Jump to content

Multiple infections on a poorly maintained system


Recommended Posts

I'm trying to help my neighbors with their very slow laptop. It has numerous popups and unauthorized programs and attempts to redirect website traffic. I installed and ran Malwarebytes and the scan found over 1000 items. I quarantined them and while the computer is running better, it's still not running well.

 

I read the notice on piracy and I want to repeat this is not my computer. If it has anything it shouldn't have, please let me know and I will uninstall it.

 

Here are the FRST scans. I can also post the log from Malwarebytes if that would be helpful.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-07-2014 01
Ran by Pedro (administrator) on PEDRO-PC on 16-07-2014 19:45:37
Running from C:\Users\Pedro\Desktop\Robin
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.4.0.13\nis.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
(Stronghold Online Backup) C:\Users\Pedro\AppData\Local\Strongvault Online Backup\SMessaging.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oberon Media ) C:\Program Files\GamesBar\update\SearchEngineProtection.exe
(Stronghold LLC) C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
() C:\Users\Pedro\AppData\Local\Strongvault\StrongVaultApp.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
(Smart PC Cleaner) C:\Program Files\Smart PC Cleaner\SPCSmartScan.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2010-01-23] (Apple Computer, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [144784 2008-03-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [sMessaging] => C:\Users\Pedro\AppData\Local\Strongvault Online Backup\SMessaging.exe [31664 2012-04-04] (Stronghold Online Backup)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [4837808 2011-06-22] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\Free Ride Games\GPlayer.exe [4837808 2011-06-22] (Exent Technologies Ltd.)
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Run: [smart PC Cleaner] => C:\Program Files\Smart PC Cleaner\SPCLauncher.exe [80016 2012-10-09] (Smart PC Cleaner)
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Run: [searchEngineProtection] => C:\Program Files\GamesBar\update\SearchEngineProtection.exe [620480 2013-02-01] (Oberon Media )
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Run: [Messenger] => C:\Program Files\Strongvault Online Backup\ClientMessenger.exe [209192 2013-01-15] (Stronghold LLC)
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Run: [Facebook Update] => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-06] (Facebook Inc.)
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-28] (Google)
Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk.disabled
ShortcutTarget: FrostWire On Startup.lnk.disabled -> C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
Startup: C:\Users\PILLY & MILLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
ShortcutTarget: OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 4SyncOverlay1 -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files\4Sync\ShellExt.dll (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: 4SyncOverlay2 -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files\4Sync\ShellExt.dll (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: 4SyncOverlay3 -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files\4Sync\ShellExt.dll (New IT Solutions Ltd)
GroupPolicyUsers\S-1-5-21-1517136145-1328366619-2469452859-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope {12995981-2FD6-4BEE-9FB0-B1674E8E5E7E} URL =
SearchScopes: HKLM - {3ED5066F-2E25-4157-8D56-93A3E571B355} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKCU - DefaultScope {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtB0BtBtCzztAyByBzztCtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzztA0AyDyDtB0DtGyC0C0F0EtGtDyEyDyBtGyB0FyCtBtGtDyC0B0BzztCzy0ByB0A0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0BtBtDyE0AtA0EtG0C0F0CtAtG0BzytA0FtGtA0D0D0EtGyBzzyDyD0AtDtC0C0DtByEyD2Q&cr=1032350098&ir=
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtByE0DtBtB0BtBtCzztAyByBzztCtN0D0Tzu0SzztAyDtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCzztA0AyDyDtB0DtGyC0C0F0EtGtDyEyDyBtGyB0FyCtBtGtDyC0B0BzztCzy0ByB0A0B0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0BtBtDyE0AtA0EtG0C0F0CtAtG0BzytA0FtGtA0D0D0EtGyBzzyDyD0AtDtC0C0DtByEyD2Q&cr=1032350098&ir=
SearchScopes: HKCU - {3ED5066F-2E25-4157-8D56-93A3E571B355} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKCU - {5767AEF6-6C7D-4006-944C-392A60EB4924} URL = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
BHO: GamesBar (W) -> {2e94b700-eafb-4c9e-a696-77200aa3f89b} -> C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - GamesBar (W) - {2e94b700-eafb-4c9e-a696-77200aa3f89b} - C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll ()
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 33 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Pedro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFReader.dll (PDFReader)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-25]
FF HKLM\...\Firefox\Extensions: [crossriderapp1950@crossrider.com] - C:\Users\Pedro\AppData\Local\RewardsArcadeSuite\1950\Firefox
FF Extension: RewardsArcade Suite - C:\Users\Pedro\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012-01-01]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-15]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-16]
FF HKCU\...\Firefox\Extensions: [{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}] - C:\Program Files\PriceGong\2.5.3\FF
FF Extension: No Name - C:\Program Files\PriceGong\2.5.3\FF [2012-01-01]

Chrome:
=======
CHR DefaultSearchKeyword: ask
CHR DefaultSearchProvider: Norton Safe Search
CHR DefaultSearchURL: http://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-21]
CHR Extension: (Google Drive) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-15]
CHR Extension: (YouTube) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (RewardsArcade Suite) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb [2014-04-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-21]
CHR Extension: (Gmail) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
CHR HKLM\...\Chrome\Extension: [ielefkgbofdpglioecfjcbikholflklb] - C:\Users\Pedro\AppData\Local\RewardsArcadeSuite\1950\Chrome\rewardsarcade-suite.crx [2011-12-22]
CHR HKLM\...\Chrome\Extension: [mdibpcceojcijhomkdgiffflkgngmapf] - C:\Users\Pedro\AppData\Roaming\Genieo\Application\chrome_ext\ChromeSensor.crx [2012-02-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-09]

========================== Services (Whitelisted) =================

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-28] (Google)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

U3 .netbt; \* [0 2013-11-14] () [File not signed]
R2 ASCTRM; C:\Windows\system32\Drivers\ASCTRM.sys [8552 2010-01-23] (Windows ® 2000 DDK provider) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1504000.00D\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-07-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-12] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140715.001\IDSvix86.sys [395992 2014-03-25] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-15] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140715.008\NAVENG.SYS [93272 2014-07-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140715.008\NAVEX15.SYS [1612376 2014-07-15] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1504000.00D\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1504000.00D\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NIS\1504000.00D\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1504000.00D\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-01-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1504000.00D\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1504000.00D\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R2 X6XSEx; C:\Program Files\Free Ride Games\X6XSEx.Sys [46184 2010-11-22] (Exent Technologies Ltd.)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}Gt; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gt.sys [55232 2014-04-24] (StdLib)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}t; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys [55232 2014-05-13] (StdLib)
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-16 19:44 - 2014-07-16 19:45 - 00000000 ____D () C:\FRST
2014-07-15 22:01 - 2014-07-16 19:45 - 00000000 ____D () C:\Users\Pedro\Desktop\Robin
2014-07-15 20:25 - 2014-07-15 22:22 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 20:25 - 2014-07-15 20:25 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 20:24 - 2014-07-15 21:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 20:24 - 2014-07-15 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 20:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 20:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 20:23 - 2014-07-15 20:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pedro\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-15 20:14 - 2014-07-15 20:14 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 17:57 - 2014-07-09 17:57 - 00405424 _____ () C:\Users\PILLY & MILLY\Downloads\setup (6).exe
2014-07-09 15:31 - 2014-06-06 19:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:31 - 2014-06-06 18:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:31 - 2014-06-06 18:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:31 - 2014-06-06 18:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:31 - 2014-06-06 18:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:31 - 2014-06-06 18:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:31 - 2014-06-06 18:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 15:31 - 2014-06-06 17:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 15:31 - 2014-06-06 17:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 15:31 - 2014-06-06 17:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 15:31 - 2014-06-06 17:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 15:31 - 2014-06-06 17:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:31 - 2014-06-06 17:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:31 - 2014-06-06 17:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 15:31 - 2014-06-06 17:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 15:31 - 2014-06-06 17:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 15:31 - 2014-06-06 17:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 15:30 - 2014-06-06 19:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:30 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:25 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-03 21:32 - 2014-07-03 21:32 - 00966840 _____ () C:\Users\PILLY & MILLY\Downloads\flv_installer.exe
2014-06-24 15:34 - 2014-06-24 15:34 - 06010880 _____ () C:\Program Files\GUT7FEA.tmp
2014-06-24 15:34 - 2014-06-24 15:34 - 00000000 ____D () C:\Program Files\GUM7FCA.tmp
2014-06-17 14:35 - 2014-06-17 14:35 - 257490023 _____ () C:\Windows\MEMORY.DMP
2014-06-17 14:35 - 2014-06-17 14:35 - 00143344 _____ () C:\Windows\Minidump\Mini061714-01.dmp
2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\Windows\Minidump
2014-06-16 16:01 - 2014-06-16 16:04 - 04679130 _____ () C:\Users\PILLY & MILLY\Downloads\IMG_2325 (1).MOV
2014-06-16 16:01 - 2014-06-16 16:02 - 04679130 _____ () C:\Users\PILLY & MILLY\Downloads\IMG_2325.MOV

