Jump to content

Everything very slow

Teka

By Teka
in Resolved Malware Removal Logs

 Share

Recommended Posts

Psychotic

Psychotic

Posted
Posted

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

Please run FRST as an administrator and scan again (create a new addition.txt as well).

When done, post both logs.

Link to post
Share on other sites
Teka

Teka

Posted
  • Author
Posted

Hi Marius

 

Thanks fro offering to help

 

Here is the first log

-------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-07-2015
Ran by Admin (administrator) on PACKARDBELL on 12-07-2015 17:06:22
Running from C:\Users\Kated\Desktop
Loaded Profiles: Admin & Kated (Available Profiles: Admin & Kated)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Ruiware LLC) C:\Program Files\WinPatrol\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-20] (Avast Software s.r.o.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EaseUS TB Tray Agent] => C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-04-14] (Malwarebytes Corporation)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\19efd3b5-54e4-4435-8c48-51ea004db764.exe [183232 2015-06-23] (AVAST Software)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3202543499-4289128183-162094314-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3202543499-4289128183-162094314-1000\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3202543499-4289128183-162094314-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\MCShieldRTM.exe [650816 2014-04-11] (MyCity)
HKU\S-1-5-21-3202543499-4289128183-162094314-1001\...\Run: [WinPatrol] => C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-23] (Ruiware LLC)
HKU\S-1-5-21-3202543499-4289128183-162094314-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\Hp\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3202543499-4289128183-162094314-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr [4575232 2015-02-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-05-18]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-06-20] (Avast Software s.r.o.)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3202543499-4289128183-162094314-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-3202543499-4289128183-162094314-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3202543499-4289128183-162094314-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?PC=AV01
URLSearchHook: HKLM - (No Name) - {6667031d-9206-43eb-8e03-6062c09f67e8} -  No File
SearchScopes: HKLM -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3202543499-4289128183-162094314-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3202543499-4289128183-162094314-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3202543499-4289128183-162094314-1001 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: No Name -> {6667031d-9206-43eb-8e03-6062c09f67e8} ->  No File
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-10] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-20] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-17] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-10] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-17] (Google Inc.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-3202543499-4289128183-162094314-1000 -> No Name - {6667031D-9206-43EB-8E03-6062C09F67E8} -  No File
Toolbar: HKU\S-1-5-21-3202543499-4289128183-162094314-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Hosts: There are more than one entry in Hosts. See Hosts section of  Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A011BE87-9039-46ED-A0E3-5328D86505F8}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-10] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-03-17]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-17]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-17]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-17]
CHR Extension: (WOT) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-03-20]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-18]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-18]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
CHR HKU\S-1-5-21-3202543499-4289128183-162094314-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-20] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-06-20] (Avast Software)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2013-07-03] () [File not signed]
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R2 HPSupportSolutionsFrameworkService; c:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2222360 2015-06-02] (IBM Corp.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
R2 Unchecky; C:\Program Files\Unchecky\bin\Unchecky_svc.exe [164600 2015-05-18] (RaMMicHaeL)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-06-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-06-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-06-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-06-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-06-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-09] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-06-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-06-20] ()
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2015-04-08] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [51752 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [41512 2014-12-15] ()
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [15912 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189992 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [34080 2009-05-13] (Glance Networks, Inc)
S3 ICAM5USB; C:\Windows\System32\Drivers\Icam5USB.sys [100992 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2015-05-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 MpKsl151eaf52; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC1FCCAE-8E62-47EE-B423-16C29BE3A1E8}\MpKsl151eaf52.sys [39168 2015-07-12] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2014-11-28] (Secunia)
R1 RapportCerberus_1412112; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412112.sys [531416 2015-06-20] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [280088 2015-06-02] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [68280 2015-06-02] (IBM Corp.)
R0 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [218264 2015-06-02] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [337176 2015-06-02] (IBM Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2015-03-30] (SlimWare Utilities, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-06-20] (Avast Software)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 17:06 - 2015-07-12 17:06 - 00020447 _____ C:\Users\Kated\Desktop\FRST.txt
2015-07-12 16:52 - 2015-07-12 16:52 - 01634816 _____ (Farbar) C:\Users\Kated\Desktop\FRST.exe
2015-07-11 17:37 - 2015-07-11 17:37 - 00000003 _____ C:\Users\Kated\Desktop\2
2015-07-11 17:35 - 2015-07-12 17:06 - 00000000 ____D C:\FRST
2015-06-20 13:23 - 2015-06-20 13:23 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-06-20 13:23 - 2015-06-20 13:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-12 16:52 - 2015-03-17 06:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 16:35 - 2015-03-17 18:30 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-12 16:18 - 2006-11-02 13:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 16:18 - 2006-11-02 13:47 - 00003760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 15:40 - 2015-05-18 19:07 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-07-12 12:27 - 2009-04-11 13:37 - 02028079 _____ C:\Windows\WindowsUpdate.log
2015-07-12 12:23 - 2015-05-18 20:00 - 00013622 _____ C:\Windows\SecuniaPackage.log
2015-07-12 12:20 - 2015-03-17 18:05 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-07-12 12:19 - 2015-03-17 18:30 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-12 12:19 - 2015-03-17 13:13 - 00001686 _____ C:\Windows\Tasks\TIYRASLF.job
2015-07-12 12:19 - 2015-03-17 11:11 - 00001684 _____ C:\Windows\Tasks\NIHLTJT.job
2015-07-12 12:19 - 2015-03-17 11:11 - 00001684 _____ C:\Windows\Tasks\CZXHWFK.job
2015-07-12 12:19 - 2015-03-17 11:11 - 00001334 _____ C:\Windows\Tasks\RGJL.job
2015-07-12 12:18 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 12:16 - 2006-11-02 14:01 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-12 05:33 - 2015-03-17 18:29 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-11 15:44 - 2015-03-17 18:04 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-07-11 14:47 - 2015-03-25 10:51 - 00000000 ____D C:\Users\Kated\AppData\Local\Adobe
2015-07-11 12:14 - 2015-03-17 06:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-11 12:14 - 2015-03-17 06:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-11 12:13 - 2015-03-25 10:52 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2015-07-09 14:34 - 2015-04-15 13:50 - 00000000 ____D C:\Users\Kated\AppData\Roaming\HpUpdate
2015-07-09 14:32 - 2015-03-17 18:30 - 00428120 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-07-05 11:11 - 2015-03-16 10:47 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-20 20:54 - 2015-04-06 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-06-20 20:44 - 2008-01-21 03:47 - 00129010 _____ C:\Windows\PFRO.log
2015-06-20 13:29 - 2015-03-25 10:53 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-06-20 13:28 - 2015-03-25 10:53 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-20 13:23 - 2015-03-17 18:30 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-06-20 13:23 - 2015-03-17 18:30 - 00209048 _____ C:\Windows\system32\Drivers\aswVmm.sys
2015-06-20 13:23 - 2015-03-17 18:30 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-06-20 13:23 - 2015-03-17 18:30 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-06-20 13:23 - 2015-03-17 18:30 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-06-20 13:23 - 2015-03-17 18:30 - 00049904 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2015-06-20 13:23 - 2015-03-17 18:30 - 00024144 _____ C:\Windows\system32\Drivers\aswHwid.sys
 
==================== Files in the root of some directories =======
 
2015-03-19 14:38 - 2015-03-19 22:45 - 0000115 _____ () C:\Users\Admin\AppData\Roaming\LogFile.txt
2015-03-15 16:03 - 2015-03-15 16:04 - 0000680 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2015-03-19 00:17 - 2015-03-19 00:17 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-03-30 17:14 - 2015-03-30 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\APNSetup.exe
C:\Users\Admin\AppData\Local\Temp\Quarantine.exe
C:\Users\Admin\AppData\Local\Temp\scp7CA1.tmp.exe
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Kated\AppData\Local\Temp\jre-8u45-windows-au.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\NlsData0020.dll
C:\Windows\System32\odbcad32.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-12 12:27
 
