\Users\server\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\server\AppData\Local\Searchprotect
Folder Deleted : C:\Users\server\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\server\AppData\Roaming\SpeedyPC Software
Folder Deleted : C:\Users\server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\SpeedyPC Software
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SpeedyPC Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Mozilla Firefox v12.0 (en-US)
 
[ File : C:\Users\server\AppData\Roaming\Mozilla\Firefox\Profiles\rbel3094.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\server\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : search_url
Deleted : suggest_url
 
*************************
 
AdwCleaner[R0].txt - [2435 octets] - [17/12/2013 14:17:11]
AdwCleaner[R1].txt - [3026 octets] - [29/01/2014 14:23:56]
AdwCleaner[s0].txt - [2477 octets] - [17/12/2013 14:19:39]
AdwCleaner[s1].txt - [2574 octets] - [29/01/2014 14:25:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2634 octets] ##########
Link to post
Share on other sites

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by server on Wed 01/29/2014 at 15:09:49.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{00A19989-C0A0-4088-8CDF-10739E6C8E2C}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{0346E958-081B-43D3-865E-A6801FA35445}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{05A48E81-6625-401B-A5B0-9DBEB183801B}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{0B14300C-ACD5-4A44-B794-280A2BC78CB2}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{0C4F9AE9-1A92-4286-BA4E-A3B6DA6B39C1}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{0D49929C-FDB2-4755-9B98-13BF2C468216}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{13316963-784D-40C2-B751-B019F39E20B3}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{14B96F22-D73C-4A09-9F2E-C4E9412D5EF8}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{18D1A5A4-B7E1-4433-BAD7-1EC00D306F46}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{1F96F81D-2E49-42B0-BF7A-7055D100097C}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{2525DFDF-C0F4-4C81-A983-5ADF6E26955E}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{25EEA5F4-5916-4126-9A2F-2D3895B50BFC}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{279F857F-DE98-4D6A-9FAF-3E425A025E43}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{28653624-7329-4FF3-99AF-7D94248F7204}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{28C4545F-430B-478D-A4A5-0C06B399E7E8}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{2BB771DC-10E2-4998-A19D-0AEB77B67283}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{2CF2E3F5-6730-44F2-A635-3055198BA2E6}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{2DA8BE3A-54A4-4CB9-ACE7-2F59FD3C3186}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{309FDE40-48F9-4509-865D-E84955B7506F}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{33DB9812-D9F4-4533-9640-76B93FEDFE7C}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{35333B85-EC22-4B53-86A8-F2F398ECA092}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{35E42375-0ABA-496E-99B3-98069AE8E286}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{3971FBA6-61F8-4B14-9A1E-3D64E30D8026}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{3B9CC279-7025-47B3-94FC-6D3555D81722}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{3BA5522E-933E-4A16-8775-679223F0242D}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{3C456922-BCC1-4E2F-802A-5901AE65CC18}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{3C839357-BEAD-40D1-815B-43DC42F0D0B9}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{3FE62806-D0E7-4892-B1B6-769346C34544}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{42E9A54A-3C35-487E-87DA-F7349C809410}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{43C663F2-EBE4-4AD8-A96C-D72D1FF27737}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{43F100D7-9E8A-456E-BE34-75F0CDD26CBF}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{4453C6A2-9D2F-4771-AF12-21531EC8DC81}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{44D8CAA8-B869-41F0-A375-1A9A9EF556E1}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{487CB1E4-E571-464F-9E31-B38B5AF6ACB8}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{495E2ABF-6B3C-4A84-B3CC-747BF40394FD}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{4D273D68-C1B8-4245-B13D-0BBDC012CFEA}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{4D4E039E-A825-4FC7-8647-54199C49630F}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{4F34FF03-0539-4133-A26B-FD6BE66F7742}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{502AC158-6102-432C-9E81-2A4A6B76151A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{5060A979-9504-4ABC-BC8C-744B81384D8A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{561972D4-B381-4AAC-BEBF-9B5D9AFFF42B}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{58D79511-5716-4DDF-A830-8E68BEC81EB6}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{5BA6CFE1-D270-4CAC-B630-CF00DDD01E24}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{5D9E0C4A-15CB-4E3E-BA08-D10920DEF188}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{6086B1E2-59DE-49DE-8A6C-C6F9C32E6D6B}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{60A03364-2403-40D8-9F23-D312B8E6CD62}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{634FA44C-3E44-492D-B9A6-16250A81780A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{676FBBF6-4058-4647-AE5B-4A49F7B2BB71}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{6C214DDE-751F-426B-8DBD-C532CD3EA5E0}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{6CF753D3-0A2E-4BC9-B6BB-377E3554E120}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{72D2CB00-CDB7-4991-BE82-DBAE51223A5C}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{78FC111B-ED3B-4FD0-BB2E-E811C2FC7731}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{7B97A369-AE64-4310-B2E0-94C4659AD56C}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{7E14B486-CB03-413A-AEF7-9A5D7A7D4BF7}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{7F8A99A4-7444-4EC5-BB66-655CAC2BDFAA}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{81A8ACC1-485C-4302-8160-F240FEDAF521}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{8200F489-432B-4775-A31E-AB3F0F78948A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