==================== One Month Modified Files and Folders =======

2014-07-16 19:48 - 2013-02-01 15:18 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Strongvault
2014-07-16 19:45 - 2014-07-16 19:44 - 00000000 ____D () C:\FRST
2014-07-16 19:45 - 2014-07-15 22:01 - 00000000 ____D () C:\Users\Pedro\Desktop\Robin
2014-07-16 19:44 - 2014-04-21 20:15 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 19:37 - 2014-04-14 16:43 - 00000394 _____ () C:\Windows\Tasks\DriverUpdate Startup.job
2014-07-16 19:37 - 2012-11-02 19:03 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Skype
2014-07-16 19:30 - 2014-04-14 16:51 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-07-16 19:29 - 2013-02-01 15:20 - 00000000 ____D () C:\Users\Pedro\AppData\Local\Strongvault Online Backup
2014-07-16 19:29 - 2012-09-30 20:05 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\OpenOffice.org2
2014-07-16 19:28 - 2014-04-21 20:15 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 19:28 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:28 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 19:26 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 19:03 - 2011-01-23 14:09 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\FrostWire
2014-07-16 18:57 - 2013-02-01 15:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-16 18:56 - 2014-04-14 16:52 - 00000292 _____ () C:\Windows\Tasks\UpdaterEX.job
2014-07-16 18:56 - 2013-03-06 21:04 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA.job
2014-07-15 23:22 - 2014-04-14 16:40 - 00000000 ____D () C:\Program Files\BrowseMark
2014-07-15 23:22 - 2011-08-09 20:43 - 00000000 ____D () C:\Program Files\StartNow Toolbar
2014-07-15 23:16 - 2006-11-02 07:58 - 00032522 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-15 23:15 - 2009-01-11 20:15 - 01314069 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 22:22 - 2014-07-15 20:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 22:01 - 2013-02-01 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Savepath Deals
2014-07-15 22:01 - 2013-02-01 15:11 - 00000000 ____D () C:\Program Files\Savepath Deals
2014-07-15 22:01 - 2012-01-01 21:28 - 00000000 ____D () C:\ProgramData\WeCareReminder
2014-07-15 22:01 - 2012-01-01 21:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
2014-07-15 22:01 - 2012-01-01 21:28 - 00000000 ____D () C:\Program Files\PriceGong
2014-07-15 22:01 - 2011-01-23 14:08 - 00000000 ____D () C:\Program Files\Ask.com
2014-07-15 21:56 - 2014-07-15 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 20:42 - 2006-11-02 05:23 - 00000437 _____ () C:\Windows\win.ini
2014-07-15 20:25 - 2014-07-15 20:25 - 00000870 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-15 20:25 - 2014-07-15 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 20:25 - 2012-05-08 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 20:23 - 2014-07-15 20:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pedro\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-15 20:18 - 2014-04-15 16:39 - 00000000 ___RD () C:\Program Files\Skype
2014-07-15 20:18 - 2012-11-02 19:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 20:14 - 2014-07-15 20:14 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-15 20:14 - 2011-08-04 19:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-15 19:52 - 2013-02-06 22:01 - 00000000 ____D () C:\Users\PILLY & MILLY\AppData\Roaming\OpenOffice.org2
2014-07-11 13:01 - 2013-03-16 14:33 - 00000000 ____D () C:\Users\PILLY & MILLY\AppData\Local\CrashDumps
2014-07-09 17:57 - 2014-07-09 17:57 - 00405424 _____ () C:\Users\PILLY & MILLY\Downloads\setup (6).exe
2014-07-09 17:16 - 2014-01-15 21:38 - 00002184 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-09 17:16 - 2014-01-15 21:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-09 17:16 - 2014-01-15 21:35 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-07-09 17:15 - 2006-11-02 07:44 - 00405880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:16 - 2013-08-14 18:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:04 - 2006-11-02 05:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 16:03 - 2009-01-11 19:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-07 14:15 - 2012-09-30 20:05 - 00000000 ____D () C:\Users\Pedro\AppData\Local\CrashDumps
2014-07-07 14:11 - 2009-06-18 15:52 - 00000632 __RSH () C:\Users\Pedro\ntuser.pol
2014-07-07 14:11 - 2009-04-25 22:03 - 00000000 ____D () C:\Users\Pedro
2014-07-06 20:09 - 2013-03-06 21:04 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core.job
2014-07-03 21:32 - 2014-07-03 21:32 - 00966840 _____ () C:\Users\PILLY & MILLY\Downloads\flv_installer.exe
2014-07-03 19:14 - 2014-05-11 20:57 - 00000000 ____D () C:\Users\PILLY & MILLY\AppData\Local\WebBar
2014-07-01 19:46 - 2013-11-14 20:22 - 00000632 __RSH () C:\Users\Milly\ntuser.pol
2014-07-01 19:46 - 2013-11-14 20:21 - 00000000 ____D () C:\Users\Milly
2014-06-24 15:34 - 2014-06-24 15:34 - 06010880 _____ () C:\Program Files\GUT7FEA.tmp
2014-06-24 15:34 - 2014-06-24 15:34 - 00000000 ____D () C:\Program Files\GUM7FCA.tmp
2014-06-17 14:35 - 2014-06-17 14:35 - 257490023 _____ () C:\Windows\MEMORY.DMP
2014-06-17 14:35 - 2014-06-17 14:35 - 00143344 _____ () C:\Windows\Minidump\Mini061714-01.dmp
2014-06-17 14:35 - 2014-06-17 14:35 - 00000000 ____D () C:\Windows\Minidump
2014-06-17 12:48 - 2009-06-18 16:07 - 00001248 __RSH () C:\Users\PILLY & MILLY\ntuser.pol
2014-06-17 12:48 - 2009-06-18 16:07 - 00000000 ____D () C:\Users\PILLY & MILLY
2014-06-16 16:04 - 2014-06-16 16:01 - 04679130 _____ () C:\Users\PILLY & MILLY\Downloads\IMG_2325 (1).MOV
2014-06-16 16:02 - 2014-06-16 16:01 - 04679130 _____ () C:\Users\PILLY & MILLY\Downloads\IMG_2325.MOV

Some content of TEMP:
====================
C:\Users\Pedro\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pedro\AppData\Local\Temp\mpb1324.tmp.exe
C:\Users\Pedro\AppData\Local\Temp\vcredist_x86.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\air4D4D.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\air551C.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\BackupSetup.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\vcredist_x86.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\{AAADA4F6-9142-4621-B51A-65AB31ACA83A}-35.0.1916.114_chrome_installer.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\{BA91748D-F38D-4C05-8ACB-75B8C68A9971}-34.0.1847.137_chrome_installer.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-16 19:33

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-07-2014 01
Ran by Pedro at 2014-07-16 19:51:30
Running from C:\Users\Pedro\Desktop\Robin
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
4shared Toolbar (HKLM\...\4shared Toolbar) (Version:  - )
4Sync (HKLM\...\4Sync) (Version:  - )
7-zip v9.20 (HKLM\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL Deskbar (HKLM\...\AOL Deskbar) (Version:  - )
AOL Spyware Protection (HKLM\...\AOL Spyware Protection) (Version: 1.0.76 - AOL Spyware Protection)
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - )
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.12.2.0 - Ask.com) <==== ATTENTION
ASPCA TriMini Reminder by We-Care.com v5.0.5.1 (HKLM\...\{1CCF681C-C203-49B3-83F4-A54F0F944416}) (Version: 5.0.5.1 - We-Care.com)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
att.net Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
blinkx beat (HKCU\...\blinkx beat) (Version: 1.4.28 - blinkx)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2: Town of the Year (HKLM\...\exent_575350) (Version:  - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Disney's Extremely Goofy Skateboarding Preview (HKLM\...\Disney's Extremely Goofy Skateboarding Preview) (Version:  - )
DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Extended Update (HKCU\...\UpdaterEX) (Version:  - Extended Update) <==== ATTENTION
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Free Ride Games Player (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - ) <==== ATTENTION
FrostWire 4.20.9 (HKLM\...\FrostWire) (Version: 4.20.9.0 - FrostWire, LLC)
GamesBar (W) (HKLM\...\gamesagogo_w3i) (Version: 3.2.0.36 - Visicom Media inc.)
Genieo (HKCU\...\genieo) (Version: 1.0.310 - Genieo Innovation Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Insider Tales - Vanished in Rome (HKLM\...\exent_668750) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Oasis (HKLM\...\{c6c214df-2922-4809-94aa-f4d67d4451ec}) (Version: 1.0.0 - W3i, LLC)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NetZero Internet Access Installer (HKLM\...\{99D518AB-77F2-405B-B52A-18FC22394CF8}) (Version: 1.0.874 - TOSHIBA Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
OpenOffice.org 2.3 (HKLM\...\{2F29D6D2-824E-4FEF-8AED-7013F39F642A}) (Version: 2.3.9238 - OpenOffice.org)
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
PDF Opener 0.1 (HKLM\...\PDF Opener) (Version: 0.1 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
RewardsArcadeSuite (HKCU\...\RewardsArcadeSuite) (Version:  - 215 Apps)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart PC Cleaner v3.0 (HKLM\...\Smart PC Cleaner_is1) (Version: 3.0 - Avanquest Software) <==== ATTENTION
Strongvault Online Backup (HKLM\...\{692EF506-1E15-4473-A829-ED951D6C49DB}) (Version: 2.0.0 - Strongvault) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
The Treasures of Montezuma (HKLM\...\exent_466550) (Version:  - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
TP Preview Exclusive Broadside Blast (HKLM\...\{2156D3D1-7EBF-11D6-B2FB-0002A5E32BEF}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
VLC Player (HKLM\...\VLC Player) (Version: 1.14 - vlcplayerdownload.com)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

17-04-2014 23:23:29 Windows Update
28-04-2014 21:20:19 Scheduled Checkpoint
03-05-2014 21:20:07 Windows Update
15-05-2014 00:59:02 Windows Update
16-05-2014 01:20:40 Windows Update
11-06-2014 01:24:21 Windows Update
09-07-2014 20:57:03 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {28842ECB-F301-403C-B4A8-A267C23287FF} - System32\Tasks\UpdaterEX => C:\Users\Pedro\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {45F43719-857F-43BD-913C-5EA06F736F50} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2011-05-17] () <==== ATTENTION
Task: {58A0CD10-8377-4ADA-9B40-7805590E13EE} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {6775B6CB-A1B7-4A08-858A-DEB8E46D4C14} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {67F8F34C-2F0D-4EB4-A008-02483F1C1A3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7DF749F5-F54B-45D4-A181-F0755EFE9680} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7E7D6DF6-1DC2-4D4C-85D7-2BDAF480AE86} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {82DB3506-3313-4A25-82FA-118455F58738} - System32\Tasks\DriverUpdate Startup => C:\Program Files\DriverUpdate\DriverUpdate.exe [2014-01-15] (SlimWare Utilities, Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8BFCE2FE-F4F4-465B-8A87-2ED26081CF6E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-06] (Facebook Inc.)
Task: {8C1C2474-7E3B-4457-A85A-148131C513DD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-06] (Facebook Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A4CF90E9-2F18-40CB-A028-0ED90C9C6A3D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {C0241F00-6169-41BB-B9AF-1365CE32BFFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {C2C3B75A-9D7D-4D60-A5AD-6EE149CD6935} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-05-14] (Search Results, LLC) <==== ATTENTION
Task: {FC68CD10-C207-4EEE-A841-5C9D59A4C50D} - System32\Tasks\Install_NSS => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-03-03] (Symantec Corporation)
Task: {FD3281A6-4DD4-4485-9C60-394F0FF940B1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core.job => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA.job => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Install_NSS.job => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\Pedro\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-14 09:00 - 2014-03-14 09:00 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
2012-06-04 12:42 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00009216 _____ () C:\Program Files\Strongvault Online Backup\Infrastructure.Metadata.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00006144 _____ () C:\Program Files\Strongvault Online Backup\Infrastructure.Helpers.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00009728 _____ () C:\Program Files\Strongvault Online Backup\Environment.Identification.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00006656 _____ () C:\Program Files\Strongvault Online Backup\Infrastructure.Metrics.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00014336 _____ () C:\Program Files\Strongvault Online Backup\BusinessLogic.StrongholdManagement.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00017920 _____ () C:\Program Files\Strongvault Online Backup\Metrics.Dispatching.dll
2013-01-15 19:14 - 2013-01-15 19:14 - 00385320 _____ () C:\Users\Pedro\AppData\Local\Strongvault\StrongVaultApp.exe
2014-03-14 09:06 - 2014-03-14 09:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2007-08-08 18:15 - 2007-08-08 18:15 - 00828416 _____ () C:\Program Files\OpenOffice.org 2.3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\PILLY & MILLY\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: AOL Spyware Protection => "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
MSCONFIG\startupreg: AOLDialer => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1264277266\EE\AOLHostManager.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: StartNowToolbarHelper => "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2014 07:27:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/16/2014 06:59:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17f4
Start Time: 01cfa151d30421c0
Termination Time: 122

Error: (07/16/2014 06:57:22 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (07/16/2014 06:57:17 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (07/16/2014 06:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69919898

Error: (07/16/2014 06:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69919898

Error: (07/16/2014 06:56:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2014 06:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 69918853

Error: (07/16/2014 06:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 69918853

Error: (07/16/2014 06:56:08 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (07/16/2014 07:27:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IPsec Policy AgentBFE

Error: (07/16/2014 07:27:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE

Error: (07/16/2014 07:27:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060

Error: (07/16/2014 07:26:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:24:16 PM on 7/16/2014 was unexpected.