==================== End of log ============================
 
and here is the second ---------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-07-2015
Ran by Admin at 2015-07-12 17:07:03
Running from C:\Users\Kated\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-3202543499-4289128183-162094314-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-3202543499-4289128183-162094314-500 - Administrator - Disabled)
Guest (S-1-5-21-3202543499-4289128183-162094314-501 - Limited - Enabled)
Kated (S-1-5-21-3202543499-4289128183-162094314-1001 - Limited - Enabled) => C:\Users\Kated
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader X (10.1.14) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
BCL easyConverter SDK 3 (Word Version) (HKLM\...\{A932ABFB-1AC4-4FBF-9954-B710CABE3482}) (Version: 3.0.64 - BCL Technologies)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Todo Backup Free 8.2  (HKLM\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)
Evernote v. 5.8.4 (HKLM\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Family Tree Maker 2014 (HKLM\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{B58FBD4F-C69A-41C1-94AC-1A47AD946C91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Karen's Replicator (HKLM\...\Karen's Replicator) (Version: 3.6.0.9 - Karen Kenworthy)
KWorld TV713X BDA Driver (HKLM\...\KWorld TV713X BDA Driver_is1) (Version:  - )
MailStore Home 8.2.1.10082 (HKLM\...\MailStore Home_universal1) (Version: 8.2.1.10082 - MailStore Software GmbH)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Rapport (Version: 3.5.1412.176 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Search App by Ask (HKLM\...\{4F524A2D-5350-4500-76A7-A758B70C1D00}) (Version: 12.29.0.197 - APN, LLC) <==== ATTENTION
Secunia PSI (3.0.0.10004) (HKLM\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1412.176 - Trusteer)
Unchecky v0.3.7.5 (HKLM\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{1BBF13E0-551E-42DD-91F4-1A547443FFDA}\InprocServer32 -> C:\Users\Admin\AppData\Local\Tbccint\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Admin\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{11491E12-B9C1-4560-9E7F-468191FE3919}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.1.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{16BE3716-F570-422B-ADE5-00F759387300}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\Filters.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{24E404E4-4088-4FFB-A228-F3511E6A4CAC}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\Filters.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{369EC458-45CF-444D-B33D-61E7FABE1C7E}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.1.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx32.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{7F738B9D-EC8D-481D-BBCE-6B74AE1E3250}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\Filters.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{B58F31CA-DF43-4BEF-B800-E0B0F99CFF84}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\enapi.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{BCAD19F2-3F27-4820-B6AA-70507C1D5442}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\Filters.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{BD6BEEE8-64CE-4814-B319-990645883E89}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\EvernoteOL.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{CBF8BAF7-A9F4-46CD-B8A4-C49810A8DE5D}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\Filters.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{DBAED8A2-F1C7-42DC-8145-938F4FB85F02}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{E61F38E3-A981-4EA6-848B-C67D9BBA7526}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\Filters.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{ED443AF0-62B2-43D6-AAB6-1477DE0D4E86}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\Filters.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
CustomCLSID: HKU\S-1-5-21-3202543499-4289128183-162094314-1001_Classes\CLSID\{FD174017-EB5C-4F6F-A7B4-DE782F662966}\InprocServer32 -> C:\Users\Kated\AppData\Local\Apps\Evernote\Evernote\enapi.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Restore Points =========================
 