{84897253-2E5A-4247-A60D-72FB00CCEF04}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{86F989C0-1DA8-48C1-8558-89076017632E}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{896DCCEE-AAA7-4562-AC09-CD0DCE221DB0}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{902A5F96-7F11-43EC-A487-D24C78A41224}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{90558967-7357-453D-BD30-36C431A31F16}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{9063ED0A-CF30-44D2-8DCA-3B50CCC6B059}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{91E5DF53-1B79-4E14-B832-2A59B631EB41}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{958713C8-B1C5-45E0-A43D-3B5FE37D02AB}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{95D81931-5A98-4FB9-A7E4-03EE791559B9}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{9C4FFC9B-9862-4CEB-9063-21E9BE2856CE}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{B430C74A-3001-4C20-8E53-CF28F0144ECC}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{BA18A627-4866-4244-9D4D-9D578A12AF0A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{BB410716-B712-49E0-9782-90EBBD710EF1}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{BB5A4742-A02E-4FCF-BE14-0CBE7B4BB29F}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{BC390EB4-632B-4F52-8280-2AAADE1DA360}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{BC547BB8-1BAF-4233-8609-ED9AE2BF5C95}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{C03EDD85-9051-426A-A9D2-9DD933AC5989}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{C407E27E-AA3A-481E-91E0-DA64E0612443}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{C55351DF-C1A8-4F04-86DC-C46C2E41473C}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{CB38EDAD-6533-4140-9092-47B654F50AA0}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{CBEBA73E-83D7-4852-A1CF-9B08360AB1E8}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{CC46AE64-6A21-44AB-845F-DB9DB9BAB8BC}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{CCEF79DE-D6C3-4AAE-872E-EB6FEA6AFB28}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{CED4963B-17D6-4B40-876B-942DD31E0203}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{D3B09F77-06DE-4A7C-A333-1C51A5B94DF4}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{D4EA219B-B0EC-4C39-8889-030D6F3E93F4}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{D767D029-9305-4281-8045-48037F578C97}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{D8D5094A-B304-45B3-BBDD-2F57183FECA2}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{DDACAA58-3FB4-481B-8625-BB292EE99337}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{DE061CAA-B5CE-47C1-AC45-B853C0D5B9C7}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{DE73BBE6-164A-4A5C-8A5B-8C7BBE26C24A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{DE8EC154-CD63-4C52-A364-AC3CB5086807}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{E171DB80-874E-48ED-B9D2-56982138509F}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{E2723FDD-6C6B-4450-BC07-366C94110D7A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{E37739D1-CFC9-4231-8DCE-EEB4DBF9F702}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{E5C72EBC-ED40-469C-88E0-DB1F77010E44}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{E87BA17E-12C8-48EB-82EB-65DCD60CD1AB}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{E9F5AC48-1BE0-4309-9689-091E7B132607}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{ECD0E5AB-9E51-43B8-965B-C34A039D492A}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{EDB8B4CF-49A1-4101-9BE7-0497EF5B4009}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{EFB7E2A5-DB77-404A-AA6E-FE14E6002081}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{F1F485F1-1E73-4B95-8F3A-22ED766A69CC}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{F6C684EF-9438-4A1C-A036-95B953D805E9}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{F9496C15-121F-43AC-BFB6-71C6A469052B}
Successfully deleted: [Empty Folder] C:\Users\server\appdata\local\{FB1E37AF-B052-47C5-9E2C-D066BF3EB341}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/29/2014 at 15:15:56.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by server (administrator) on SERVER-PC on 29-01-2014 15:18:13
Running from C:\Users\server\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\blindbat\bin\utilblindbat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCUI.exe
(RingCentral, Inc.) C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dropbox, Inc.) C:\Users\server\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
() C:\Program Files (x86)\blindbat\updateblindbat.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [HP LJ300-400 color MFP M375-M475 Series Fax] - C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-05-06] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [statusAlerts] - C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [136760 2011-07-19] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-08] (AVAST Software)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [LaCie Ethernet Agent Startup] - C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5853184 2009-12-17] (LaCie SA)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2014-01-08] (SUPERAntiSpyware)
HKCU\...\Run: [GoogleChromeAutoLaunch_7966F2ED49BCB652819E5D1313EE5546] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-22] (Google Inc.)
HKCU\...\Run: [RCUI] - C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCUI.exe [502064 2013-10-23] (RingCentral, Inc.)
HKCU\...\Run: [RCHotKey] - C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe [39216 2013-10-23] (RingCentral, Inc.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
Startup: C:\Users\server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\server\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: blindbat - {7ffdbd02-60bb-4e14-a92e-3629aa6ca375} - C:\Program Files (x86)\blindbat\blindbatBHO.dll (blindbat)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\server\AppData\Roaming\Mozilla\Firefox\Profiles\rbel3094.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\server\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\server\AppData\Local\DIRECTV Player\npPlayerPlugin.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-13]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-02]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-25]
 