Error: (07/16/2014 07:12:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: ConfigFree Service1

Error: (07/16/2014 07:12:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: iPod Service1

Error: (07/16/2014 07:12:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device2600001Restart the service

Error: (07/16/2014 07:12:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Agere Modem Call Progress Audio1

Error: (07/16/2014 07:11:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Computer Backup (MyPC Backup)1

Error: (07/16/2014 07:11:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device1600001Restart the service

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-16 19:50:52.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:50:51.242
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:50:49.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:50:48.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:50:45.923
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:50:44.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:50:42.803
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:50:41.196
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:49:32.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-16 19:49:31.480
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 1915.26 MB
Available physical RAM: 719.72 MB
Total Pagefile: 4073.8 MB
Available Pagefile: 2704.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.31 MB

==================== Drives ================================

Drive c: (SQ004890V03) (Fixed) (Total:140.37 GB) (Free:35.78 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: DA922A78)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=140 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Thank you for your help, AdvancedSetup!

 

I've run the scans as requested. I ran into a few problems. Rkill never actually closed the black DOS window. It gave me a message about Windows Defender being disabled and then it appeared to stall out and sit there. After it was stuck for an hour, I closed the DOS window and moved on to the next item on the list. I'm posting the log so you can see where it kept getting stuck.

 

I tried to shut down Norton but I can't seem to figure out how. I disabled the Norton Firewall and the Norton Antivirus Auto-Protect but it still gives me messages that it's doing things. Clicking on the program in the taskbar doesn't give me any options to shut the program down. I'm not familiar with Norton. I have Avast on my home computers.

 

I ran Malwarebytes and I'm running into a few problems with running the program. It freezes up on occasion, especially when trying to install updates. It also repeatedly minimizes itself to the taskbar by the clock. It started minimizing itself while I was changing the settings and continued to do this throughout the entire scan. Despite this weird behavior, it did run the full scan.

 

Rkill log:

 

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/18/2014 11:42:36 PM in x86 mode.
Windows Version: Windows Vista Home Basic Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Link to post
Share on other sites

Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/19/2014
Scan Time: 12:07:32 AM
Logfile: MBAM 7.18.14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.19.02
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Pedro

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 348118
Time Elapsed: 54 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 14
PUP.Optional.GamesAGoGo.A, HKLM\SOFTWARE\CLASSES\CLSID\{2e94b700-eafb-4c9e-a696-77200aa3f89b}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKLM\SOFTWARE\CLASSES\CLSID\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}\INPROCSERVER32, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKU\S-1-5-21-1517136145-1328366619-2469452859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKU\S-1-5-21-1517136145-1328366619-2469452859-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKU\S-1-5-21-1517136145-1328366619-2469452859-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKU\S-1-5-21-1517136145-1328366619-2469452859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKU\S-1-5-21-1517136145-1328366619-2469452859-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKU\S-1-5-21-1517136145-1328366619-2469452859-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.GamesAGoGo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.BrowseMark.A, HKLM\SOFTWARE\BrowseMark, , [9c052977fd7e1f177a7e35a72cd6817f],
PUP.Optional.RewardsArcadeSuite.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ielefkgbofdpglioecfjcbikholflklb, , [0f9200a046353df97cc21ca443bf3bc5],
PUP.Optional.RewardsArcadeSuite.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ielefkgbofdpglioecfjcbikholflklb, , [eab73868e49790a6bb83447c3fc34cb4],
PUP.Optional.GamesAGoGo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gamesagogo_w3i, , [e5bcf9a71962bc7af2e4be0061a1e61a],

Registry Values: 5
PUP.Optional.GamesAGoGo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{2E94B700-EAFB-4C9E-A696-77200AA3F89B}, GamesBar (W), , [4958eab66b100e28b03ab4a11be73ac6]
PUP.Optional.GamesAGoGo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{2e94b700-eafb-4c9e-a696-77200aa3f89b}, , [dcc5029eb8c3f6409d4dc49180827090],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|crossriderapp1950@crossrider.com, C:\Users\Pedro\AppData\Local\RewardsArcadeSuite\1950\Firefox, , [3a67049c5427a195bc7fd1ef7f834fb1]
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|crossriderapp1950@crossrider.com, C:\Users\Pedro\AppData\Local\RewardsArcadeSuite\1950\Firefox, , [5a47e0c0017a5ed8b6853c84f1114eb2]
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1517136145-1328366619-2469452859-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}, C:\Program Files\PriceGong\2.5.3\FF, , [eab70799a2d96ccaa7959a26768c2dd3]

Registry Data: 0
(No malicious items detected)

Folders: 123
PUP.Optional.DefaultTab.A, C:\Users\Pedro\AppData\Roaming\DefaultTab\DefaultTab, , [e0c1019f1c5fea4c95b5188b1fe347b9],
PUP.Optional.PriceGong.A, C:\Users\Pedro\AppData\LocalLow\PriceGong, , [f2afccd46615eb4b48270c9a9e64a25e],
PUP.Optional.PriceGong.A, C:\Users\Pedro\AppData\LocalLow\PriceGong\tmp, , [f2afccd46615eb4b48270c9a9e64a25e],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\LocalLow\PriceGong, , [5d44fda3502b14224629901604fe718f],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\LocalLow\PriceGong\Data, , [5d44fda3502b14224629901604fe718f],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\LocalLow\PriceGong\tmp, , [5d44fda3502b14224629901604fe718f],
PUP.Optional.PriceGong.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, , [9f029709abd0e25489afdec9af5308f8],
PUP.Optional.PriceGong.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0, , [9f029709abd0e25489afdec9af5308f8],
PUP.Optional.PriceGong.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0\menu_dlg, , [9f029709abd0e25489afdec9af5308f8],
PUP.Optional.PriceGong.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0\options, , [9f029709abd0e25489afdec9af5308f8],
PUP.Optional.PriceGong.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.3_0\res, , [9f029709abd0e25489afdec9af5308f8],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, , [9f027d236b10cf6756e2a601e81a53ad],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0, , [9f027d236b10cf6756e2a601e81a53ad],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\menu_dlg, , [9f027d236b10cf6756e2a601e81a53ad],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\options, , [9f027d236b10cf6756e2a601e81a53ad],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.2_0\res, , [9f027d236b10cf6756e2a601e81a53ad],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3\FF, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3\FF\chrome, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3\FF\chrome\content, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3\FF\chrome\locale, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3\FF\chrome\locale\en-US, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3\FF\chrome\skin, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\Program Files\PriceGong\2.5.3\FF\components, , [465b6c3419623ff778c5e0c751b12fd1],
PUP.Optional.PriceGong.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong, , [277a9f012c4f70c613899118ae54e818],
PUP.Optional.SavePathDeals.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Savepath Deals, , [6839425ea8d3f83e9cdb9f0f24dee719],
PUP.Optional.SavePathDeals.A, C:\Program Files\Savepath Deals, , [d5cc2a767dfe58dedb9d3678fe04837d],
PUP.Optional.SavePathDeals.A, C:\Program Files\Savepath Deals\SavepathDeals, , [d5cc2a767dfe58dedb9d3678fe04837d],
PUP.Optional.SavePathDeals.A, C:\Program Files\Savepath Deals\savepathdeals@savepathdeals.com, , [d5cc2a767dfe58dedb9d3678fe04837d],
PUP.Optional.SavePathDeals.A, C:\Program Files\Savepath Deals\savepathdeals@savepathdeals.com\content, , [d5cc2a767dfe58dedb9d3678fe04837d],
PUP.Optional.SavePathDeals.A, C:\Program Files\Savepath Deals\savepathdeals@savepathdeals.com\local, , [d5cc2a767dfe58dedb9d3678fe04837d],
PUP.Optional.StartNow.A, C:\Program Files\StartNow Toolbar, , [257ca9f742392016ecb65a5833cf24dc],
PUP.Optional.StartNow.A, C:\Program Files\StartNow Toolbar\Resources, , [257ca9f742392016ecb65a5833cf24dc],
PUP.Optional.StartNow.A, C:\Program Files\StartNow Toolbar\Resources\images, , [257ca9f742392016ecb65a5833cf24dc],
PUP.Optional.StartNow.A, C:\Program Files\StartNow Toolbar\Resources\skin, , [257ca9f742392016ecb65a5833cf24dc],
PUP.Optional.WeCare.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon, , [f9a8c8d8fd7e072ff5af2989e9193fc1],
PUP.Optional.WeCare.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.9_0, , [f9a8c8d8fd7e072ff5af2989e9193fc1],
PUP.Optional.WeCare.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.9_0\images, , [f9a8c8d8fd7e072ff5af2989e9193fc1],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\bootstrap, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\bootstrap\css, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\bootstrap\img, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\images, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\html, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\images, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\js, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\modules, , [4160a6fa7b0047ef92120ca6e919817f],
PUP.Optional.Yontoo.A, C:\Program Files\Yontoo Layers Runtime, , [940db5eb79027eb8f3ef8c26f70ba25e],
PUP.Optional.Babylon.A, C:\Users\Pedro\AppData\LocalLow\BabylonToolbar, , [5051c5dbd8a3db5bb90cfdb729d98779],
PUP.Optional.Babylon.A, C:\Users\Pedro\AppData\LocalLow\BabylonToolbar\BabylonToolbar, , [5051c5dbd8a3db5bb90cfdb729d98779],
PUP.Optional.Babylon.A, C:\Users\PILLY & MILLY\AppData\LocalLow\BabylonToolbar, , [4d545050e7941a1cd9ece7cda35f9d63],
PUP.Optional.Babylon.A, C:\Users\PILLY & MILLY\AppData\LocalLow\BabylonToolbar\BabylonToolbar, , [4d545050e7941a1cd9ece7cda35f9d63],
PUP.Optional.ShoppingReport.A, C:\Users\Pedro\AppData\LocalLow\ShoppingReport2, , [e8b9643c68133ff71bcfeacaf0120af6],
PUP.Optional.ShoppingReport.A, C:\Users\Pedro\AppData\LocalLow\ShoppingReport2\cs, , [e8b9643c68133ff71bcfeacaf0120af6],
PUP.Optional.ShoppingReport.A, C:\Users\Pedro\AppData\LocalLow\ShoppingReport2\cs\db, , [e8b9643c68133ff71bcfeacaf0120af6],
PUP.Optional.ShoppingReport.A, C:\Users\Pedro\AppData\LocalLow\ShoppingReport2\cs\dwld, , [e8b9643c68133ff71bcfeacaf0120af6],
PUP.Optional.ShoppingReport.A, C:\Users\Pedro\AppData\LocalLow\ShoppingReport2\cs\report, , [e8b9643c68133ff71bcfeacaf0120af6],
PUP.Optional.ShoppingReport.A, C:\Users\Pedro\AppData\LocalLow\ShoppingReport2\cs\res2, , [e8b9643c68133ff71bcfeacaf0120af6],
PUP.Optional.ShoppingReport.A, C:\Users\PILLY & MILLY\AppData\LocalLow\ShoppingReport2, , [029f09971a61cd696981466eef139967],
PUP.Optional.ShoppingReport.A, C:\Users\PILLY & MILLY\AppData\LocalLow\ShoppingReport2\cs, , [029f09971a61cd696981466eef139967],
PUP.Optional.ShoppingReport.A, C:\Users\PILLY & MILLY\AppData\LocalLow\ShoppingReport2\cs\db, , [029f09971a61cd696981466eef139967],
PUP.Optional.ShoppingReport.A, C:\Users\PILLY & MILLY\AppData\LocalLow\ShoppingReport2\cs\dwld, , [029f09971a61cd696981466eef139967],
PUP.Optional.ShoppingReport.A, C:\Users\PILLY & MILLY\AppData\LocalLow\ShoppingReport2\cs\report, , [029f09971a61cd696981466eef139967],
PUP.Optional.ShoppingReport.A, C:\Users\PILLY & MILLY\AppData\LocalLow\ShoppingReport2\cs\res1, , [029f09971a61cd696981466eef139967],
PUP.Optional.SearchProtect.A, C:\Users\PILLY & MILLY\AppData\Local\SearchProtect, , [1c85b5eb2b503402bf02c0f89d65f010],
PUP.Optional.SearchProtect.A, C:\Users\PILLY & MILLY\AppData\Local\SearchProtect\Logs, , [1c85b5eb2b503402bf02c0f89d65f010],
PUP.Optional.SearchProtect.A, C:\Users\PILLY & MILLY\AppData\Local\SearchProtect\SearchProtect, , [1c85b5eb2b503402bf02c0f89d65f010],
PUP.Optional.SearchProtect.A, C:\Users\PILLY & MILLY\AppData\Local\SearchProtect\SearchProtect\STG, , [1c85b5eb2b503402bf02c0f89d65f010],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\modules, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\newtab, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\newtab\images, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\widgets, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\dynamicElements, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\rss, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\search, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\weather, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\DTXWizard, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\DTXWizard\skin, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\DTXWizard\skin\icon_library, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\DTXWizard\skin\icon_library\Objects_and_People, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\debugbar, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\scripts, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\icons, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\searchbar, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\components, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\actions, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\notifications, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ielefkgbofdpglioecfjcbikholflklb_0, , [eab7970992e9f4420ccee1dd43bfe31d],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\1051372671, , [a9f8fea21269e74f813db54b28d8619f],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\3620296088, , [e8b929773c3f21151ea04db3768aab55],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\3620296088\l, , [e8b929773c3f21151ea04db3768aab55],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\3620296088\u, , [e8b929773c3f21151ea04db3768aab55],