09-06-2015 12:36:26 Scheduled Checkpoint
10-06-2015 09:17:45 Scheduled Checkpoint
10-06-2015 13:58:22 Windows Update
10-06-2015 20:26:23 Removed HP Photosmart 5520 series Basic Device Software
11-06-2015 16:04:14 Scheduled Checkpoint
12-06-2015 08:38:23 Scheduled Checkpoint
20-06-2015 13:17:23 Windows Update
20-06-2015 20:48:49 Installed Rapport
21-06-2015 09:59:41 Scheduled Checkpoint
22-06-2015 20:26:01 Scheduled Checkpoint
23-06-2015 20:00:00 Scheduled Checkpoint
23-06-2015 21:48:33 Windows Update
24-06-2015 10:59:08 Scheduled Checkpoint
09-07-2015 14:35:34 Windows Update
10-07-2015 08:05:48 Scheduled Checkpoint
11-07-2015 07:34:34 Scheduled Checkpoint
12-07-2015 07:19:23 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2015-07-12 12:19 - 00001930 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
There are 5 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06263311-6B2D-42C2-9CE6-DB7F7C9B5805} - System32\Tasks\TIYRASLF => C:\Users\Kated\AppData\Roaming\TIYRASLF.exe <==== ATTENTION
Task: {0EEA377F-6795-4C2D-A20C-CE558B8D34C1} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kated => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {1AEBADC2-412A-4E26-98D1-743EB486F624} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-7 No Task File <==== ATTENTION
Task: {1CFE34F7-EC69-40AD-89ED-B503E7243ADB} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-6 No Task File <==== ATTENTION
Task: {201E5F0D-A283-488F-B2EF-BE2498392FCD} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-1-7 No Task File <==== ATTENTION
Task: {280E57E9-7972-420E-9FB3-76F6D0C0069E} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-1-6 No Task File <==== ATTENTION
Task: {2D2C78A3-7393-46CB-A6B0-E051A24375A2} - System32\Tasks\NIHLTJT => C:\Users\Kated\AppData\Roaming\NIHLTJT.exe <==== ATTENTION
Task: {2E182A1D-9CC0-4CFE-B44B-38D19B6A54EE} - \TheBestDeals Update No Task File <==== ATTENTION
Task: {2F7A738F-5794-461B-93C9-D0D6AF66A07B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {3232B46F-E568-4464-8096-C4F8B67EF5ED} - \Selection Tools Update No Task File <==== ATTENTION
Task: {453D3C0B-20BB-4862-889A-89C62F176F31} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-10_user No Task File <==== ATTENTION
Task: {4912157F-B5E7-4CBE-917E-FAAD925E3949} - System32\Tasks\BPLPTDUHWxp0wWn => C:\Users\Admin\AppData\Roaming\rVG5Pby\6y9HA9l.exe
Task: {4A419DC6-5178-492A-8537-97338E2A9FD1} - \ac57dff0-57f4-4b76-8736-05864f68c04d-5_user No Task File <==== ATTENTION
Task: {4D46BA77-B226-4991-B1C5-C0C3ABCD754E} - \ac57dff0-57f4-4b76-8736-05864f68c04d-10_user No Task File <==== ATTENTION
Task: {5C254253-FDF5-4C79-803A-FF0A09B4E02F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-20] (Avast Software s.r.o.)
Task: {64A64FC3-4D9B-4051-8FA3-E59F4AC4B53F} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-5 No Task File <==== ATTENTION
Task: {67956809-5260-40BD-BC6C-21BA9D30EA8B} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {845CD4A8-D741-4B69-AFE4-78A354BA4F18} - \ac57dff0-57f4-4b76-8736-05864f68c04d-5 No Task File <==== ATTENTION
Task: {8CA37605-F33E-40F8-A675-F5FF5FDB42CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {97432605-37B6-4E19-81B1-5A6541AD712F} - \ac57dff0-57f4-4b76-8736-05864f68c04d-1-7 No Task File <==== ATTENTION
Task: {9C870D54-D502-4912-AAB5-66D9FBF6621C} - \gtaUpt No Task File <==== ATTENTION
Task: {A158805F-7DDA-425C-8C4E-B804D16906A6} - System32\Tasks\RGJL => C:\Users\Kated\AppData\Roaming\RGJL.exe <==== ATTENTION
Task: {A4764C27-7902-4121-A7EE-3BDFC392B902} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {AEDF6C91-0818-4582-B490-901C36180AF1} - \ac57dff0-57f4-4b76-8736-05864f68c04d-1-6 No Task File <==== ATTENTION
Task: {B518827F-A247-4795-807A-F0280D92A926} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {B62F6BA9-E476-4FFF-A243-786AB8F49701} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-11] (Adobe Systems Incorporated)
Task: {BAA0CF09-2B86-4E91-9BAA-8282CA830E38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {BF1B9475-E79E-4564-AF40-47C83962A867} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5_user No Task File <==== ATTENTION
Task: {C0A9B840-4DF2-48AC-9FE7-0FBA1EE877E6} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {C7B86F75-A646-4D93-AA6F-EA677C935CCF} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {CABF1EE1-1C28-4A96-95E3-5325301C7184} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-5_user No Task File <==== ATTENTION
Task: {CBA92C3D-FF16-456C-B22A-161B5EF430F6} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {CD8B10C4-0376-41AB-A783-864B8A3D2EA2} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-20] (Safer-Networking Ltd.)
Task: {D33B2653-A12D-4828-B6BA-B43BE9611DE9} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5 No Task File <==== ATTENTION
Task: {DE0C5DD4-6645-4A25-B07C-E9793AE2237C} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-6 No Task File <==== ATTENTION
Task: {ECEFC2FB-5406-4E79-B251-0BF24619861B} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5 No Task File <==== ATTENTION
Task: {F74F0BF2-5302-4D21-9B86-31C64E4F5194} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5_user No Task File <==== ATTENTION
Task: {F8C436D2-9588-4194-907D-90D2C3FCC436} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-7 No Task File <==== ATTENTION
Task: {F97887BD-B150-44EF-9061-14392A39424E} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-10_user No Task File <==== ATTENTION
Task: {FA727CFC-6E7D-49F3-9978-8BBBE86BCC2A} - System32\Tasks\CZXHWFK => C:\Users\Kated\AppData\Roaming\CZXHWFK.exe <==== ATTENTION
Task: {FAC2101C-5201-4A72-8215-6139323BE07E} - System32\Tasks\Super anto spyware scan => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2015-07-11] (SUPERAntiSpyware)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => 0x000601008F05B4705CDC9941BFB8139DCFC209A0460052020000000000000000200000000014730F000000000013040000248021DF07070000000C000C0013001B00700100003A0043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005500700064006100740065002E0065007800650000002B002F006100750074006F0075007000640061007400650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F007300650020002F006200610063006B00670072006F0075006E006400000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007A00540068006900730020007400610073006B002000770069006C006C00200072006500670075006C00610072006C007900200063006800650063006B00200066006F007200200073006F00660074007700610072006500200075007000640061007400650073002C00200061006E006400200069006E007300740061006C006C00200061006E007900200061007600610069006C00610062006C006500200075007000640061007400650073002C00200074006F00200065006E007300750072006500200079006F00750020006100720065002000770065006C006C002D00700072006F007400650063007400650064002E000000000008000000000000000000010030000000DF07030011000000000000001100050000000000000000000000000007000000010000000000000000000000
Task: C:\Windows\Tasks\CZXHWFK.job => C:\Users\Kated\AppData\Roaming\CZXHWFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NIHLTJT.job => C:\Users\Kated\AppData\Roaming\NIHLTJT.exe <==== ATTENTION
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => 0x0006010036B6F9B7F13B714E8BCBE32675C4FA8D460036020000000000000000200000000014730F0000000005130400002004210000000000000000000000000000000000003C0043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C005300440049006D006D0075006E0069007A0065002E0065007800650000001D002F0069006D006D0075006E0069007A00650020002F00730069006C0065006E00740020002F006100750074006F0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F0079002000320000007800540068006900730020007400610073006B002000770069006C006C002000750070006400610074006500200079006F0075007200200069006D006D0075006E0069007A006100740069006F006E002C0020006B0065006500700069006E006700200079006F00750072002000620072006F00770073006500720073002000700072006F00740065006300740065006400200061006700610069006E007300740020006B006E006F0077006E0020006D0061006C0077006100720065002000730069007400650073002C00200063006F006F006B00690065007300200061006E00640020006D006F00720065002E000000000008000313040000000000010030000000DF070300110000000000000000001E0000000000000000000000000002000000010008000000000000000000
Task: C:\Windows\Tasks\RGJL.job => C:\Users\Kated\AppData\Roaming\RGJL.exe <==== ATTENTION
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => 0x0006010052DA7A44C4CE1348892F06E52CECB50B46008C010000000000000000200000000014730F0000000005130400C0200421000000000000000000000000000000000000380043003A005C00500072006F006700720061006D002000460069006C00650073005C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032005C00530044005300630061006E002E00650078006500000012002F007300630061006E0020002F0063006C00650061006E0063006C006F0073006500000000001C0053007000790062006F00740020002D002000530065006100720063006800200026002000440065007300740072006F007900200032000000320041002000660075006C006C002000730079007300740065006D0020007300630061006E0020006900730020007200650063006F006D006D0065006E0064006500640020006F006E0063006500200070006500720020006D006F006E00740068002E000000000008000313040000000000010030000000DF070300110000000000000000001E000000000000000000000000000300000001000000FF0F000000000000
Task: C:\Windows\Tasks\TIYRASLF.job => C:\Users\Kated\AppData\Roaming\TIYRASLF.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-17 18:29 - 2015-06-20 13:23 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-17 18:29 - 2015-06-20 13:23 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-11 22:17 - 2015-07-11 22:17 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071101\algo.dll
2015-07-12 12:21 - 2015-07-12 12:21 - 02956288 _____ () C:\Program Files\AVAST Software\Avast\defs\15071200\algo.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckTool.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-04-26 11:02 - 2015-03-14 11:53 - 00107560 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\logsys.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files\EaseUS\Todo Backup\bin\MountImg.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImgFile.dll
2015-04-26 11:02 - 2015-03-14 11:54 - 00281128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-04-26 11:02 - 2015-03-14 11:54 - 00072232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckImg.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files\EaseUS\Todo Backup\bin\BootDriver.dll
2015-04-26 11:02 - 2015-03-14 11:54 - 00759848 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FatLib.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\RegLib.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2015-04-26 11:02 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-04-26 11:03 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-04-26 11:03 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-04-26 11:03 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-03-17 18:04 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-17 18:04 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-17 18:29 - 2015-03-17 18:30 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2015-04-26 11:04 - 2014-12-15 01:04 - 00253992 _____ () C:\Program Files\EaseUS\TrayPopup\TrayTipAgent.exe
2015-04-26 11:04 - 2014-12-15 01:04 - 00223272 _____ () C:\Program Files\EaseUS\TrayPopup\traynet.dll
2015-04-26 11:04 - 2014-12-15 01:04 - 00275496 _____ () C:\Program Files\EaseUS\TrayPopup\libcurl.dll
2015-04-26 11:04 - 2014-12-15 01:04 - 00118328 _____ () C:\Program Files\EaseUS\TrayPopup\zlib1.dll
2015-04-26 11:04 - 2015-03-14 12:05 - 00249896 _____ () C:\Program Files\EaseUS\TrayPopup\uexper.dll
2015-03-27 13:07 - 2015-03-14 11:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3202543499-4289128183-162094314-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\Wallpaper\img22.jpg
HKU\S-1-5-21-3202543499-4289128183-162094314-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Family Tree Maker 2014 OLR => C:\PROGRA~1\AVANQU~1\OLR\FAMILY~1\BVRPOlru.exe /Family Tree Maker 2014
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Web Companion => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WinPatrol => C:\Program Files\WinPatrol\WinPatrol\winpatrol.exe -expressboot
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{4431BE45-62B4-4546-AAB7-5BF5849647CD}] => (Allow) LPort=80
FirewallRules: [{A00DBEAE-DE99-4763-8E9B-E37A915E54BB}] => (Allow) LPort=80
FirewallRules: [{ED7E5C5E-C2C2-4B78-8A31-5424F98E6E2C}] => (Allow) LPort=80
FirewallRules: [{149B826B-9498-4328-B259-E91F07D4B276}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D78B0193-BFFC-4261-879A-E1E985A56436}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3BF1EDEB-79EB-4419-8E86-CB7E26F77CC1}] => (Allow) LPort=2869
FirewallRules: [{3B09A9A5-317A-4C1E-BDBC-FF86D4EB323A}] => (Allow) LPort=1900
FirewallRules: [{2A15D44E-C3F3-47F3-84E3-BB16A1F4B5AF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F75DE81-5F8A-41EC-82DA-67DA307F47B1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8DB95175-EEBE-4CAF-9978-EEF9EF9ED0DA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{931B6C53-B72F-4767-BCCD-5ED4AB034190}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{AD7135B3-42EB-489E-80EB-6D073D9CBB68}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS5445\HPDiagnosticCoreUI.exe
FirewallRules: [{60FCC091-EADC-4CA5-B546-FB36BECCF7FF}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS5445\HPDiagnosticCoreUI.exe
FirewallRules: [{4543E141-BBCA-4783-8684-E7B9474C641F}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS576B\HPDiagnosticCoreUI.exe
FirewallRules: [{8DA8E575-451F-45CE-9A6E-83AC7FFE3A17}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS576B\HPDiagnosticCoreUI.exe
FirewallRules: [{8FF32A01-7DF4-4318-8DE3-3318C1A04852}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{E8040246-0B30-4C18-A470-DAB7BB938921}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AF6316B9-30BD-472C-8105-4CA1AE5CB511}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3CF83023-A56D-4EC7-BA8D-CF1D6F1F6B26}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8E6D06EB-4E9E-446E-9867-5F6B2005294E}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{DBD842CC-B8AB-4264-87AE-2BEBBB5663E2}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{ADBCE4E2-897B-42F8-9006-1620F3CA6134}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{BB4F2ABE-C036-42ED-88B3-ABF48E6424C9}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{C06B1F46-4B9F-44D2-A5D5-27E0F3421781}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{4BDF3024-1906-4A06-911B-D250B5DA338F}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{45A8603E-E9C8-4B5F-A511-5E65626A4B20}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{9A03A964-721A-4631-B69B-21223AAA3D0B}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{C71CF65A-0072-41BA-AA9B-166779E4D539}] => (Allow) C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{ADE9144E-770E-4BC7-9356-7A2923D18A71}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS21AD\HPDiagnosticCoreUI.exe
FirewallRules: [{5A973C64-8D8A-45A4-9683-1B959C45FEDE}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS21AD\HPDiagnosticCoreUI.exe
FirewallRules: [{673E43EB-CF46-4211-A499-DA0630494B7B}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS4DAE\HPDiagnosticCoreUI.exe
FirewallRules: [{398CCADC-EA58-401F-908B-BEF23411E053}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS4DAE\HPDiagnosticCoreUI.exe
FirewallRules: [{F7911BEE-C064-4D48-B524-EC74C93B450B}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4533993D-A049-409B-9589-82B3C85B44E4}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{C6E54E91-E61D-400B-923A-08955579C872}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
FirewallRules: [uDP Query User{377F05C0-0A5F-4D09-83E1-78FF8C59C676}C:\program files\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files\spybot - search & destroy 2\sdupdate.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Name: Multimedia Controller
Description: Multimedia Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The Windows Event Log service is starting.
The Windows Event Log service could not be started.
 