Chrome: 
=======
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
CHR Extension: (RealDownloader) - C:\Users\server\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-03]
CHR Extension: (Google Wallet) - C:\Users\server\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-08] (AVAST Software)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-21] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-21] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 QuickBooksDB19; C:\Program Files (x86)\Intuit\QuickBooks 2009\QBDBMgrN.exe [131072 2008-07-09] (Intuit, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Update blindbat; C:\Program Files (x86)\blindbat\updateblindbat.exe [102168 2014-01-27] ()
R2 Util blindbat; C:\Program Files (x86)\blindbat\bin\utilblindbat.exe [102168 2014-01-29] ()
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-08] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-08] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-08] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-29 15:18 - 2014-01-29 15:18 - 00019960 _____ C:\Users\server\Desktop\FRST.txt
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D C:\FRST
2014-01-29 15:15 - 2014-01-29 15:16 - 00011782 _____ C:\Users\server\Desktop\JRT.txt
2014-01-29 15:09 - 2014-01-29 15:09 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 14:59 - 2014-01-29 14:59 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993626703-3969051778-2929542781-1000
2014-01-29 14:45 - 2014-01-29 14:45 - 00002718 _____ C:\Users\server\Desktop\AdwCleaner[s1].txt
2014-01-29 14:42 - 2014-01-29 14:59 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993626703-3969051778-2929542781-1000
2014-01-29 14:40 - 2014-01-29 14:54 - 00000112 _____ C:\Windows\setupact.log
2014-01-29 14:40 - 2014-01-29 14:40 - 00002230 _____ C:\Windows\PFRO.log
2014-01-29 14:40 - 2014-01-29 14:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 14:22 - 2014-01-29 14:22 - 02079744 _____ (Farbar) C:\Users\server\Desktop\FRST64.exe
2014-01-29 14:21 - 2014-01-29 14:21 - 01037068 _____ (Thisisu) C:\Users\server\Desktop\JRT.exe
2014-01-29 14:20 - 2014-01-29 14:21 - 01166132 _____ C:\Users\server\Desktop\AdwCleaner.exe
2014-01-29 11:39 - 2014-01-29 11:42 - 00000000 ____D C:\Users\server\Desktop\Schaapman Cement Mixer
2014-01-29 10:55 - 2014-01-29 10:52 - 22630361 _____ C:\Users\server\Desktop\Service Manual for Massey Ferguson MF230 - MF250 Tractors.tractors
2014-01-29 10:54 - 2014-01-29 14:40 - 00000494 _____ C:\Windows\Tasks\SpeedyPC Registration3.job
2014-01-29 10:54 - 2014-01-29 14:28 - 00000000 ____D C:\Program Files (x86)\blindbat
2014-01-29 10:54 - 2014-01-29 10:54 - 00003160 _____ C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-01-29 10:53 - 2014-01-29 14:58 - 00000518 _____ C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-01-29 10:53 - 2014-01-29 14:40 - 00000466 _____ C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-01-29 10:53 - 2014-01-29 14:40 - 00000422 _____ C:\Windows\Tasks\SpeedyPC Pro.job
2014-01-29 10:53 - 2014-01-29 10:53 - 00003342 _____ C:\Windows\System32\Tasks\SpeedyPC Pro
2014-01-29 10:53 - 2014-01-29 10:53 - 00003282 _____ C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-01-29 10:53 - 2014-01-29 10:53 - 00002946 _____ C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-01-29 10:53 - 2014-01-29 10:53 - 00001205 _____ C:\Users\server\Desktop\SpeedyPC Pro.lnk
2014-01-29 10:50 - 2014-01-29 10:50 - 00003254 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-01-29 10:49 - 2014-01-29 10:49 - 00237016 _____ C:\Users\server\Downloads\ServiceManualforMasseyFergusonMF230-MF250Tractors_downloader-8Qpcaape.exe
2014-01-28 08:50 - 2014-01-28 08:50 - 00000000 ____D C:\Users\server\Desktop\Porter Changes
2014-01-24 15:38 - 2014-01-24 15:40 - 00000000 ____D C:\Users\server\Desktop\Ford 545C
2014-01-24 11:40 - 2014-01-24 17:04 - 00000000 ____D C:\Users\server\Desktop\February Ag Source Ad
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\Users\server\Desktop\Lucas Gopher Machine
2014-01-20 13:19 - 2014-01-20 13:19 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 13:19 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-20 13:19 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-20 13:19 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-20 13:19 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 16:23 - 2014-01-28 13:13 - 00000000 ____D C:\Users\server\Desktop\DeBoer AirOFan
2014-01-17 10:48 - 2014-01-17 10:54 - 00000000 ____D C:\Users\server\Desktop\Misc Consignments
2014-01-15 01:38 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 01:38 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 01:38 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 01:38 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 01:38 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 01:38 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 01:38 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 01:38 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 01:38 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 09:55 - 2014-01-14 09:56 - 00000000 ____D C:\Users\server\Desktop\Letter Picture
2014-01-09 13:11 - 2014-01-09 13:11 - 00000000 __RHD C:\Users\server\AppData\Roaming\SecuROM
2014-01-08 09:25 - 2014-01-08 09:25 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-03 11:20 - 2014-01-13 11:50 - 00000000 ____D C:\Users\server\Desktop\New folder (2)
 