Files: 602
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll, , [4958eab66b100e28b03ab4a11be73ac6],
PUP.Optional.StartNow.A, C:\Program Files\StartNow Toolbar\Resources\update.xml, , [257ca9f742392016ecb65a5833cf24dc],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\dtuser.exe, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\encyclopediabritannicagamesbar.dll, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\install.ico, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\manifest.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\toolbar.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\uninstall.exe, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\neterror.xhtml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\preferences.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\toolbar.htm, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\toolbar.xul, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\typevalue.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\vmncode.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\vmnrsswin.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\about.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\dtxpanel.xul, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\dtxpaneltransparent.xul, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\dtxpanelwin.xul, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\dtxprefwin.xul, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\dtxtransparentwin.xul, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\dtxwin.xul, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\emailnotifierproviders.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\external.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\neterror.xhtml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\rsspreview.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\rsswin.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\rsswin.xsl, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\vmncode.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\lib\wmpstreamer.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\modules\datastore.jsm, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\modules\nsDragAndDrop.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\newtab\newtab.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\newtab\images\btn_search.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\newtab\images\bullet.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\newtab\images\field_bg.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\content\newtab\images\powered_by_yahoo.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\dynamicElements\vmntoolbar.xsl, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\rss\rss.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\search\engines.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\search\search.xsl, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\data\weather\icons.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\about.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\about_logo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\att_logo_BG_small.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\att_logo_gamesbar.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\att_logo_gamesbar_small.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\att_logo_gamesbar_small_layer.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\babylon_logo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\bluelite.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\bluesky.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn-close.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn-search.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn-settings-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn-settings.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn-widgets-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn-widgets.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn_settings.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\bubble-town-tool-bar.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\ca.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\dictionary.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\divider.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\downloadcom.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\dtxlogo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\email.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\email_on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\facebook.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\featured-games.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\GaGG-TB.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\games.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\GAMESagoAgoLogo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\GAMESagoAgoLogo_small.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphna.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred0.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred1.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred1_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred2.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred2_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred3.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred3_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred4.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred4_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphredna.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\help.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\ico-shield.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\images.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lichen.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\logo-about.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\logo-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\logo-separator.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\logo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\magnifier.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\menuseparatorback.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\modify-save.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\modify.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\modifyhot.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\music.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\mygames.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\namespacetoolbar.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\new-games.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\news.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options-main.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options-search.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\btn-search-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\graphred0_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\grey.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\mail.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-folder-remove.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\skin.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\orange.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\pixsy.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\play-games.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\ppcbully.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\protect-id.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\p_yahoo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\relatedlinks.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-collapse.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-delete.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-expand.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-feed.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-folder-rename.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-folder.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-found.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-reload.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss-subscribe.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rss.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rssback.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\rsstopback.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\search-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\search.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\separator.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\settings.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\shopping.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\siteinfo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\skin-bluelite.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\skin-bluesky.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\skin-grey.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\skin-lichen.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\skin-orange.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\skin-yellow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\technorati.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\throbber.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\tool-bubble-town.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\tool-bubble-town1.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\tool-bubble-town2.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\toolbarsplitter.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\translate.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\TRUSTe_about.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\vmn.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\vmn.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\web.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\websearch.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\wframe.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\wikipedia.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\yahoosearch.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\yellow.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\youtube.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\zoom.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\DTXWizard\skin\icon_library\Objects_and_People\goblet_bronze.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\add.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\alexabutton.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\aol.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\arrow-dn.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\arrow-right-disabled.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\arrow-right.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\arrow-up.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btn-divider.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btn-end.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btn-mdl.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btn-mdl_ff.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btn-start.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btnover-divider.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btnover-end.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btnover-mdl_ff.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btnover-start.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\blank.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btn-widgets-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btn-widgets.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btnback-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btnleft-down-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btnleft-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btnright-down-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btnright-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btn_slider.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\button-splitter-down-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\button-splitter-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\button-splitter.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\checkmark.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\chevron.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\collapse.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\comcast.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\dtx-test.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\dtx.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\edit-back-hot.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\edit-back.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\embarq.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\expand.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\fast.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\found.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\gmail.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\highlight.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\highlight_blue.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\highlight_cyan.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\highlight_lime.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\highlight_magenta.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\highlight_yellow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\hotmail.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\ico-check.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\imap.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\lastsearch-thumb-back.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\launchers.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\loadingMid.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\lock.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\logo-separator.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\mailcom.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitem-splitter.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitemback-down-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitemback-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitemleft-down-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitemleft-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\bg-btnover-mdl.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\btnback-down-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\gripper.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitemleft.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\newsitem.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\throbber.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitemright-down-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menuitemright-vista.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menu_bg-basic.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menu_separator_bar.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\menu_separator_white.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\minus.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\modify.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\move.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\movetarget.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\plus.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\pop.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank0.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank0_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank1.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank1_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank2.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank2_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank3.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank3_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank4.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank4_5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rank5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rankna.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\reload.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\remove.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rename.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\resize-box.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rss.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rsschannelback.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\RSSLogo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\rsstabdivider.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\scroll-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\scroll-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\search-go.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\search.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\separator.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\text-ellipsis.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\toolbarsplitter.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\transparent_1px.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\websiteinspector-highrisk-user.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\websiteinspector-highrisk.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\websiteinspector-lowrisk.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\websiteinspector-norating.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\websiteinspector-verified-user.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\websiteinspector-verified.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\websiteinspector-verifying.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\yahoo.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\debugbar\debug.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\footer.htm, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\gamecategory.xsl, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\gameData.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\gameList.xsl, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\games.xsl, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\gametype.xsl, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\initHTML.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\popupGames.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\popupHTML.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\popupRSS.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\popupWidgets.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\scroll.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css\ie-only.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css\ie7-only.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css\panels.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css\popupAbout.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css\popupGames.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css\popupRSS.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\css\popupWidgets.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\main.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\css\dialog.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\bg.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\btn-close-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\btn-close.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\btn-search.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\btn-wide-close-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\btn-wide-close.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\default.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\footer-short-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\footer-short-middle.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\footer-short-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\tab-off-l.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\tab-off-r.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\tab-on-l.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\tab-on-r.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\titlebar-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\titlebar-middle.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\titlebar-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\transparent.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\ttlbar-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\ttlbar-mdl.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\ttlbar-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\win-btm-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\win-btm-mdl.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\win-btm-right-resize.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\win-btm-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\win-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\images\win-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\default\scripts\defscript.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ajax-loader.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\apps-hover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrow-dn.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrow-down-white.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrow-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrow-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
 

To be continued in the next post...