A system error has occurred.
 
More help is available by typing NET HELPMSG 4201.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 69%
Total physical RAM: 2045.76 MB
Available physical RAM: 630.05 MB
Total Virtual: 4336.55 MB
Available Virtual: 2211.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:290.09 GB) (Free:140.45 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Documents New Volume) (Fixed) (Total:931.51 GB) (Free:445.22 GB) NTFS
Drive j: (Local Disk backup store) (Fixed) (Total:465.76 GB) (Free:262.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 948D943F)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=290.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 629444A1)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 2941B70C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================
Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or avast!.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Search App by Ask


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes Anti-Malware to your desktop. Double-click the downloaded setup file and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

[*]Click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites
Teka

Teka

Posted
  • Author
Posted

Hi Marius - thanks fro the further help

 

I gave deleter Microsoft Windows defender and Search App by Ask

 

here is the fix list log

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Kated at 2015-07-13 13:27:09 Run:1
Running from C:\Users\Kated\Desktop
Loaded Profiles: Kated (Available Profiles: Admin & Kated)
Boot Mode: Normal

==============================================

fixlist content:
*****************
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM - (No Name) - {6667031d-9206-43eb-8e03-6062c09f67e8} - No File
Toolbar: HKU\S-1-5-21-3202543499-4289128183-162094314-1000 -> No Name - {6667031D-9206-43EB-8E03-6062C09F67E8} - No File
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [Not Found]
BHO: No Name -> {6667031d-9206-43eb-8e03-6062c09f67e8} -> No File

Task: {06263311-6B2D-42C2-9CE6-DB7F7C9B5805} - System32\Tasks\TIYRASLF => C:\Users\Kated\AppData\Roaming\TIYRASLF.exe <==== ATTENTION
Task: {1AEBADC2-412A-4E26-98D1-743EB486F624} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-7 No Task File <==== ATTENTION
Task: {1CFE34F7-EC69-40AD-89ED-B503E7243ADB} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-6 No Task File <==== ATTENTION
Task: {201E5F0D-A283-488F-B2EF-BE2498392FCD} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-1-7 No Task File <==== ATTENTION
Task: {280E57E9-7972-420E-9FB3-76F6D0C0069E} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-1-6 No Task File <==== ATTENTION
Task: {2D2C78A3-7393-46CB-A6B0-E051A24375A2} - System32\Tasks\NIHLTJT => C:\Users\Kated\AppData\Roaming\NIHLTJT.exe <==== ATTENTION
Task: {2E182A1D-9CC0-4CFE-B44B-38D19B6A54EE} - \TheBestDeals Update No Task File <==== ATTENTION
Task: {3232B46F-E568-4464-8096-C4F8B67EF5ED} - \Selection Tools Update No Task File <==== ATTENTION
Task: {453D3C0B-20BB-4862-889A-89C62F176F31} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-10_user No Task File <==== ATTENTION
Task: {4912157F-B5E7-4CBE-917E-FAAD925E3949} - System32\Tasks\BPLPTDUHWxp0wWn => C:\Users\Admin\AppData\Roaming\rVG5Pby\6y9HA9l.exe
Task: {4A419DC6-5178-492A-8537-97338E2A9FD1} - \ac57dff0-57f4-4b76-8736-05864f68c04d-5_user No Task File <==== ATTENTION
Task: {4D46BA77-B226-4991-B1C5-C0C3ABCD754E} - \ac57dff0-57f4-4b76-8736-05864f68c04d-10_user No Task File <==== ATTENTION
Task: {64A64FC3-4D9B-4051-8FA3-E59F4AC4B53F} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-5 No Task File <==== ATTENTION
Task: {67956809-5260-40BD-BC6C-21BA9D30EA8B} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {845CD4A8-D741-4B69-AFE4-78A354BA4F18} - \ac57dff0-57f4-4b76-8736-05864f68c04d-5 No Task File <==== ATTENTION
Task: {97432605-37B6-4E19-81B1-5A6541AD712F} - \ac57dff0-57f4-4b76-8736-05864f68c04d-1-7 No Task File <==== ATTENTION
Task: {9C870D54-D502-4912-AAB5-66D9FBF6621C} - \gtaUpt No Task File <==== ATTENTION
Task: {A158805F-7DDA-425C-8C4E-B804D16906A6} - System32\Tasks\RGJL => C:\Users\Kated\AppData\Roaming\RGJL.exe <==== ATTENTION
Task: {AEDF6C91-0818-4582-B490-901C36180AF1} - \ac57dff0-57f4-4b76-8736-05864f68c04d-1-6 No Task File <==== ATTENTION
Task: {BF1B9475-E79E-4564-AF40-47C83962A867} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5_user No Task File <==== ATTENTIONk
Task: {D33B2653-A12D-4828-B6BA-B43BE9611DE9} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5 No Task File <==== ATTENTION
Task: {DE0C5DD4-6645-4A25-B07C-E9793AE2237C} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-6 No Task File <==== ATTENTION
Task: {ECEFC2FB-5406-4E79-B251-0BF24619861B} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5 No Task File <==== ATTENTION
Task: {F74F0BF2-5302-4D21-9B86-31C64E4F5194} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5_user No Task File <==== ATTENTION
Task: {F8C436D2-9588-4194-907D-90D2C3FCC436} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-7 No Task File <==== ATTENTION
Task: {F97887BD-B150-44EF-9061-14392A39424E} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-10_user No Task File <==== ATTENTION
Task: {FA727CFC-6E7D-49F3-9978-8BBBE86BCC2A} - System32\Tasks\CZXHWFK => C:\Users\Kated\AppData\Roaming\CZXHWFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\CZXHWFK.job => C:\Users\Kated\AppData\Roaming\CZXHWFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\NIHLTJT.job => C:\Users\Kated\AppData\Roaming\NIHLTJT.exe <==== ATTENTION
Task: C:\Windows\Tasks\RGJL.job => C:\Users\Kated\AppData\Roaming\RGJL.exe <==== ATTENTION
Task: C:\Windows\Tasks\TIYRASLF.job => C:\Users\Kated\AppData\Roaming\TIYRASLF.exe <==== ATTENTION
FirewallRules: [{2A15D44E-C3F3-47F3-84E3-BB16A1F4B5AF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F75DE81-5F8A-41EC-82DA-67DA307F47B1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8DB95175-EEBE-4CAF-9978-EEF9EF9ED0DA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe

2015-03-30 17:14 - 2015-03-30 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Kated\AppData\Roaming\TIYRASLF.exe
C:\Users\Kated\AppData\Roaming\RGJL.exe
C:\Users\Kated\AppData\Roaming\NIHLTJT.exe
C:\Users\Kated\AppData\Roaming\CZXHWFK.exe
C:\Users\Admin\AppData\Roaming\rVG5Pby

EmptyTemp:
Hosts:
*****************

hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => Error setting value.

"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" folder => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6667031d-9206-43eb-8e03-6062c09f67e8} => value could not remove.
HKU\S-1-5-21-3202543499-4289128183-162094314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6667031D-9206-43EB-8E03-6062C09F67E8} => value not found.
HKCR\CLSID\{6667031D-9206-43EB-8E03-6062C09F67E8} => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6667031d-9206-43eb-8e03-6062c09f67e8} => key could not remove. Access Denied.
HKCR\CLSID\{6667031d-9206-43eb-8e03-6062c09f67e8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06263311-6B2D-42C2-9CE6-DB7F7C9B5805} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\TIYRASLF not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TIYRASLF => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AEBADC2-412A-4E26-98D1-743EB486F624} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CFE34F7-EC69-40AD-89ED-B503E7243ADB} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{201E5F0D-A283-488F-B2EF-BE2498392FCD} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{280E57E9-7972-420E-9FB3-76F6D0C0069E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2C78A3-7393-46CB-A6B0-E051A24375A2} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\NIHLTJT not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIHLTJT => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E182A1D-9CC0-4CFE-B44B-38D19B6A54EE} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TheBestDeals Update => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3232B46F-E568-4464-8096-C4F8B67EF5ED} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{453D3C0B-20BB-4862-889A-89C62F176F31} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-10_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4912157F-B5E7-4CBE-917E-FAAD925E3949} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\BPLPTDUHWxp0wWn not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BPLPTDUHWxp0wWn => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A419DC6-5178-492A-8537-97338E2A9FD1} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-5_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D46BA77-B226-4991-B1C5-C0C3ABCD754E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-10_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64A64FC3-4D9B-4051-8FA3-E59F4AC4B53F} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67956809-5260-40BD-BC6C-21BA9D30EA8B} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{845CD4A8-D741-4B69-AFE4-78A354BA4F18} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97432605-37B6-4E19-81B1-5A6541AD712F} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C870D54-D502-4912-AAB5-66D9FBF6621C} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtaUpt => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A158805F-7DDA-425C-8C4E-B804D16906A6} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\RGJL not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RGJL => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEDF6C91-0818-4582-B490-901C36180AF1} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF1B9475-E79E-4564-AF40-47C83962A867} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33B2653-A12D-4828-B6BA-B43BE9611DE9} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE0C5DD4-6645-4A25-B07C-E9793AE2237C} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECEFC2FB-5406-4E79-B251-0BF24619861B} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F74F0BF2-5302-4D21-9B86-31C64E4F5194} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8C436D2-9588-4194-907D-90D2C3FCC436} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97887BD-B150-44EF-9061-14392A39424E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-10_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA727CFC-6E7D-49F3-9978-8BBBE86BCC2A} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\CZXHWFK not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CZXHWFK => key could not remove. Access Denied.
Could not move "C:\Windows\Tasks\CZXHWFK.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\NIHLTJT.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\RGJL.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\TIYRASLF.job" => Scheduled to move on reboot.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A15D44E-C3F3-47F3-84E3-BB16A1F4B5AF} => value could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F75DE81-5F8A-41EC-82DA-67DA307F47B1} => value could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DB95175-EEBE-4CAF-9978-EEF9EF9ED0DA} => value could not remove.
C:\ProgramData\DP45977C.lfl => moved successfully.
"C:\Users\Kated\AppData\Roaming\TIYRASLF.exe" => File/Folder not found.
"C:\Users\Kated\AppData\Roaming\RGJL.exe" => File/Folder not found.
"C:\Users\Kated\AppData\Roaming\NIHLTJT.exe" => File/Folder not found.
"C:\Users\Kated\AppData\Roaming\CZXHWFK.exe" => File/Folder not found.

"C:\Users\Admin\AppData\Roaming\rVG5Pby" folder move:

Could not move "C:\Users\Admin\AppData\Roaming\rVG5Pby" folder => Scheduled to move on reboot.

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 1.9 GB temporary data Removed.

 

------------------------------------------------------------------------------------------------------------------------------------

 

Here is Malwarebyte scan log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/07/2015
Scan Time: 14:02:34
Logfile:
Administrator: No

Version: 2.01.6.1022
Malware Database: v2015.07.13.02
Rootkit Database: v2015.07.10.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Kated

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 240736
Time Elapsed: 16 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Delete-on-Reboot, [2a1cb52c6c1e8aac05d11e7034d0b749],
PUP.Optional.DriverUpdate.A, HKLM\SOFTWARE\SLIMWARE UTILITIES INC\DriverUpdate, Delete-on-Reboot, [96b03ba6ee9c5dd96753424ecb39a45c],

Registry Values: 1
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Delete-on-Reboot, [2a1cb52c6c1e8aac05d11e7034d0b749]

Registry Data: 0
(No malicious items detected)