==================== One Month Modified Files and Folders =======
 
2014-01-29 15:18 - 2014-01-29 15:18 - 00019960 _____ C:\Users\server\Desktop\FRST.txt
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D C:\FRST
2014-01-29 15:16 - 2014-01-29 15:15 - 00011782 _____ C:\Users\server\Desktop\JRT.txt
2014-01-29 15:15 - 2013-01-16 08:49 - 00000000 ____D C:\Users\server\AppData\Roaming\Dropbox
2014-01-29 15:15 - 2011-05-10 07:55 - 2311349248 _____ C:\Users\Public\Outlook.pst
2014-01-29 15:09 - 2014-01-29 15:09 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 15:02 - 2009-07-13 20:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 15:02 - 2009-07-13 20:45 - 00015040 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 14:59 - 2014-01-29 14:59 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993626703-3969051778-2929542781-1000
2014-01-29 14:59 - 2014-01-29 14:42 - 00003212 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993626703-3969051778-2929542781-1000
2014-01-29 14:58 - 2014-01-29 10:53 - 00000518 _____ C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-01-29 14:58 - 2013-11-20 08:13 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 14:58 - 2013-01-16 08:53 - 00000000 ___RD C:\Users\server\Dropbox
2014-01-29 14:56 - 2011-04-13 09:07 - 01748176 _____ C:\Windows\WindowsUpdate.log
2014-01-29 14:54 - 2014-01-29 14:40 - 00000112 _____ C:\Windows\setupact.log
2014-01-29 14:54 - 2011-04-13 10:59 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-29 14:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 14:45 - 2014-01-29 14:45 - 00002718 _____ C:\Users\server\Desktop\AdwCleaner[s1].txt
2014-01-29 14:40 - 2014-01-29 14:40 - 00002230 _____ C:\Windows\PFRO.log
2014-01-29 14:40 - 2014-01-29 14:40 - 00000000 _____ C:\Windows\setuperr.log
2014-01-29 14:40 - 2014-01-29 10:54 - 00000494 _____ C:\Windows\Tasks\SpeedyPC Registration3.job
2014-01-29 14:40 - 2014-01-29 10:53 - 00000466 _____ C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-01-29 14:40 - 2014-01-29 10:53 - 00000422 _____ C:\Windows\Tasks\SpeedyPC Pro.job
2014-01-29 14:29 - 2013-11-20 08:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 14:28 - 2014-01-29 10:54 - 00000000 ____D C:\Program Files (x86)\blindbat
2014-01-29 14:25 - 2013-12-17 14:17 - 00000000 ____D C:\AdwCleaner
2014-01-29 14:22 - 2014-01-29 14:22 - 02079744 _____ (Farbar) C:\Users\server\Desktop\FRST64.exe
2014-01-29 14:21 - 2014-01-29 14:21 - 01037068 _____ (Thisisu) C:\Users\server\Desktop\JRT.exe
2014-01-29 14:21 - 2014-01-29 14:20 - 01166132 _____ C:\Users\server\Desktop\AdwCleaner.exe
2014-01-29 14:20 - 2012-04-24 07:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 11:42 - 2014-01-29 11:39 - 00000000 ____D C:\Users\server\Desktop\Schaapman Cement Mixer
2014-01-29 11:20 - 2012-08-02 08:13 - 01458688 ___SH C:\Users\server\Desktop\Thumbs.db
2014-01-29 11:05 - 2011-12-30 11:56 - 00000000 ____D C:\ProgramData\LogMeIn
2014-01-29 10:54 - 2014-01-29 10:54 - 00003160 _____ C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-01-29 10:53 - 2014-01-29 10:53 - 00003342 _____ C:\Windows\System32\Tasks\SpeedyPC Pro
2014-01-29 10:53 - 2014-01-29 10:53 - 00003282 _____ C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-01-29 10:53 - 2014-01-29 10:53 - 00002946 _____ C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-01-29 10:53 - 2014-01-29 10:53 - 00001205 _____ C:\Users\server\Desktop\SpeedyPC Pro.lnk
2014-01-29 10:52 - 2014-01-29 10:55 - 22630361 _____ C:\Users\server\Desktop\Service Manual for Massey Ferguson MF230 - MF250 Tractors.tractors
2014-01-29 10:50 - 2014-01-29 10:50 - 00003254 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-01-29 10:49 - 2014-01-29 10:49 - 00237016 _____ C:\Users\server\Downloads\ServiceManualforMasseyFergusonMF230-MF250Tractors_downloader-8Qpcaape.exe
2014-01-28 13:13 - 2014-01-17 16:23 - 00000000 ____D C:\Users\server\Desktop\DeBoer AirOFan
2014-01-28 08:50 - 2014-01-28 08:50 - 00000000 ____D C:\Users\server\Desktop\Porter Changes
2014-01-27 10:47 - 2013-01-18 15:58 - 00000000 ____D C:\Users\server\Desktop\DuraTech Parts Purchases
2014-01-24 17:04 - 2014-01-24 11:40 - 00000000 ____D C:\Users\server\Desktop\February Ag Source Ad
2014-01-24 17:04 - 2013-06-05 12:46 - 00000000 ____D C:\Users\server\Desktop\Stonebear Parts Purchases
2014-01-24 17:04 - 2013-01-09 08:13 - 00000000 ____D C:\Users\server\Desktop\NW Tiller Parts Purchases
2014-01-24 15:40 - 2014-01-24 15:38 - 00000000 ____D C:\Users\server\Desktop\Ford 545C
2014-01-22 10:39 - 2012-10-22 09:21 - 00000000 ____D C:\Users\server\Desktop\Purchase Orders Excel
2014-01-21 09:19 - 2011-12-30 11:56 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2014-01-21 09:18 - 2011-12-30 11:56 - 00107368 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2014-01-21 09:18 - 2011-12-30 11:56 - 00092488 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2014-01-21 09:18 - 2011-12-30 11:56 - 00035656 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2014-01-20 16:46 - 2014-01-20 16:46 - 00000000 ____D C:\Users\server\Desktop\Lucas Gopher Machine
2014-01-20 13:20 - 2013-11-20 17:14 - 00000000 ____D C:\ProgramData\Oracle
2014-01-20 13:19 - 2014-01-20 13:19 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-20 13:19 - 2011-04-13 12:23 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-17 10:54 - 2014-01-17 10:48 - 00000000 ____D C:\Users\server\Desktop\Misc Consignments
2014-01-17 10:45 - 2012-04-23 08:21 - 00000000 ____D C:\Users\server\Desktop\NATE
2014-01-15 03:24 - 2009-07-13 21:13 - 00792128 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-15 03:20 - 2009-07-13 20:45 - 00439016 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:18 - 2013-04-11 06:57 - 00000000 ____D C:\Users\server\Desktop\Inventive Ag Parts Purchases
2014-01-15 03:02 - 2013-07-19 02:04 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 03:00 - 2011-04-19 13:30 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 09:56 - 2014-01-14 09:55 - 00000000 ____D C:\Users\server\Desktop\Letter Picture
2014-01-13 11:50 - 2014-01-03 11:20 - 00000000 ____D C:\Users\server\Desktop\New folder (2)
2014-01-09 15:06 - 2013-01-16 08:51 - 00000000 ____D C:\Users\server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-09 15:06 - 2011-04-13 09:36 - 00000000 ___RD C:\Users\server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-09 13:11 - 2014-01-09 13:11 - 00000000 __RHD C:\Users\server\AppData\Roaming\SecuROM
2014-01-09 11:10 - 2011-11-11 09:43 - 00000000 ____D C:\Program Files (x86)\Same Deutz-Fahr
2014-01-08 21:25 - 2013-04-16 11:13 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-01-08 11:59 - 2013-04-17 18:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-08 09:25 - 2014-01-08 09:25 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-08 09:25 - 2012-12-31 14:46 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-08 09:24 - 2013-04-16 11:13 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-08 09:24 - 2011-04-13 12:28 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-08 09:24 - 2011-04-13 12:28 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-08 09:24 - 2011-04-13 12:28 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-08 09:24 - 2011-04-13 12:28 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-08 09:24 - 2011-04-13 12:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-07 14:25 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-06 09:16 - 2012-10-16 15:29 - 00000000 ____D C:\Users\server\Desktop\BTW Parts Purchases
2014-01-03 15:04 - 2011-08-11 15:05 - 00000000 ____D C:\Users\server\AppData\Local\Windows Live
2013-12-31 06:51 - 2011-04-13 12:23 - 00000000 ____D C:\Users\server\AppData\Local\Adobe
2013-12-31 06:49 - 2011-04-13 12:23 - 00000000 ____D C:\Program Files (x86)\Adobe
 