Link to post
Share on other sites

Continued Malwarebytes log:

 

PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrow-sml-drop.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrow-sml.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrow-up.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\arrowr-bluew5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\bg-aboutbox.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\bg-btnover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\bg-pnl520x390.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-add.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-addtoolbar-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-addtoolbar-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-back.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-close-grey-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-close-grey.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-close-greyover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-close-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-close.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-dark-left22-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-dark-left22.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-dark-middle22-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-dark-middle22.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-dark-right22-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-dark-right22.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-drag.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-install.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-launch-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-launch.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-mdl-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-mdl.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-moredetails.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-next-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-next.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-play-left-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-play-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-previous-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-previous.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-search-pnlbtm.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-try-left-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-try-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\bullet-orange.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\footer-short-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-add-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\btn-right-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\footer-short-middle.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-info.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\icon-play.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scroll-bg.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\widgets.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\footer-short-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\gamethumb-on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\gamethumb2-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-box-next.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-calendar.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-dollar.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-download.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-info-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-joystick24.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-news24.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-play.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-pref-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-pref.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-tags.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\ico-user-monitor.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\icon-Add.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\icon-download.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\icon-Info.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\icon-shop.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\left-menu-hover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\menul-bgon.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\menul-bgover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\panel-botm-noscroll.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scroll-bg-206.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scroll-topwin.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollb-disable.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollb-down.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollb-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollb.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollt-disable.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollt-down.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollt-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\scrollt.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\searchbox-pnlbtm.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\searchbox.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\searchboxlite.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\searchboxlite_end.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\shadow-leftmenu.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\sprite-dropdown.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\star.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\star_blank.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\star_x_grey.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\star_x_orange.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\titlebar-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\titlebar-middle.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\titlebar-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\topbar-inside-gradient.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\TRUSTe_about.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\view-detailed-on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\view-detailed-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\view-thumb-on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\view-thumb-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\widgets-square-16px.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\widgets-square-24px.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-bottom-middleglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-left-bottomglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-left-middleglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-left-topglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-right-bottomglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-right-middleglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-right-topglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\images\win-top-middleglow.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\js\default.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\js\jquery.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\js\jquery.uniform.min.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\panels\js\jquery.url.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\managerpanel.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\volumeslider.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\css\manager.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\css\slider.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-eq-off.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\bg-pnl.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\btn-close-grey.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\btn-close-greyover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\collapsed_button.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\expanded_button.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\ico-playstation-down.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\ico-playstation-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\ico-playstation.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\ico-radio.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\music-note.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-btn-pause-on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-btn-pause.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-btn-play-on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-btn-play.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-eq-bg.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-eq-buffer.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-eq-busy.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-eq-on.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-eq-warning.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-options-design-on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-options-design.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-options-on.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-options.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-volume-0.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-volume-1.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-volume-2.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-volume-3.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\radio-volume-mute.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\scrollbar-handle.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\scrollbar-track.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\slider.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\slideron.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\radio\images\track.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_07.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\btn-close-grey.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_02.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_03.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_04.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_06.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_08.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_09.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_10.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_11.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_12.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_13.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_14.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_15.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_16.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_18.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_19.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_20.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\border_21.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\btn-close-greyover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\close-hot.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\close-normal.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\loadingMid.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\paneltemplate.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\proxy.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\template.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\template.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\templateFF.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\uwa\throbber.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\icons\cond999.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\icons\icons.xml, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\icons\na-s.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\icons\na-t.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\icons\na.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\icons\weather.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\popupWeather.css, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\popupWeather.html, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\add.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\box-check.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\ico-check.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\options-weather.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\over-blue.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\over-orange.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options\options-main.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options\options-search.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options\options-weather.gif, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options\options-weather.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\options\options-widgets.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\searchbar\searchbar-background-left.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\searchbar\searchbar-background-middle.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\chrome\skin\searchbar\searchbar-background-right.png, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.GamesAGoGo.A, C:\Program Files\gamesagogo_w3i\components\windowmediator.js, , [e5bcf9a71962bc7af2e4be0061a1e61a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\background.html, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\background.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\extension.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\manifest.json, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\popup.html, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\icon128.png, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\icon16.png, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\icon48.png, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\actions\icon1.png, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\icons\notifications\icon1.png, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\background.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\analytics.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\chrome.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\cookie.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\debug.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\dom.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\fb_api.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\installer.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\message.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\push.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\request.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\api\time.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\app_api.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\async_api.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\bg_app_api.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\cookie_store.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\data_store.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\faye-browser-min.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\fb_bridge.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\jquery-1.4.2.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\jquery_later.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ielefkgbofdpglioecfjcbikholflklb\1.13.15_0\js\lib\util.js, , [7928ccd43b40b581d2064678f30f669a],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ielefkgbofdpglioecfjcbikholflklb_0\1, , [eab7970992e9f4420ccee1dd43bfe31d],

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

RogueKiller log:

 

RogueKiller V9.2.3.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Pedro [Admin rights]
Mode : Scan -- Date : 07/19/2014 01:37:30

¤¤¤ Bad processes : 2 ¤¤¤
[suspicious.Path] explorer.exe -- C:\Users\Pedro\AppData\Local\Strongvault Online Backup\ClientApi.dll[7] -> UNLOADED
[suspicious.Path] explorer.exe -- C:\Users\Pedro\AppData\Local\Strongvault Online Backup\CtxMenu.dll[7] -> UNLOADED

¤¤¤ Registry Entries : 19 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SMessaging : C:\Users\Pedro\AppData\Local\Strongvault Online Backup\SMessaging.exe -> FOUND
[suspicious.Path] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Run | WebBar : C:\Users\PILLY & MILLY\AppData\Local\WebBar\2.0.5225.22732\wb.exe -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} | DhcpNameServer : 168.94.0.14 168.94.0.15 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} | DhcpNameServer : 168.94.0.14 168.94.0.15 -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} | DhcpNameServer : 168.94.0.14 168.94.0.15 -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorUser : 0 -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[suspicious.Path] UpdaterEX.job -- C:\Users\Pedro\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND
[suspicious.Path] \\DTReg -- C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe -> FOUND
[suspicious.Path] \\UpdaterEX -- C:\Users\Pedro\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE (/Check) -> FOUND

¤¤¤ Files : 1 ¤¤¤
[ZeroAccess][Junction] $NtUninstallKB33361$ -- C:\Windows\$NtUninstallKB33361$ [JUNCTION@ 0] >> ERROR 5 -> FOUND

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost

¤¤¤ Antirootkit : 42 (Driver: LOADED) ¤¤¤
[sSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x87833cb8
[sSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x87833d50
[sSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x87833560
[sSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x876e2870
[sSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x87842d10
[sSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x87833ae0
[sSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x87842b08
[sSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x87841de8
[sSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x878337c8
[sSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x878490e0
[sSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x87833430
[sSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x87833b88
[sSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x87833c20
[sSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x876e2838
[sSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x87833378
[sSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x87833a48
[sSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x87840170
[sSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x87849068
[sSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x87833918
[sSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x87848818
[sSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x87842c68
[sSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x87833de8
[sSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x87833f90
[sSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x87833238
[sSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x87833860
[sSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x878339b0
[sSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x87833e80
[sSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x87848cc0
[sSDT:Addr(Hook.SSDT)] NtTerminateThread[335] : Unknown @ 0x87833f18
[sSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x878332e0
[sSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x878334d8
[sSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x87842bb0
[shwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x96305658
[shwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x96324380
[shwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x96324308
[shwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x96324ce8
[shwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x87df02b8
[shwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x963241f0
[shwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x962f7da8
[shwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x962f7d20
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x86b93490
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x879843c8

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543216L9SA00 +++++
--- User ---
[MBR] cefddf98938b82a79dd4c2555defd8aa
[bSP] 816ca68f7a72e2302fc48c9155777dd5 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 143737 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 297447424 | Size: 7389 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

I ran all the scans and I ran into a couple problems:

 

After running AdwCleaner and rebooting the laptop, StrongVault Online Backup keeps trying to reinstall itself. I keep hitting Cancel on the installer but it keeps coming back.

 

Eset would not run from Internet Explorer. I think it's because this laptop has IE9 installed on it. I had to download Eset through Chrome to run it.

 

Windows keeps asking me to install updates. Can I do so? While it's updating, can I update IE?

 

Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista Home Basic x86
Ran by Pedro on Mon 07/21/2014 at 19:20:12.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [service] backupstack
Successfully deleted: [service] backupstack

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging [strongvault]
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\messenger
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchengineprotection
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\smart pc cleaner

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbarbroker.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\spd
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\stronghold online backup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\shoppingreport2
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\spd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\strongvault
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\viewpointmediaplayer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03B8F9F654EB61149B27A5E6232AF198
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A6C31479ED1774478278AEC05C53734
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\117F36ACB1FA8FE4FB8DE5869D5DC1B7
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\210BA4DAAB841D34AAB1A5488133B56F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\258ADB72AEB6B5B4E87E033FD42EECDB
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\275BEA673DE2EF84D9FBBA01F454B0A1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44E48D359D0E3C046B095FE02C949587
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\527A803F31451F449A6BAA11692F299D
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\556CE85F2024C5F4E82D7A2A0562CD86
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7561261EA855B284BA87796570DE5642
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\783032B8ED3D6814785C7EA6483B0E1F
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA3487EB964306043BAE5440BDD306F0
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C309303340E2B9543B1EBB5EC092CC39
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5D6C9FB759991B4980D0A58D213BA36
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D66203FFB6DA5B248BD50828295C5DC9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB495948FFAF5D24791799596E7335DD
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3BDE530679EF804C91870534488E810
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4144E6D71F27E6449BDC85994EF0360
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6D97A6B8C7CD5A43AD6B4A425AF761C
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5767AEF6-6C7D-4006-944C-392A60EB4924}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