Folders: 89
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\Installers, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\AppCache, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Local Storage, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\acpiapic, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gencdrom, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gendisk, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\generic_hid_device, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\hdaudio, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\hdaudio\func_01, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\internal_ide_channel, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\cc_0403, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_10ec&dev_8139&rev_10, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_0571, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3038&cc_0c0300, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3044, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3337, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_337a, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_5337, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_a327, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_c327, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\iscsiprt, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\mssmbios, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\rdp_mou, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\swenum, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\umbus, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\volmgr, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\storage, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\storage\volume, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\umb, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\umb\umbus, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_08&subclass_06&prot_50, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_09, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub20, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\acpiapic, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gencdrom, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gendisk, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\generic_hid_device, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\hdaudio, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\hdaudio\func_01, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\internal_ide_channel, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\mf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\cc_0403, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_10ec&dev_8139&rev_10, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_0571, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3038&cc_0c0300, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3044, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3337, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_337a, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_5337, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_a327, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_c327, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\iscsiprt, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\mssmbios, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\rdp_mou, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\swenum, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\umbus, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\volmgr, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\storage, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\storage\volume, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\umb, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\umb\umbus, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_07, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_08&subclass_06&prot_50, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_09, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub20, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Images, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.ConvertAd.A, C:\Users\Admin\AppData\Local\27251C00-1426594686-0720-0821-184414000000, Delete-on-Reboot, [f353dc05177350e6c281d8ba50b41ce4],

Files: 247
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-03-25  19-12-51 0.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-03-25  19-13-02 0.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\Installers\SD-130712620979222163.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Cookies, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Cache\Cookies-journal, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs\2015-03-20 12;58;51,441.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimCleaner Plus\Logs\2015-03-20 12;58;53.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\ignores.dat, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\rupdates.db, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\settings.db, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\supdates.db, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.cat, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\SWDUMon.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\module_info, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\acpiapic\hal.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\acpiapic\hal.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\acpiapic\hal.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\acpiapic\halacpi.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\acpiapic\halmacpi.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gencdrom\cdrom.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gencdrom\cdrom.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gencdrom\cdrom.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gendisk\disk.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gendisk\disk.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\gendisk\disk.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\generic_hid_device\hidclass.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\generic_hid_device\hidparse.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\generic_hid_device\hidusb.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\generic_hid_device\input.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\generic_hid_device\input.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\hdaudio\func_01\hdaudio.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\hdaudio\func_01\hdaudio.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\hdaudio\func_01\HdAudio.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\internal_ide_channel\atapi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\internal_ide_channel\ataport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\internal_ide_channel\mshdc.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\internal_ide_channel\mshdc.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\cc_0403\hdaudbus.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\cc_0403\hdaudbus.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\cc_0403\hdaudbus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_10ec&dev_8139&rev_10\netrtl32.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_10ec&dev_8139&rev_10\netrtl32.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_10ec&dev_8139&rev_10\Rtnicxp.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_0571\atapi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_0571\ataport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_0571\mshdc.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_0571\mshdc.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_0571\pciidex.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3038&cc_0c0300\hcrstco.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3038&cc_0c0300\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3038&cc_0c0300\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3038&cc_0c0300\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3038&cc_0c0300\usbport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3038&cc_0c0300\usbuhci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3044\1394.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3044\1394.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3044\1394bus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3044\ohci1394.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104\hccoin.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104\hcrstco.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104\usbehci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3104\usbport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3337\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3337\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_3337\msisadrv.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_337a\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_337a\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_337a\pci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_5337\atapi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_5337\ataport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_5337\mshdc.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_5337\mshdc.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_5337\pciidex.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_a327\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_a327\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_a327\pci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_c327\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_c327\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\pci\ven_1106&dev_c327\pci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\iscsiprt\iscsi.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\iscsiprt\iscsi.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\iscsiprt\iscsilog.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\iscsiprt\msiscsi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\mssmbios\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\mssmbios\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\mssmbios\mssmbios.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\rdp_mou\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\rdp_mou\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\rdp_mou\termdd.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\swenum\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\swenum\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\swenum\streamci.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\umbus\umbus.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\umbus\umbus.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\umbus\umbus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\volmgr\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\volmgr\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\root\volmgr\volmgr.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\storage\volume\volsnap.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\storage\volume\volume.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\storage\volume\volume.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\umb\umbus\umbus.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\umb\umbus\umbus.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\umb\umbus\umbus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_08&subclass_06&prot_50\usbstor.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_08&subclass_06&prot_50\usbstor.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_08&subclass_06&prot_50\USBSTOR.SYS, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_09\usb.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_09\usb.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\class_09\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub\usbd.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub20\usbd.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub20\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub20\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150319T181635532016\usb\root_hub20\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\module_info, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\acpiapic\hal.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\acpiapic\hal.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\acpiapic\hal.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\acpiapic\halacpi.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\acpiapic\halmacpi.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gencdrom\cdrom.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gencdrom\cdrom.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gencdrom\cdrom.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gendisk\disk.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gendisk\disk.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\gendisk\disk.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\generic_hid_device\hidclass.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\generic_hid_device\hidparse.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\generic_hid_device\hidusb.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\generic_hid_device\input.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\generic_hid_device\input.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\hdaudio\func_01\hdaudio.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\hdaudio\func_01\hdaudio.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\hdaudio\func_01\HdAudio.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\internal_ide_channel\atapi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\internal_ide_channel\ataport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\internal_ide_channel\mshdc.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\internal_ide_channel\mshdc.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\cc_0403\hdaudbus.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\cc_0403\hdaudbus.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\cc_0403\hdaudbus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_10ec&dev_8139&rev_10\netrtl32.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_10ec&dev_8139&rev_10\netrtl32.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_10ec&dev_8139&rev_10\Rtnicxp.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_0571\atapi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_0571\ataport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_0571\mshdc.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_0571\mshdc.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_0571\pciidex.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3038&cc_0c0300\hcrstco.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3038&cc_0c0300\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3038&cc_0c0300\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3038&cc_0c0300\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3038&cc_0c0300\usbport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3038&cc_0c0300\usbuhci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3044\1394.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3044\1394.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3044\1394bus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3044\ohci1394.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104\hccoin.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104\hcrstco.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104\usbehci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3104\usbport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3337\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3337\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_3337\msisadrv.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_337a\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_337a\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_337a\pci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_5337\atapi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_5337\ataport.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_5337\mshdc.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_5337\mshdc.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_5337\pciidex.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_a327\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_a327\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_a327\pci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_c327\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_c327\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\pci\ven_1106&dev_c327\pci.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\iscsiprt\iscsi.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\iscsiprt\iscsi.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\iscsiprt\iscsilog.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\iscsiprt\msiscsi.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\mssmbios\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\mssmbios\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\mssmbios\mssmbios.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\rdp_mou\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\rdp_mou\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\rdp_mou\termdd.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\swenum\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\swenum\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\swenum\streamci.dll, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\umbus\umbus.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\umbus\umbus.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\umbus\umbus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\volmgr\machine.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\volmgr\machine.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\root\volmgr\volmgr.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\storage\volume\volsnap.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\storage\volume\volume.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\storage\volume\volume.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\umb\umbus\umbus.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\umb\umbus\umbus.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\umb\umbus\umbus.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_07\usbprint.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_07\usbprint.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_07\usbprint.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_08&subclass_06&prot_50\usbstor.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_08&subclass_06&prot_50\usbstor.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_08&subclass_06&prot_50\USBSTOR.SYS, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_09\usb.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_09\usb.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\class_09\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub\usbd.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub20\usbd.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub20\usbhub.sys, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub20\usbport.inf, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150330T160800548600\usb\root_hub20\usbport.PNF, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Images\acer.png, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2015-03-19  18-08-47 0.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2015-03-20  12-58-53 0.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2015-03-20  14-08-57 0.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.DriverUpdate.A, C:\Users\Admin\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2015-03-30  17-03-43 0.log, Delete-on-Reboot, [6adc4e9335559c9aaf063a5611f3b848],
PUP.Optional.ConvertAd.A, C:\Users\Admin\AppData\Local\27251C00-1426594686-0720-0821-184414000000\Uninstall.exe, Delete-on-Reboot, [f353dc05177350e6c281d8ba50b41ce4],

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites
Teka

Teka

Posted
  • Author
Posted

Hi

 

Things have got worse on PC. Google Chrome will not load and Windows live mail will not open attachments or allow me to send reply

 

Anyway..