Some content of TEMP:
====================
C:\Users\server\AppData\Local\Temp\blindbatSetup.exe
C:\Users\server\AppData\Local\Temp\Installer_new.exe
C:\Users\server\AppData\Local\Temp\nsdC0E5.exe
C:\Users\server\AppData\Local\Temp\nsnC8C2.exe
C:\Users\server\AppData\Local\Temp\nss4674.exe
C:\Users\server\AppData\Local\Temp\nss4EAF.exe
C:\Users\server\AppData\Local\Temp\nsx56BB.exe
C:\Users\server\AppData\Local\Temp\nsyB753.exe
C:\Users\server\AppData\Local\Temp\Quarantine.exe
C:\Users\server\AppData\Local\Temp\SSStub_Somo_SpeedyPC.exe
C:\Users\server\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\server\AppData\Local\Temp\vlc-2.0.2-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 00:36
 
==================== End Of Log ============================
 
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by server at 2014-01-29 15:18:39
Running from C:\Users\server\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8500A909g (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe Acrobat  9 Standard (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (x32 Version:  - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Community Help (x32 Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (x32 Version:  3.0 - )
All Parts Digital Catalog (x32 Version: DC02.01.1111 - A&I Products)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (x32 Version: 9.0.2011 - Avast Software)
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
blindbat (Version: 2014.01.28.010740 - blindbat)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CCleaner (Version: 4.07 - Piriform)
CloudReading (x32 Version: 1.0.31.1111 - Foxit Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Foxit Reader (x32 Version: 6.1.1.1031 - Foxit Corporation)
Free M4a to MP3 Converter 8.1 (x32 Version:  - ManiacTools.com)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Handbrake 5454 Nightly (x32 Version: 5454 Nightly - )
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HipChat (x32 Version: 1.20130116182826 - Atlassian Inc)
HipChat (x32 Version: 1.255 - Atlassian Inc) Hidden
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP LJ300-400 color MFP M375-M475 (x32 Version:  - Hewlett-Packard)
HP LJ300-400 color MFP M375-M475 Fax (x32 Version: 24.0.0.0 - Hewlett-Packard Co.)
HP LJ300-400 M375-M475 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Officejet Pro 8500 A909 Series (Version: 14.0 - HP)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Unified IO (Version: 1.0.1.94 - HP) Hidden
HP Unified IO (x32 Version: 1.0.1.94 - HP) Hidden
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
hpbDSService (x32 Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM375M475DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI (x32 Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
HPLJUTCore (x32 Version: 1.02.0014 - HP) Hidden
HPLJUTM375-M475 (x32 Version: 1.02.0013 - HP) Hidden
hppFaxDrvM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.022.00806 - Hewlett-Packard) Hidden
hppM375_M475LaserJetService (x32 Version: 005.020.00094 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
hppSendFaxM375M475 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden
hppToolboxProxyM375 (x32 Version: 020.021.004 - HP) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
hpStatusAlerts (x32 Version: 020.025.1119 - Hewlett Packard) Hidden
hpStatusAlertsM375_M475 (x32 Version: 020.023.01805 - Hewlett-Packard) Hidden
iCloud (Version: 2.1.2.8 - Apple Inc.)
Image Resizer for Windows (64 bit) (Version: 3.0.4319.33193 - Brice Lambson)
Image Resizer for Windows (x32 Version: 3.0.4319.33193 - Brice Lambson)
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.1.0 (Full) (x32 Version: 7.1.0 - )
LaCie Network Assistant 1.4.1.35 (x32 Version: 1.4.1.35 - LaCie SA)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
LogMeIn (x32 Version: 4.1.2126 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (x32 Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 12.0 (x86 en-US) (x32 Version: 12.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 12.0 - Mozilla)
MPM (x32 Version: 1.00.0000 - Hewlett-Packard)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
Music Transfer (x32 Version: 1.3.00.11130 - Sony Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Driver 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Drivers (Version: 1.9 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickBooks (x32 Version: 19.0.4001.703 - Intuit Inc.) Hidden
QuickBooks Premier: Retail Edition 2009 (x32 Version: 19.0.4001.703 - Intuit Inc.)
QuickBooks Server 2009 (x32 Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (x32 Version: 7.73.80.64 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (x32 Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Rhapsody (x32 Version:  - )
RingCentral Softphone (x32 Version: 5.16.001.50 - RingCentral, Inc)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
SDF e-Parts (x32 Version: 22.00.104 - Same Deutz - Fahr) Hidden
SDF e-Parts (x32 Version: 24.00.004 - Same Deutz - Fahr)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shop for HP Supplies (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolidWorks eDrawings 2011 (x32 Version: 11.3.124 - Dassault Systèmes SolidWorks Corp.)