 

~~~ Files

Successfully deleted: [File] "C:\Windows\System32\Tasks\scheduled update for ask toolbar"
Successfully deleted: [File] "C:\Windows\Tasks\driverupdate startup.job"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\free ride games"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Pedro\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Pedro\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Pedro\AppData\Roaming\smart pc cleaner"
Successfully deleted: [Folder] "C:\Users\Pedro\AppData\Roaming\w3i, llc"
Successfully deleted: [Folder] "C:\Users\Pedro\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Pedro\appdata\locallow\gamesagogo_w3i"
Successfully deleted: [Folder] "C:\Users\Pedro\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Pedro\appdata\locallow\shoppingreport2"
Successfully deleted: [Folder] "C:\Users\Pedro\Local Settings\Application Data\babylon"
Successfully deleted: [Folder] "C:\Users\Pedro\Local Settings\Application Data\rewardsarcadesuite"
Successfully deleted: [Folder] "C:\Users\Pedro\Local Settings\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Users\Pedro\Local Settings\Application Data\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\4shared toolbar"
Successfully deleted: [Folder] "C:\Program Files\aol toolbar"
Successfully deleted: [Folder] "C:\Program Files\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files\free ride games"
Successfully deleted: [Folder] "C:\Program Files\gamesagogo_w3i"
Successfully deleted: [Folder] "C:\Program Files\gamesbar"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Successfully deleted: [Folder] "C:\Program Files\pricegong"
Successfully deleted: [Folder] "C:\Program Files\rewardsarcadesuite"
Successfully deleted: [Folder] "C:\Program Files\savepath deals"
Successfully deleted: [Folder] "C:\Program Files\smart pc cleaner"
Successfully deleted: [Folder] "C:\Program Files\spdupdater"
Successfully deleted: [Folder] "C:\Program Files\startnow toolbar"
Successfully deleted: [Folder] "C:\Program Files\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\yontoo layers runtime"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Pedro\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\Pedro\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/21/2014 at 19:43:21.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner:

 

# AdwCleaner v3.216 - Report created 21/07/2014 at 20:28:51
# Updated 17/07/2014 by Xplode
# Operating System : Windows Vista Home Basic Service Pack 2 (32 bits)
# Username : Pedro - PEDRO-PC
# Running from : C:\Users\Pedro\Desktop\Robin\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Savepath Deals
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner
Folder Deleted : C:\Program Files\BrowseMark
Folder Deleted : C:\Users\Pedro\AppData\Local\PackageAware
Folder Deleted : C:\Users\Pedro\AppData\Local\Temp\BrowseMark
Folder Deleted : C:\Users\Pedro\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\PILLY & MILLY\AppData\Local\SearchProtect
Folder Deleted : C:\Users\PILLY & MILLY\AppData\Local\StartNow
Folder Deleted : C:\Users\PILLY & MILLY\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\PILLY & MILLY\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\PILLY & MILLY\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\PILLY & MILLY\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\PILLY & MILLY\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\PILLY & MILLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\PILLY & MILLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Public\util
Folder Deleted : C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
File Deleted : C:\Users\Pedro\Desktop\Sync Folder.lnk
File Deleted : C:\Windows\System32\Tasks\DTChk
File Deleted : C:\Windows\System32\Tasks\DTReg
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2C3B75A-9D7D-4D60-A5AD-6EE149CD6935}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2C3B75A-9D7D-4D60-A5AD-6EE149CD6935}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58A0CD10-8377-4ADA-9B40-7805590E13EE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58A0CD10-8377-4ADA-9B40-7805590E13EE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45F43719-857F-43BD-913C-5EA06F736F50}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45F43719-857F-43BD-913C-5EA06F736F50}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28842ECB-F301-403C-B4A8-A267C23287FF}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28842ECB-F301-403C-B4A8-A267C23287FF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6EF6C45-5E8D-4C3B-B580-A5073261A381}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : HKCU\Software\Smart PC Cleaner
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart PC Cleaner_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\hblitesa
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\QuestBrowse
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok

[ File : C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869

[ File : C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20130302&user_guid=&machine_id=a9b08e1151aecddb87d108949122577e&browser=IE&os=win&os_version=6.0-x86-SP2&iesrc={referrer:source}
Deleted [search Provider] : hxxp://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140225&user_guid=&machine_id=a9b08e1151aecddb87d108949122577e&browser=cr&os=win&os_version=6.0-x86-SP2
Deleted [startup_urls] : hxxp://search.startnow.com/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140225&user_guid=&machine_id=a9b08e1151aecddb87d108949122577e&browser=cr&os=win&os_version=6.0-x86-SP2
Deleted [Extension] : bkomkajifikmkfnjgphkjcfeepbnojok

*************************

AdwCleaner[R0].txt - [10677 octets] - [21/07/2014 19:51:59]
AdwCleaner[s0].txt - [10825 octets] - [21/07/2014 20:28:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10886 octets] ##########

Link to post
Share on other sites

Malwarebytes:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2014
Scan Time: 8:41:56 PM
Logfile: MBAM 7.21.14.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.21.09
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Pedro

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347358
Time Elapsed: 51 min, 6 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gt, , [178a227e4b30de58cd4012b11ee449b7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 21
PUP.Optional.PriceGong.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, , [cfd21f81a1da40f631cf8623a45e39c7],
PUP.Optional.PriceGong.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok, , [e7bab1eff6854aecab557a2f9e6447b9],
PUP.Optional.WeCare.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon, , [059c316f5e1dd6600f5d14a0966c04fc],
PUP.Optional.WeCare.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.9_0, , [059c316f5e1dd6600f5d14a0966c04fc],
PUP.Optional.WeCare.A, C:\Users\Milly\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.9_0\images, , [059c316f5e1dd6600f5d14a0966c04fc],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\bootstrap, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\bootstrap\css, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\bootstrap\img, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\css\images, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\html, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\images, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\js, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.WeCare.A, C:\Users\PILLY & MILLY\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.22_0\modules, , [732ee5bb3942191d6b01684c7c868e72],
PUP.Optional.CrossRider.A, C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ielefkgbofdpglioecfjcbikholflklb_0, , [c2df9808a2d9ee48c9d98d3310f2a759],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\1051372671, , [ecb5762abebdc670fcc224dcf7098e72],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\3620296088, , [049d118fdf9c87afae1052ae2fd1be42],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\3620296088\l, , [049d118fdf9c87afae1052ae2fd1be42],
Backdoor.0Access, c:\windows\$ntuninstallkb33361$\3620296088\u, , [049d118fdf9c87afae1052ae2fd1be42],

Files: 1
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gt.sys, , [ca67dc34f45aa96148011015c43d42d1],

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESET:

 

C:\AdwCleaner\Quarantine\C\Program Files\BrowseMark\bin\BrowseMark.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\BrowseMark\bin\BrowseMarkBAApp.dll.vir a variant of Win32/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\PILLY & MILLY\AppData\LocalLow\AskToolbar\setup.exe.vir a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\AOL Instant Messenger\AIM.exe.vir Win32/Adware.WBug.A application
C:\Users\Milly\AppData\LocalLow\gamesagogo_w3i\encyclopediabritannicagamesbar.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\Milly\AppData\LocalLow\gamesagogo_w3i\encyclopediabritannicagamesbarX.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Users\Pedro\AppData\Local\Temp\{FEE11C0D-6A87-4D41-A20E-C0938381EE76}\setup.exe multiple threats
C:\Users\Pedro\AppData\Roaming\VisicomToolBar\gamesagogo_en_w3i_toolbar_3.2.0.36.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Pedro\Documents\FrostWire\Saved\frostwire-5.0.8.windows.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\Pedro\Downloads\iTunes_Setup.exe Win32/InstallCore.MM potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsa3708.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsg3F62.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsj2B65.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsl6069.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsl8049.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsl8B21.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nso981C.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsv16EB.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsv227F.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\AppData\Local\Temp\nsy66A0.tmp\zplugins.dll a variant of Win32/Distromatic.C potentially unwanted application
C:\Users\PILLY & MILLY\Downloads\caritas sonrientes.exe Win32/Toolbar.SearchSuite potentially unwanted application
C:\Users\PILLY & MILLY\Downloads\DictionaryBoss.exe Win32/AdInstaller potentially unwanted application
C:\Users\PILLY & MILLY\Downloads\flv_installer.exe a variant of Win32/SquareNet.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27JA5GKU\genfix2-a[1] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27JA5GKU\genfix2-a[3] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27JA5GKU\genfix2-a[6] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27JA5GKU\genfix2-a[7] Win32/Toolbar.Zugo.D potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27JA5GKU\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo potentially unwanted application

Link to post
Share on other sites

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by Pedro (administrator) on PEDRO-PC on 22-07-2014 00:05:56
Running from C:\Users\Pedro\Desktop\Robin
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(America Online) C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
(America Online, Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(America Online Inc) C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.4.0.13\nis.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.4.0.13\nis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Run: [Facebook Update] => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-06] (Facebook Inc.)
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1517136145-1328366619-2469452859-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk.disabled
ShortcutTarget: FrostWire On Startup.lnk.disabled -> C:\Program Files\FrostWire\FrostWire.exe (FrostWire Group)
Startup: C:\Users\PILLY & MILLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
ShortcutTarget: OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 4SyncOverlay1 -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files\4Sync\ShellExt.dll (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: 4SyncOverlay2 -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files\4Sync\ShellExt.dll (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: 4SyncOverlay3 -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files\4Sync\ShellExt.dll (New IT Solutions Ltd)
GroupPolicyUsers\S-1-5-21-1517136145-1328366619-2469452859-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3ED5066F-2E25-4157-8D56-93A3E571B355} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKCU - DefaultScope {3ED5066F-2E25-4157-8D56-93A3E571B355} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
SearchScopes: HKCU - {3ED5066F-2E25-4157-8D56-93A3E571B355} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 - C:\Program Files\Free Ride Games\npExentCtl.dll No File
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Pedro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFReader.dll (PDFReader)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-25]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2014-01-15]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-07-21]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-21]
CHR Extension: (Google Drive) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-15]
CHR Extension: (YouTube) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (Norton Identity Protection) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-21]
CHR Extension: (Google Wallet) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-21]
CHR Extension: (Gmail) - C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
CHR HKLM\...\Chrome\Extension: [mdibpcceojcijhomkdgiffflkgngmapf] - C:\Users\Pedro\AppData\Roaming\Genieo\Application\chrome_ext\ChromeSensor.crx [2012-02-02]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\Exts\Chrome.crx [2014-07-09]

========================== Services (Whitelisted) =================

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [10328 2004-10-20] (America Online)
R2 AOL TopSpeedMonitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [100016 2004-10-15] (America Online, Inc)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-28] (Google)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.4.0.13\NIS.exe [276376 2014-06-27] (Symantec Corporation)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

U3 .netbt; \* [0 2013-11-14] () [File not signed]
R2 ASCTRM; C:\Windows\system32\Drivers\ASCTRM.sys [8552 2010-01-23] (Windows ® 2000 DDK provider) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140703.001\BHDrvx86.sys [1101616 2014-05-09] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1504000.00D\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-07-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-12] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140721.001\IDSvix86.sys [395992 2014-03-25] (Symantec Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [110296 2014-07-21] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140721.009\NAVENG.SYS [93272 2014-07-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140721.009\NAVEX15.SYS [1612376 2014-07-18] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1504000.00D\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1504000.00D\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