 

I used IE to visit forum and clicked on link to go to ESET site. Clicked "Run ESET....." Acepted terms - clicked start

IE message "this website wants to instal addon" clicked accept

IE message  "browser needs to resend " clicked retry

Windows UAC control requested Admin password - entered

IE says "Add-on failed to run"

 

 

 

started again

 

run IE as Admin

ESET runs (not exactly as described in your help note - perhaps site has been updated?)

 

here is the log from ESET

 

 

C:\AdwCleaner\Quarantine\C\Program Files\entrusted\entrustedToolbarHelper.exe.vir Win32/Toolbar.Conduit.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\entrusted\hk64tbentr.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\entrusted\hktbentr.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\entrusted\ldrtbentr.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\entrusted\prxtbentr.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\entrusted\tbentr.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mountain Bike\bin\21c2e5a71a4a4181b493.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mountain Bike\bin\21c2e5a71a4a4181b49364.dll.vir a variant of Win64/BrowseFox.CI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mountain Bike\bin\21c2e5a71a4a4181b493a02c5d6a043a.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mountain Bike\bin\21c2e5a71a4a4181b493a02c5d6a043a64.dll.vir a variant of Win64/BrowseFox.CK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mountain Bike\bin\MountainBike.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.AC potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Mountain Bike\bin\MountainBike.BrowserAdapter64.exe.vir Win64/BrowseFox.CO potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Tbccint\ToolbarService\ToolbarService.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\IE\CT3134971\UninstallerUI.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tbccint\Multi\CT3134971\UninstallerUI.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Tbccint\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Tbccint\CT3134971\Avanquest_UK_FTMAutoUpdateHelper.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Admin\AppData\Local\Tbccint\CT3134971\Avanquest_UK_FTMToolbarHelper.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Teka\AppData\LocalLow\entrusted\hk64tbentr.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Teka\AppData\LocalLow\entrusted\hktbentr.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Teka\AppData\LocalLow\entrusted\ldrtbentr.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Teka\AppData\LocalLow\entrusted\tbentr.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\system32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application
C:\old documents\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted application
C:\old documents\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted application
C:\old documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\old documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted application
C:\old documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted application
C:\old documents\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\old documents\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
C:\old documents\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\old documents\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Program Files\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
C:\Program Files\EaseUS\Todo Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe application
C:\Program Files\Family Tree Maker 2014\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20CY1X52\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ACXK6S66\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Admin\AppData\Local\Temp\a2da7Rm9hL\y264DCsK\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Admin\AppData\Local\Temp\a2I9tk8zAL\KZkFBPQj\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Users\Admin\AppData\Local\Temp\mia1\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Admin\AppData\Local\Temp\mia1DDC.tmp\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Kated\Downloads\SmartDriverUpdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AH application
C:\Users\Kated\Downloads\tb_free.exe a variant of Win32/TFTPD32.A potentially unsafe application
C:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20CY1X52\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ACXK6S66\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\a2da7Rm9hL\y264DCsK\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\a2I9tk8zAL\KZkFBPQj\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\mia1\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\mia1DDC.tmp\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\Documents and Settings\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\Documents and Settings\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\Documents and Settings\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\Documents and Settings\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\Documents and Settings\Kated\Downloads\SmartDriverUpdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AH application
C:\Windows.old\Documents and Settings\Kated\Downloads\tb_free.exe a variant of Win32/TFTPD32.A potentially unsafe application
C:\Windows.old\Program Files\Family Tree Maker 2014\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\bulletspassview.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\chromepass.exe Win32/PSWTool.ChromePass.A potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\outlookaddressbookview.exe a variant of Win32/OutlookAddressBookView.A potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\passwordscan.exe Win32/PSWTool.WebBrowserPassView.C potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\produkey.exe a variant of Win32/PSWTool.ProductKey.C potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\routerpassview.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\skypelogview.exe a variant of Win32/SkypeLogView.A potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\vncpassview.exe Win32/PSWTool.VNCPassView.A potentially unsafe application
C:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\x64\wirelesskeyview.exe a variant of Win64/WirelessKeyView.B potentially unsafe application
C:\Windows.old\ProgramData\Application Data\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\ProgramData\Application Data\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\ProgramData\Application Data\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\ProgramData\Application Data\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe application
C:\Windows.old\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\Users\Kathy and Ted Admin\Downloads\disk-defrag-setup.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Users\Teka\Downloads\driverupdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AH application
C:\Windows.old\Users\Teka\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
C:\Windows.old\Users\Teka\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
C:\Windows.old\Users\Teka\Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Windows.old\Users\Teka\Downloads\wufinstall.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows.old\Users\Teka\Downloads\Virus_Removal_Tool\Virus_Removal_Tool\Batch Files\Process.exe Win32/PrcView potentially unsafe application
C:\Windows.old\Users\Teka\Downloads\Virus_Removal_Tool\Virus_Removal_Tool\Batch_Files\Process.exe Win32/PrcView potentially unsafe application
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$R4GJJ6A.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$R6WU406.exe Win32/OpenCandy potentially unsafe application
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RAQZT55.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RF9FRJ3.exe a variant of Win32/BSDownloader potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RJN7WXR.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RRKNNNK.exe Win32/Toolbar.Conduit.Y potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RTABBMW.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\C\Local Disk\Program Files\blekkotb\blekkoDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\C\Local Disk\Program Files\blekkotb\blekkotb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\C\Local Disk\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\C\Local Disk\Program Files\PriceGong\2.5.0\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
D:\C\Local Disk\Program Files\PriceGong\2.5.0\FF\components\PriceGongFF.dll a variant of Win32/PriceGong.A potentially unwanted application
D:\C\Local Disk\Program Files\SIW\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
D:\C\Local Disk\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
D:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
D:\C\Local Disk\Users\Adnim 2011\Downloads\wufinstall.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
D:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Profile 3\Cache\f_0011bf a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\C\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\C\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\C\Program Files\blekkotb\blekkoDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\C\Program Files\blekkotb\blekkotb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\C\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\C\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
D:\Documents\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted application
D:\Documents\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted application
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted application
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted application
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted application
D:\Documents\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Documents\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
D:\Documents\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Documents\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Documents\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
D:\Documents\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
D:\Documents\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted application
D:\Documents\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted application
D:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
D:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted application
D:\Documents\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Documents\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
D:\Documents\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\Local Disk\Program Files\blekkotb\blekkoDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\Local Disk\Program Files\blekkotb\blekkotb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\Local Disk\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Local Disk\Program Files\PriceGong\2.5.0\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
D:\Local Disk\Program Files\PriceGong\2.5.0\FF\components\PriceGongFF.dll a variant of Win32/PriceGong.A potentially unwanted application
D:\Local Disk\Program Files\SIW\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
D:\Local Disk\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
D:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application
D:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
D:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
D:\Local Disk\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
D:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003c6 a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
D:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0004e0 a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\is1598539481\blekkoTb_1.0.0.12.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\RarSFX0\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\RarSFX0\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
D:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\RarSFX0\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
D:\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
D:\Local Disk\Users\Adnim 2011\AppData\Roaming\OpenCandy\0568706DFCE84E969156D038E1811666\AVG923_p1v3.exe a variant of Win32/OpenCandy.A potentially unsafe application
D:\Local Disk\Users\Adnim 2011\AppData\Roaming\OpenCandy\0568706DFCE84E969156D038E1811666\OCBrowserHelper_1.0.3.85.dll a variant of Win32/OpenCandy.A potentially unsafe application
D:\Local Disk\Users\archieve email progs\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
D:\Local Disk\Users\archieve email progs\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
D:\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen backup Nov 2014\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted application
J:\Karen backup Nov 2014\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted application
J:\Karen backup Nov 2014\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted application
J:\Karen backup Nov 2014\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted application
J:\Karen backup Nov 2014\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted application
J:\Karen backup Nov 2014\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
J:\Karen backup Nov 2014\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
J:\Karen backup Nov 2014\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen backup Nov 2014\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen backup Nov 2014\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen backup Nov 2014\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen backup Nov 2014\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted application
J:\Karen backup Nov 2014\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted application
J:\Karen backup Nov 2014\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
J:\Karen backup Nov 2014\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted application
J:\Karen backup Nov 2014\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
J:\Karen backup Nov 2014\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen backup Nov 2014\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
J:\karen doc replication\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted application
J:\karen doc replication\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted application
J:\karen doc replication\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted application
J:\karen doc replication\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted application
J:\karen doc replication\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted application
J:\karen doc replication\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
J:\karen doc replication\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted application
J:\karen doc replication\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\karen doc replication\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\karen doc replication\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\karen doc replication\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\karen doc replication\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted application
J:\karen doc replication\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted application
J:\karen doc replication\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted application
J:\karen doc replication\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted application
J:\karen doc replication\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
J:\karen doc replication\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\karen doc replication\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe application
J:\Karen replicator copy  drive C\drive c\$RECYCLE.BIN\S-1-5-21-3429899735-1859134748-1137319262-1001\$RJIK8P9.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\Karen replicator copy  drive C\drive c\$RECYCLE.BIN\S-1-5-21-3429899735-1859134748-1137319262-1001\$RKD3I5V.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Program Files\AskBarDis\bar\bin\askBar.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Program Files\AskBarDis\bar\bin\askPopStp.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\PriceGong\2.5.0\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\PriceGong\2.5.0\FF\components\PriceGongFF.dll a variant of Win32/PriceGong.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SDULauncher.exe a variant of Win32/Adware.SpeedingUpMyPC.AN application
J:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SDUSchedule.exe a variant of Win32/Adware.SpeedingUpMyPC.AL application
J:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SDUSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C application
J:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SmartDriverUpdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AM application
J:\Karen replicator copy  drive C\drive c\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application
J:\Karen replicator copy  drive C\drive c\ProgramData\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}\BearShare_V10_en_Setup.res a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\iMesh_V11_en_Setup.res a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C92B6398\D48124DA\InstallHelper.dll a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0002d9 a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003c6 a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\brand_files[1].7zip a variant of Win32/Toolbar.Visicom.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\brand_files[2].7zip Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\BearShare_setup.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\iMesh_setup.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\Installhelper.dll a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\SetupDataMngr_iMesh.exe Win32/Toolbar.SearchSuite potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\mia1\InstallHelper.dll a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\oi_ohZ16498iE\Setup_FreeBurner.exe Win32/Toolbar.Widgi potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0035af a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1JR4OM3\brand_files[1].7zip a variant of Win32/Toolbar.Visicom.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\BearShare_setup.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\2449153_Setup.DAT a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\2472583_Setup.DAT a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\6373692_Setup.DAT a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\MyBabylonTB.exe Win32/Toolbar.Babylon potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}\BRAND_FILES\5C2678F3\65F2D705\InstallHelper.dll a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}\BRAND_FILES\C54DC6FB\E2C169D5\SetupDataMngr_BearShare.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Desktop\disk-defrag-setup[2].exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\WPatcherP5575987.zip Win32/HackHosts.AC potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\wufinstall.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)\Cracks for x64 + x86\ALL WORKING ACTIVATORS\7Loader by Hazar 1.5 (Old one, but still works)\7Loader v1.5.exe a variant of MSIL/HackTool.WinActivator.A potentially unsafe application
J:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)\Cracks for x64 + x86\ALL WORKING ACTIVATORS\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe Win32/HackTool.WinActivator.I potentially unsafe application
J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 24.zip a variant of Win32/InstallCore.D potentially unwanted application
J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 25.zip Win32/SoftonicDownloader.D potentially unwanted application
J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 28.zip a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted application
J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 44.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 45.zip Win32/MagicalJellyBean.A potentially unsafe application
 