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sony Picture Utility (x32 Version: 4.2.00.15030 - Sony Corporation)
SpeedyPC Pro (x32 Version: 3.1.13.0 - SpeedyPC Software) <==== ATTENTION
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (Version: 5.6.1014 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (x32 Version: 15 - SupportSoft)
The Print Shop Business Invoices (x32 Version: 1.0.0 - EncoreUSA)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
ToolboxProxy (x32 Version: 020.023.005 - HP) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Visual Studio 2005 Tools for Office Second Edition Runtime (x32 Version:  - Microsoft Corporation)
VLC media player 1.1.9 (x32 Version: 1.1.9 - VideoLAN)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
21-01-2014 11:00:10 Windows Update
22-01-2014 11:00:10 Windows Update
23-01-2014 11:00:10 Windows Update
24-01-2014 11:00:11 Windows Update
25-01-2014 11:00:12 Windows Update
26-01-2014 11:00:10 Windows Update
27-01-2014 11:00:10 Windows Update
28-01-2014 11:00:12 Windows Update
29-01-2014 11:00:10 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {03BA3F25-79A5-4313-BD75-865564AA1992} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-20] (Google Inc.)
Task: {1328FCCE-BB86-4DE3-88A8-C16F67F08E7C} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\server\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {429BB75C-99C9-4B89-9048-0343DD3136B1} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns
Task: {5458CD47-F5EB-4B13-A10F-8700CA82DDE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {65F4D8AF-CADD-44D5-827D-CEA13A148C5E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993626703-3969051778-2929542781-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {892B8146-7DBF-49F4-AD5F-3927E692A231} - System32\Tasks\SpeedyPC Pro => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
Task: {89BA3976-7DCA-49D1-8338-A4F2CDB75865} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2011-05-03] (Hewlett Packard)
Task: {94620C8E-9DDD-4DA1-8443-7E56C9075C36} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: {996F0F22-E725-43F5-A1AE-EEDB67EA9484} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-08] (AVAST Software)
Task: {A4F62465-C5FB-460A-B0AD-A9231F08153D} - System32\Tasks\AdobeAAMUpdater-1.0-server-PC-server => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {CD966004-15BD-4306-9AE9-B49CD218CBD6} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: {D4760729-6D57-4A59-B401-FA534DA45A6E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E42599C6-3CD0-4888-94F4-41A47374F201} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {F22963D2-2424-44AA-B308-112F43739562} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993626703-3969051778-2929542781-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FDC03373-0ABE-4491-A6C9-A8BBFB6EC07C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-20] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-01-28 09:39 - 2014-01-28 08:44 - 02166272 _____ () C:\Program Files\AVAST Software\Avast\defs\14012801\algo.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-23 18:59 - 2013-10-23 18:59 - 01052672 _____ () C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCTH.dll
2013-10-23 19:00 - 2013-10-23 19:00 - 00405504 _____ () C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCABEx.dll
2013-10-23 18:59 - 2013-10-23 18:59 - 02281472 _____ () C:\Program Files (x86)\RingCentral\RingCentral Softphone\Characters\RCSPSKSPBLUE.DLL
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-07-19 16:07 - 2011-07-19 16:07 - 00111160 _____ () C:\Program Files (x86)\HP\StatusAlerts\bin\nativeutils.dll
2013-11-22 09:15 - 2013-11-22 09:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-18 15:55 - 2013-10-18 15:55 - 25100288 _____ () C:\Users\server\AppData\Roaming\Dropbox\bin\libcef.dll
2014-01-28 14:39 - 2014-01-22 21:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-28 14:39 - 2014-01-22 21:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-28 14:39 - 2014-01-22 21:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-28 14:39 - 2014-01-22 21:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-28 14:39 - 2014-01-22 21:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: HP LaserJet 400 colorMFP M475dw
Description: HP LaserJet 400 colorMFP M475dw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 3959.49 MB
Available physical RAM: 1841.31 MB
Total Pagefile: 7917.16 MB
Available Pagefile: 5325.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:797.03 GB) NTFS
Drive d: (Solex Catalog) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive r: (Data) (Network) (Total:1857.24 GB) (Free:728.34 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F137D509)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the log,,,

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish



When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found


If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish



close program

copy and paste the report in next reply

Post the produced logs.