R0 SymDS; C:\Windows\System32\drivers\NIS\1504000.00D\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1504000.00D\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-01-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1504000.00D\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NIS\1504000.00D\SYMTDIV.SYS [384728 2014-02-17] (Symantec Corporation)
U0 ujqoicj; C:\Windows\System32\drivers\ltybr.sys [52440 2014-07-21] (Malwarebytes Corporation)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}t; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys [55232 2014-05-13] (StdLib)
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 X6XSEx; \??\C:\Program Files\Free Ride Games\X6XSEx.Sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-21 21:53 - 2014-07-21 21:53 - 00000000 ____D () C:\Program Files\ESET
2014-07-21 21:43 - 2014-07-21 21:43 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ltybr.sys
2014-07-21 19:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-21 19:51 - 2014-07-21 20:29 - 00000000 ____D () C:\AdwCleaner
2014-07-21 19:19 - 2014-07-21 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-19 01:07 - 2014-07-19 01:07 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-19 01:07 - 2014-07-19 01:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-18 23:46 - 2014-07-18 23:46 - 00000000 ____D () C:\Windows\ERDNT
2014-07-18 23:45 - 2014-07-18 23:45 - 00000704 _____ () C:\Users\PILLY & MILLY\Desktop\NTREGOPT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000704 _____ () C:\Users\Milly\Desktop\NTREGOPT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000685 _____ () C:\Users\PILLY & MILLY\Desktop\ERUNT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000685 _____ () C:\Users\Milly\Desktop\ERUNT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-18 23:45 - 2014-07-18 23:45 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-16 19:44 - 2014-07-22 00:06 - 00000000 ____D () C:\FRST
2014-07-15 22:01 - 2014-07-22 00:05 - 00000000 ____D () C:\Users\Pedro\Desktop\Robin
2014-07-15 20:25 - 2014-07-21 20:40 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 20:24 - 2014-07-21 21:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-15 20:24 - 2014-07-15 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 20:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 20:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 20:23 - 2014-07-15 20:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pedro\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-15 20:14 - 2014-07-15 20:14 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 15:31 - 2014-06-06 19:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 15:31 - 2014-06-06 18:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 15:31 - 2014-06-06 18:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 15:31 - 2014-06-06 18:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 15:31 - 2014-06-06 18:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 15:31 - 2014-06-06 18:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 15:31 - 2014-06-06 18:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-09 15:31 - 2014-06-06 17:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 15:31 - 2014-06-06 17:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 15:31 - 2014-06-06 17:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 15:31 - 2014-06-06 17:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 15:31 - 2014-06-06 17:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-09 15:31 - 2014-06-06 17:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 15:31 - 2014-06-06 17:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 15:31 - 2014-06-06 17:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-09 15:31 - 2014-06-06 17:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 15:31 - 2014-06-06 17:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-09 15:31 - 2014-06-06 17:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 15:30 - 2014-06-06 19:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 15:30 - 2014-06-06 03:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 15:25 - 2014-05-30 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-03 21:32 - 2014-07-03 21:32 - 00966840 _____ () C:\Users\PILLY & MILLY\Downloads\flv_installer.exe
2014-06-24 15:34 - 2014-06-24 15:34 - 06010880 _____ () C:\Program Files\GUT7FEA.tmp
2014-06-24 15:34 - 2014-06-24 15:34 - 00000000 ____D () C:\Program Files\GUM7FCA.tmp

==================== One Month Modified Files and Folders =======

2014-07-22 00:06 - 2014-07-16 19:44 - 00000000 ____D () C:\FRST
2014-07-22 00:05 - 2014-07-15 22:01 - 00000000 ____D () C:\Users\Pedro\Desktop\Robin
2014-07-21 23:44 - 2014-04-21 20:15 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 23:09 - 2013-03-06 21:04 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA.job
2014-07-21 22:32 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 22:32 - 2006-11-02 07:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 21:53 - 2014-07-21 21:53 - 00000000 ____D () C:\Program Files\ESET
2014-07-21 21:44 - 2014-07-15 20:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-21 21:43 - 2014-07-21 21:43 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\ltybr.sys
2014-07-21 21:43 - 2006-11-02 06:18 - 00000000 _SHDC () C:\Windows\$NtUninstallKB33361$
2014-07-21 21:43 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Resources
2014-07-21 20:41 - 2009-01-11 20:15 - 01362370 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 20:40 - 2014-07-15 20:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 20:36 - 2012-11-02 19:03 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\Skype
2014-07-21 20:34 - 2014-04-21 20:15 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 20:32 - 2008-01-20 22:02 - 01599426 _____ () C:\Windows\PFRO.log
2014-07-21 20:32 - 2006-11-02 07:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 20:30 - 2006-11-02 07:58 - 00032522 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 20:29 - 2014-07-21 19:51 - 00000000 ____D () C:\AdwCleaner
2014-07-21 20:28 - 2006-11-02 06:18 - 00000000 ___RD () C:\Users\Public
2014-07-21 20:09 - 2013-03-06 21:04 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core.job
2014-07-21 19:19 - 2014-07-21 19:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-19 01:07 - 2014-07-19 01:07 - 00029160 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-19 01:07 - 2014-07-19 01:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-18 23:46 - 2014-07-18 23:46 - 00000000 ____D () C:\Windows\ERDNT
2014-07-18 23:45 - 2014-07-18 23:45 - 00000704 _____ () C:\Users\PILLY & MILLY\Desktop\NTREGOPT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000704 _____ () C:\Users\Milly\Desktop\NTREGOPT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000685 _____ () C:\Users\PILLY & MILLY\Desktop\ERUNT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000685 _____ () C:\Users\Milly\Desktop\ERUNT.lnk
2014-07-18 23:45 - 2014-07-18 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-18 23:45 - 2014-07-18 23:45 - 00000000 ____D () C:\Program Files\ERUNT
2014-07-18 23:41 - 2014-04-14 16:52 - 00000114 _____ () C:\Users\Pedro\AppData\Roaming\WB.CFG
2014-07-16 20:20 - 2012-09-30 20:05 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\OpenOffice.org2
2014-07-16 20:18 - 2009-05-06 17:53 - 00169984 _____ () C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-16 19:03 - 2011-01-23 14:09 - 00000000 ____D () C:\Users\Pedro\AppData\Roaming\FrostWire
2014-07-16 18:57 - 2013-02-01 15:26 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-15 20:42 - 2006-11-02 05:23 - 00000437 _____ () C:\Windows\win.ini
2014-07-15 20:25 - 2014-07-15 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 20:25 - 2012-05-08 20:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 20:23 - 2014-07-15 20:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Pedro\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 20:18 - 2014-07-15 20:18 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-15 20:18 - 2014-04-15 16:39 - 00000000 ___RD () C:\Program Files\Skype
2014-07-15 20:18 - 2012-11-02 19:03 - 00000000 ____D () C:\ProgramData\Skype
2014-07-15 20:14 - 2014-07-15 20:14 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-15 20:14 - 2011-08-04 19:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-15 19:52 - 2013-02-06 22:01 - 00000000 ____D () C:\Users\PILLY & MILLY\AppData\Roaming\OpenOffice.org2
2014-07-11 13:01 - 2013-03-16 14:33 - 00000000 ____D () C:\Users\PILLY & MILLY\AppData\Local\CrashDumps
2014-07-09 17:16 - 2014-01-15 21:38 - 00002184 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-07-09 17:16 - 2014-01-15 21:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-07-09 17:16 - 2014-01-15 21:35 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-07-09 17:15 - 2006-11-02 07:44 - 00405880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:16 - 2013-08-14 18:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:04 - 2006-11-02 05:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-09 16:03 - 2009-01-11 19:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-07 14:15 - 2012-09-30 20:05 - 00000000 ____D () C:\Users\Pedro\AppData\Local\CrashDumps
2014-07-07 14:11 - 2009-06-18 15:52 - 00000632 __RSH () C:\Users\Pedro\ntuser.pol
2014-07-07 14:11 - 2009-04-25 22:03 - 00000000 ____D () C:\Users\Pedro
2014-07-03 21:32 - 2014-07-03 21:32 - 00966840 _____ () C:\Users\PILLY & MILLY\Downloads\flv_installer.exe
2014-07-03 19:14 - 2014-05-11 20:57 - 00000000 ____D () C:\Users\PILLY & MILLY\AppData\Local\WebBar
2014-07-01 19:46 - 2013-11-14 20:22 - 00000632 __RSH () C:\Users\Milly\ntuser.pol
2014-07-01 19:46 - 2013-11-14 20:21 - 00000000 ____D () C:\Users\Milly
2014-06-24 15:34 - 2014-06-24 15:34 - 06010880 _____ () C:\Program Files\GUT7FEA.tmp
2014-06-24 15:34 - 2014-06-24 15:34 - 00000000 ____D () C:\Program Files\GUM7FCA.tmp

Some content of TEMP:
====================
C:\Users\Pedro\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pedro\AppData\Local\Temp\mpb1324.tmp.exe
C:\Users\Pedro\AppData\Local\Temp\Quarantine.exe
C:\Users\Pedro\AppData\Local\Temp\Sqlite3.dll
C:\Users\Pedro\AppData\Local\Temp\vcredist_x86.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\air4D4D.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\air551C.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\BackupSetup.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\vcredist_x86.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\{AAADA4F6-9142-4621-B51A-65AB31ACA83A}-35.0.1916.114_chrome_installer.exe
C:\Users\PILLY & MILLY\AppData\Local\Temp\{BA91748D-F38D-4C05-8ACB-75B8C68A9971}-34.0.1847.137_chrome_installer.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-21 20:41

==================== End Of Log ============================

 

FRST Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-07-2014
Ran by Pedro at 2014-07-22 00:07:35
Running from C:\Users\Pedro\Desktop\Robin
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
4shared Toolbar (HKLM\...\4shared Toolbar) (Version:  - )
4Sync (HKLM\...\4Sync) (Version:  - )
7-zip v9.20 (HKLM\...\7-zip) (Version: v9.20 - TUGUU SL) <==== ATTENTION
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
Amazon Links (HKLM\...\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}) (Version: 1.0 - TOSHIBA Corporation)
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AOL Coach Version 2.0(Build:20041026.5 en) (HKLM\...\AolCoach2_en) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
AOL Deskbar (HKLM\...\AOL Deskbar) (Version:  - )
AOL Spyware Protection (HKLM\...\AOL Spyware Protection) (Version: 1.0.76 - AOL Spyware Protection)
AOL Toolbar (HKLM\...\AOL Toolbar) (Version:  - )
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASPCA TriMini Reminder by We-Care.com v5.0.5.1 (HKLM\...\{1CCF681C-C203-49B3-83F4-A54F0F944416}) (Version: 5.0.5.1 - We-Care.com)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
att.net Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
blinkx beat (HKCU\...\blinkx beat) (Version: 1.4.28 - blinkx)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2: Town of the Year (HKLM\...\exent_575350) (Version:  - )
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Disney's Extremely Goofy Skateboarding Preview (HKLM\...\Disney's Extremely Goofy Skateboarding Preview) (Version:  - )
DriverUpdate (HKLM\...\{2B353DA2-A8FD-4238-B207-62A1921158D7}) (Version: 2.2.35415 - SlimWare Utilities, Inc.)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FrostWire 4.20.9 (HKLM\...\FrostWire) (Version: 4.20.9.0 - FrostWire, LLC)
Genieo (HKCU\...\genieo) (Version: 1.0.310 - Genieo Innovation Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google SketchUp 8 (HKLM\...\{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}) (Version: 3.0.4811 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Insider Tales - Vanished in Rome (HKLM\...\exent_668750) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
InterActual Player (HKLM\...\InterActual Player) (Version:  - )
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Oasis (HKLM\...\{c6c214df-2922-4809-94aa-f4d67d4451ec}) (Version: 1.0.0 - W3i, LLC)
NetZero Internet Access Installer (HKLM\...\{99D518AB-77F2-405B-B52A-18FC22394CF8}) (Version: 1.0.874 - TOSHIBA Corporation)
Norton Internet Security (HKLM\...\NIS) (Version: 21.4.0.13 - Symantec Corporation)
OpenOffice.org 2.3 (HKLM\...\{2F29D6D2-824E-4FEF-8AED-7013F39F642A}) (Version: 2.3.9238 - OpenOffice.org)
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
PDF Opener 0.1 (HKLM\...\PDF Opener) (Version: 0.1 - )
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pure Networks Port Magic (HKLM\...\Port Magic) (Version: 1.2.1393.0 - Pure Networks)
QuickBooks Financial Center (HKLM\...\{890EF3F8-742F-46BD-9E8E-084B3A1F4364}) (Version: 1.10.0000 - Intuit Inc.)
QuickTime (HKLM\...\QuickTime) (Version:  - )
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version:  - Realtek Semiconductor Corp.)
RewardsArcadeSuite (HKCU\...\RewardsArcadeSuite) (Version:  - 215 Apps)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Strongvault Online Backup (HKLM\...\{692EF506-1E15-4473-A829-ED951D6C49DB}) (Version: 2.0.0 - Strongvault) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
The Treasures of Montezuma (HKLM\...\exent_466550) (Version:  - )
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.1.24 - TOSHIBA Corporation) Hidden
TP Preview Exclusive Broadside Blast (HKLM\...\{2156D3D1-7EBF-11D6-B2FB-0002A5E32BEF}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VLC Player (HKLM\...\VLC Player) (Version: 1.14 - vlcplayerdownload.com)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.3374 - Microsoft Corporation) Hidden
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

17-04-2014 23:23:29 Windows Update
28-04-2014 21:20:19 Scheduled Checkpoint
03-05-2014 21:20:07 Windows Update
15-05-2014 00:59:02 Windows Update
16-05-2014 01:20:40 Windows Update
11-06-2014 01:24:21 Windows Update