 

Kevin...

 

 

fixlist.txt

Link to post
Share on other sites

Log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01

Ran by server at 2014-01-29 15:53:25 Run:1

Running from C:\Users\server\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

CHR DefaultSearchKeyword: conduit.search

CHR DefaultSearchProvider: Conduit Search


S3 gdrv; \??\C:\Windows\gdrv.sys [x]

2014-01-29 10:54 - 2014-01-29 14:40 - 00000494 _____ C:\Windows\Tasks\SpeedyPC Registration3.job

2014-01-29 10:54 - 2014-01-29 10:54 - 00003160 _____ C:\Windows\System32\Tasks\SpeedyPC Registration3

2014-01-29 10:53 - 2014-01-29 14:58 - 00000518 _____ C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job

2014-01-29 10:53 - 2014-01-29 14:40 - 00000466 _____ C:\Windows\Tasks\SpeedyPC Update Version3.job

2014-01-29 10:53 - 2014-01-29 14:40 - 00000422 _____ C:\Windows\Tasks\SpeedyPC Pro.job

2014-01-29 10:53 - 2014-01-29 10:53 - 00003342 _____ C:\Windows\System32\Tasks\SpeedyPC Pro

2014-01-29 10:53 - 2014-01-29 10:53 - 00003282 _____ C:\Windows\System32\Tasks\SpeedyPC Update Version3

2014-01-29 10:53 - 2014-01-29 10:53 - 00002946 _____ C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task

2014-01-29 10:53 - 2014-01-29 10:53 - 00001205 _____ C:\Users\server\Desktop\SpeedyPC Pro.lnk

2014-01-29 10:50 - 2014-01-29 10:50 - 00003254 _____ C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

C:\Users\server\AppData\Local\Temp\blindbatSetup.exe

C:\Users\server\AppData\Local\Temp\Installer_new.exe

C:\Users\server\AppData\Local\Temp\nsdC0E5.exe

C:\Users\server\AppData\Local\Temp\nsnC8C2.exe

C:\Users\server\AppData\Local\Temp\nss4674.exe

C:\Users\server\AppData\Local\Temp\nss4EAF.exe

C:\Users\server\AppData\Local\Temp\nsx56BB.exe

C:\Users\server\AppData\Local\Temp\nsyB753.exe

C:\Users\server\AppData\Local\Temp\Quarantine.exe

C:\Users\server\AppData\Local\Temp\SSStub_Somo_SpeedyPC.exe

C:\Users\server\AppData\Local\Temp\UpdateCheckerSetup.exe

C:\Users\server\AppData\Local\Temp\vlc-2.0.2-win32.exe

End

*****************

 

"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.

HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.

HKCR\PROTOCOLS\Handler\intu-help-qb2 => Key deleted successfully.

HKCR\CLSID\{84D77A00-41B5-4b8b-8ADF-86486D72E749} => Key not found.

HKCR\PROTOCOLS\Handler\qbwc => Key deleted successfully.

HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57} => Key not found.

CHR DefaultSearchKeyword: conduit.search ==> The Chrome "Settings" can be used to fix the entry.

CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.

CHR DefaultSearchURL: http://search.condui...C79BD7755D4C&q={searchTerms}&SSPV= ==> The Chrome "Settings" can be used to fix the entry.

gdrv => Service deleted successfully.

C:\Windows\Tasks\SpeedyPC Registration3.job => Moved successfully.

C:\Windows\System32\Tasks\SpeedyPC Registration3 => Moved successfully.

C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => Moved successfully.

C:\Windows\Tasks\SpeedyPC Update Version3.job => Moved successfully.

C:\Windows\Tasks\SpeedyPC Pro.job => Moved successfully.

C:\Windows\System32\Tasks\SpeedyPC Pro => Moved successfully.

C:\Windows\System32\Tasks\SpeedyPC Update Version3 => Moved successfully.

C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task => Moved successfully.

C:\Users\server\Desktop\SpeedyPC Pro.lnk => Moved successfully.

C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.

C:\Users\server\AppData\Local\Temp\blindbatSetup.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\Installer_new.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\nsdC0E5.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\nsnC8C2.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\nss4674.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\nss4EAF.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\nsx56BB.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\nsyB753.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\SSStub_Somo_SpeedyPC.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\UpdateCheckerSetup.exe => Moved successfully.

C:\Users\server\AppData\Local\Temp\vlc-2.0.2-win32.exe => Moved successfully.

 

==== End of Fixlog ====

 

Malwarebytes Log:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.29.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

server :: SERVER-PC [administrator]

 

1/29/2014 3:56:12 PM

mbam-log-2014-01-29 (15-56-12).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 486438

Time elapsed: 53 minute(s), 6 second(s)

 

Memory Processes Detected: 2

C:\Program Files (x86)\blindbat\bin\utilblindbat.exe (PUP.Optional.Blindbat.A) -> 3012 -> Delete on reboot.

C:\Program Files (x86)\blindbat\updateblindbat.exe (PUP.Optional.Blindbat.A) -> 4764 -> Delete on reboot.

 

Memory Modules Detected: 1

C:\Program Files (x86)\blindbat\bin\sqlite3.dll (PUP.Optional.Blindbat.A) -> Delete on reboot.

 

Registry Keys Detected: 6

HKLM\SYSTEM\CurrentControlSet\Services\Util blindbat (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\Update blindbat (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FFDBD02-60BB-4E14-A92E-3629AA6CA375} (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FFDBD02-60BB-4E14-A92E-3629AA6CA375} (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

HKCU\Software\blindbat (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

HKLM\Software\blindbat (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 3

C:\Program Files (x86)\blindbat (PUP.Optional.Blindbat.A) -> Delete on reboot.

C:\Program Files (x86)\blindbat\bin (PUP.Optional.Blindbat.A) -> Delete on reboot.

C:\Program Files (x86)\blindbat\bin\plugins (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

 

Files Detected: 32

C:\Program Files (x86)\blindbat\bin\utilblindbat.exe (PUP.Optional.Blindbat.A) -> Delete on reboot.

C:\Program Files (x86)\blindbat\updateblindbat.exe (PUP.Optional.Blindbat.A) -> Delete on reboot.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\SPTool.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\Main\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPTool64.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC32Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\SearchProtect\bin\SPVC64Loader.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Searchprotect\UI\bin\cltmngui.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\AdwCleaner\Quarantine\C\Users\server\AppData\Local\FilesFrog Update Checker\uninstall.exe.vir (PUP.Optional.Somoto) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\Installer_new.exe29-01-2014_15-53-25 (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\nsdC0E5.exe29-01-2014_15-53-25 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\nsnC8C2.exe29-01-2014_15-53-26 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\nss4674.exe29-01-2014_15-53-26 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\nss4EAF.exe29-01-2014_15-53-26 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\nsx56BB.exe29-01-2014_15-53-26 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\nsyB753.exe29-01-2014_15-53-26 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\SSStub_Somo_SpeedyPC.exe29-01-2014_15-53-26 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\FRST\Quarantine\UpdateCheckerSetup.exe29-01-2014_15-53-26 (PUP.Optional.Somoto) -> Quarantined and deleted successfully.

C:\Users\server\AppData\Local\Temp\nsh93A8\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\blindbat.ico (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\updateblindbat.InstallState (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\bin\sqlite3.dll (PUP.Optional.Blindbat.A) -> Delete on reboot.

C:\Program Files (x86)\blindbat\bin\utilblindbat.InstallState (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\bin\plugins\blindbat.BrowserFilterG.dll (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\bin\plugins\blindbat.CompatibilityChecker.dll (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\bin\plugins\blindbat.FFUpdate.dll (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\bin\plugins\blindbat.GCUpdate.dll (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

C:\Program Files (x86)\blindbat\bin\plugins\blindbat.IEUpdate.dll (PUP.Optional.Blindbat.A) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

ESET LOG:

 

C:\AdwCleaner\Quarantine\C\Users\server\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir a variant of Win32/Somoto.D application
C:\Users\server\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/Somoto.H application
C:\Users\server\Downloads\FoxitReader611.1031_enu_Setup.exe Win32/Bundled.Toolbar.Google.D application
C:\Users\server\Downloads\m4a-to-mp3-converter-cnet.exe multiple threats
C:\Users\server\Downloads\ServiceManualforMasseyFergusonMF230-MF250Tractors_downloader-8Qpcaape.exe Win32/Somoto.H application
Link to post
Share on other sites

Thanks for the log, run the following:

 

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :FilesC:\Users\server\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000C:\Users\server\Downloads\FoxitReader611.1031_enu_Setup.exeC:\Users\server\Downloads\m4a-to-mp3-converter-cnet.exeC:\Users\server\Downloads\ServiceManualforMasseyFergusonMF230-MF250Tractors_downloader-8Qpcaape.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those two logs, also give an update on any remaining issues or concerns...

 

Kevin

Link to post
Share on other sites

OTM Log:

 

All processes killed

========== FILES ==========
C:\Users\server\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 moved successfully.
C:\Users\server\Downloads\FoxitReader611.1031_enu_Setup.exe moved successfully.
C:\Users\server\Downloads\m4a-to-mp3-converter-cnet.exe moved successfully.
C:\Users\server\Downloads\ServiceManualforMasseyFergusonMF230-MF250Tractors_downloader-8Qpcaape.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: QBDataServiceUser19
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: server
->Temp folder emptied: 26640927 bytes
->Temporary Internet Files folder emptied: 12299013 bytes
->Java cache emptied: 8296 bytes
->FireFox cache emptied: 11916804 bytes
->Google Chrome cache emptied: 11510936 bytes
->Flash cache emptied: 72698 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124440068 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 178.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 01302014_094743
 
Files moved on Reboot...
C:\Users\server\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\server\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Checkup Log:

 

 Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox 12.0 Firefox out of Date!  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Run Malwarebytes, ypdate and run a quick scan. Post that log, if no remaining issues or concerns do the following to clean up:

 

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Next,

 


Double-click OTM.exe to run it. Windows 7 or Vista accept UAC alert..
Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
It should ask if you want to clean up, select Yes. You maybe asked to reboot, allow that to happen.

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools
       
  • Purge System Restore

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Let me know if any remaining issues or concerns..

 

Kevin

 

fixlist.txt

Link to post
Share on other sites

Mbytes Log:

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.01.29.07
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
server :: SERVER-PC [administrator]
 
1/31/2014 8:48:48 AM
mbam-log-2014-01-31 (08-48-48).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 487791
Time elapsed: 53 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.