09-07-2014 20:57:03 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {6775B6CB-A1B7-4A08-858A-DEB8E46D4C14} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {67F8F34C-2F0D-4EB4-A008-02483F1C1A3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7DF749F5-F54B-45D4-A181-F0755EFE9680} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7E7D6DF6-1DC2-4D4C-85D7-2BDAF480AE86} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8BFCE2FE-F4F4-465B-8A87-2ED26081CF6E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-06] (Facebook Inc.)
Task: {8C1C2474-7E3B-4457-A85A-148131C513DD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-06] (Facebook Inc.)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {A4CF90E9-2F18-40CB-A028-0ED90C9C6A3D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {C0241F00-6169-41BB-B9AF-1365CE32BFFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {FC68CD10-C207-4EEE-A841-5C9D59A4C50D} - System32\Tasks\Install_NSS => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-03-03] (Symantec Corporation)
Task: {FD3281A6-4DD4-4485-9C60-394F0FF940B1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core.job => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA.job => C:\Users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Install_NSS.job => C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\$NtUninstallKB33361$:SummaryInformation
AlternateDataStreams: C:\ProgramData\TEMP:07F6D9E4
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\PILLY & MILLY\Downloads\noname.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: AOL Spyware Protection => "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
MSCONFIG\startupreg: AOLDialer => C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1264277266\EE\AOLHostManager.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: StartNowToolbarHelper => "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

==================== Faulty Device Manager Devices =============

Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 08:34:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 07:48:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NIS.exe version 12.11.2.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 142c
Start Time: 01cfa544f5e73820
Termination Time: 562

System errors:
=============
Error: (07/21/2014 11:04:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service

Error: (07/21/2014 09:44:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IPsec Policy AgentBase Filtering Engine%%1290

Error: (07/21/2014 09:44:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Base Filtering Engine%%1290

Error: (07/21/2014 09:43:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Security Center%%1314

Error: (07/21/2014 09:43:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Windows FirewallBase Filtering Engine%%1290

Error: (07/21/2014 09:43:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Base Filtering Engine%%1290

Error: (07/21/2014 09:43:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBase Filtering Engine%%1290

Error: (07/21/2014 09:43:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Base Filtering Engine%%1290

Error: (07/21/2014 09:43:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Base Filtering Engine%%1290

Error: (07/21/2014 08:34:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: X6XSEx%%3

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-22 00:07:16.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:07:15.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:07:14.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:07:13.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:07:11.740
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:07:10.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:07:09.666
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:07:08.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:06:24.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-22 00:06:23.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 1915.26 MB
Available physical RAM: 828.61 MB
Total Pagefile: 4073.84 MB
Available Pagefile: 2893.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.57 MB

==================== Drives ================================

Drive c: (SQ004890V03) (Fixed) (Total:140.37 GB) (Free:35.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: DA922A78)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=140 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Okay, let me have you run the following please.
 
Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Next:

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

 

 

Link to post
Share on other sites

The StrongVault program is still trying to install itself. I've hit 'Cancel' every time the window popped up.

 

When I ran ComboFix, I kept getting notifications that NirCmd had stopped working. ComboFix also gave me a popup that read:

 

"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tcp/ip stack. This is a particularly difficult infection.

 

If for any reason that you're unable to connect to the internet after running ComboFix, reboot once and see if that fixes it.

 

If it's not fixed, run ComboFix one more time."

 

ComboFix rebooted twice while running. Once with my permission (a dialog box popped up and asked me to reboot) and once without (I looked up and the laptop was at the login screen again). I did not have a problem with the internet when ComboFix was done.

 

JavaRa:

 

JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Tue Jul 22 17:38:25 2014

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.Found and removed: Software\JavaSoft\Java UpdateFound and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting.

 

ComboFix:

 

ComboFix 14-07-22.01 - Pedro 07/22/2014  18:54:45.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1915.1072 [GMT -5:00]
Running from: c:\users\Pedro\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pedro\AppData\Roaming\result.db
c:\windows\security\Database\tmp.edb
c:\windows\system32\jgaw400.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.netbt
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-23 to 2014-07-23  )))))))))))))))))))))))))))))))
.
.
2014-07-23 00:17 . 2014-07-23 00:17 -------- d-----w- c:\users\PILLY & MILLY\AppData\Local\temp
2014-07-23 00:17 . 2014-07-23 00:17 -------- d-----w- c:\users\Milly\AppData\Local\temp
2014-07-23 00:17 . 2014-07-23 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-22 02:53 . 2014-07-22 02:53 -------- d-----w- c:\program files\ESET
2014-07-22 00:53 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-22 00:51 . 2014-07-22 01:29 -------- d-----w- C:\AdwCleaner
2014-07-22 00:19 . 2014-07-22 00:19 -------- d-----w- c:\windows\ERUNT
2014-07-19 06:07 . 2014-07-19 06:07 29160 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-07-19 06:07 . 2014-07-19 06:07 -------- d-----w- c:\programdata\RogueKiller
2014-07-19 04:45 . 2014-07-19 04:45 -------- d-----w- c:\program files\ERUNT
2014-07-17 00:44 . 2014-07-22 05:09 -------- d-----w- C:\FRST
2014-07-16 01:25 . 2014-07-22 01:40 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-16 01:24 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-16 01:24 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-16 01:24 . 2014-07-22 02:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-16 01:18 . 2014-07-16 01:18 -------- d-----w- c:\program files\Common Files\Skype
2014-07-16 01:14 . 2014-07-16 01:14 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 20:30 . 2014-06-07 00:19 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 20:30 . 2014-06-02 10:30 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 20:30 . 2014-06-06 08:59 506880 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 20:25 . 2014-05-30 06:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 20:05 . 2014-07-19 05:00 -------- d-----w- c:\windows\system32\drivers\NIS\1504000.00D
2014-06-24 20:34 . 2014-06-24 20:34 -------- d-----w- c:\program files\GUM7FCA.tmp
2014-06-24 20:34 . 2014-06-24 20:34 6010880 ----a-w- c:\program files\GUT7FEA.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-16 01:14 . 2011-08-05 00:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 20:55 . 2014-05-23 00:53 55232 ----a-w- c:\windows\system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}t.sys
2014-05-12 12:25 . 2012-05-09 01:21 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-26 16:01 . 2014-06-10 21:55 502784 ----a-w- c:\windows\system32\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]
@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"
[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]
2011-11-04 15:46 1196544 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]
@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"
[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]
2011-11-04 15:46 1196544 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]
@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"
[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]
2011-11-04 15:46 1196544 ----a-w- c:\program files\4Sync\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-23 98304]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\PILLY & MILLY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FrostWire On Startup.lnk.disabled [2011-1-23 1059]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-05-09 19:49 716800 ----a-w- c:\program files\Toshiba\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-18 23:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 14:40 34904 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-28 15:29 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1264277266\EE\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 01:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-06-25 23:06 150040 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-05-31 16:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-06-25 23:06 145944 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-01-23 20:10 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-01-23 20:10 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files\Toshiba\TOSHIBA Service Station\TSS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\Toshiba\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ    PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 05:44 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000Core.job
- c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07 02:04]
.
2014-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1517136145-1328366619-2469452859-1000UA.job
- c:\users\Pedro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-07 02:04]
.
2014-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-22 01:14]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-22 01:14]
.
2012-04-26 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-03-03 22:49]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: tafths.org\www
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{95080B13-AA71-4EE8-B951-7E98221E1ED5} - c:\program files\4shared Toolbar\4sharedbar.dll
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-StartNowToolbarHelper - c:\program files\StartNow Toolbar\ToolbarHelper.exe
AddRemove-4shared Toolbar - c:\program files\4shared Toolbar\uninstall.exe
AddRemove-AOL Toolbar - c:\program files\AOL Toolbar\UNWISE.EXE
AddRemove-RewardsArcadeSuite - c:\program files\RewardsArcadeSuite\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-07-22 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.4.0.13\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1504000.00D\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.4.0.13"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1517136145-1328366619-2469452859-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ò*5*<%\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2588)
c:\program files\4Sync\ShellExt.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\program files\4Sync\ShellCp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Norton Internet Security\Engine\21.4.0.13\NIS.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Norton Internet Security\Engine\21.4.0.13\NIS.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2014-07-22  19:31:08 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-23 00:31
.
Pre-Run: 41,195,487,232 bytes free
Post-Run: 40,859,856,896 bytes free
.
- - End Of File - - D75B35871D7D0E3DEE445D93D997DFE3
5B5E648D12FCADC244C1EC30318E1EB9
 

Link to post
Share on other sites

  • Root Admin

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.  You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

 

 

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

 


Message borrowed from quietman7 with minor wording and link changes
 

Link to post
Share on other sites

Are other computers connected to the router safe if they have only been connected for a few days? All other computers have active antivirus software, firewalls and Malwarebytes. Should I run a Combofix scan on them to be safe? I ask because our router is from our ISP and the username/password are pre-programmed into it.

 

What is the safest way to back up files on the infected laptop?

 

This laptop has a recovery partition. Can I use that to reinstall the operating system or do I need outside media? Is there a way to reinstall Vista Basic if I have the product key sticker but not recovery disks?

Link to post
Share on other sites

  • Root Admin

The other computers in general should be okay if they have up to date active running antivirus as it would take special work to try and infect the other computers. Not impossible but unlikely and we can scan them later if you like.

 

As for the Recovery partition yes that should be able to reinstall for you. Normal copy/paste or using backup software for user data only - you should be able to backup your data to an external USB drive.

 

There are some listed backup programs if needed in this list

Backup Software

 

Let me know if you need further assistance

Link to post
Share on other sites

Thank you for your help. I will talk to my neighbors and get back to you with how they choose to proceed. If they choose to reinstall Windows, would you mind if I do that, move just their personal data back and we scan again to make absolutely sure the laptop is clean?

Link to post
Share on other sites

I just wanted to let you know that my neighbors have decided to let me reinstall Windows once they back up their personal files. I'm planning on doing the reinstall this weekend and adding their files back to the hard drive. Then can we scan again for the rootkit?

 

I've told them they can back up Office documents, music, videos and pictures. No executables and no zipped files.

 

Is there a quick way to get a list of all the programs installed that doesn't list every Microsoft update?

Link to post
Share on other sites

  • Root Admin

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 

 

Please read the following and post back the 3 requested logs.
 
Diagnostic Logs
 
Thank you
 

Link to post
Share on other sites

Thank you for all your help. Unfortunately my neighbors couldn't wait for me to run another virus scan. I gave them their laptop back and now they're on vacation. I ran Malwarebytes and Avast before I gave it back with no sign of anything. I did include pum and pups in my scan. It was running much better and had none of the previous problems with unwanted software popping up.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.