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted 

C:\old documents\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted applicationC:\old documents\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted applicationC:\old documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted applicationC:\old documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted applicationC:\old documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted applicationC:\old documents\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\old documents\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted applicationC:\old documents\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\old documents\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Program Files\EaseUS\Todo Backup\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe applicationC:\Program Files\EaseUS\Todo Backup\BUILDPE\EaseUS\tb\bin\PxeServer.dll a variant of Win32/TFTPD32.A potentially unsafe applicationC:\Program Files\Family Tree Maker 2014\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe applicationC:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20CY1X52\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ACXK6S66\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Users\Admin\AppData\Local\Temp\a2da7Rm9hL\y264DCsK\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Users\Admin\AppData\Local\Temp\a2I9tk8zAL\KZkFBPQj\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Users\Admin\AppData\Local\Temp\mia1\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Users\Admin\AppData\Local\Temp\mia1DDC.tmp\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Users\Kated\Downloads\SmartDriverUpdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AH applicationC:\Users\Kated\Downloads\tb_free.exe a variant of Win32/TFTPD32.A potentially unsafe applicationC:\Windows\System32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\20CY1X52\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2QKJ3B1L\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ACXK6S66\AdwCleaner%20Setup[1].exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\a2da7Rm9hL\y264DCsK\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\a2I9tk8zAL\KZkFBPQj\Setup.exe a variant of Win32/DownloadAssistant.A potentially unwanted applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\mia1\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Windows.old\Documents and Settings\Admin\AppData\Local\Temp\mia1DDC.tmp\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Windows.old\Documents and Settings\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\Documents and Settings\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\Documents and Settings\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\Documents and Settings\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Windows.old\Documents and Settings\Kated\Downloads\SmartDriverUpdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AH applicationC:\Windows.old\Documents and Settings\Kated\Downloads\tb_free.exe a variant of Win32/TFTPD32.A potentially unsafe applicationC:\Windows.old\Program Files\Family Tree Maker 2014\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\awatch.exe a variant of Win32/AdapterWatch.A potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\bulletspassview.exe a variant of Win32/PSWTool.BulletsPassView.C potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\chromepass.exe Win32/PSWTool.ChromePass.A potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\outlookaddressbookview.exe a variant of Win32/OutlookAddressBookView.A potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\passwordscan.exe Win32/PSWTool.WebBrowserPassView.C potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\produkey.exe a variant of Win32/PSWTool.ProductKey.C potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\routerpassview.exe a variant of Win32/PSWTool.RouterPassView.B potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\skypelogview.exe a variant of Win32/SkypeLogView.A potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\smsniff.exe a variant of Win32/Sniffer.SniffPass.B potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\vncpassview.exe Win32/PSWTool.VNCPassView.A potentially unsafe applicationC:\Windows.old\Program Files\nirsoft_package_1.18.30\NirSoft\x64\wirelesskeyview.exe a variant of Win64/WirelessKeyView.B potentially unsafe applicationC:\Windows.old\ProgramData\Application Data\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\ProgramData\Application Data\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\ProgramData\Application Data\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\ProgramData\Application Data\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Windows.old\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Windows.old\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-k.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-r.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\{21c2e5a7-1a4a-4181-b493-a02c5d6a043a}Gt.sys-u.mbam a variant of Win32/NetFilter.A potentially unsafe applicationC:\Windows.old\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res a variant of Win32/HiddenStart.A potentially unsafe applicationC:\Windows.old\Users\Kathy and Ted Admin\Downloads\disk-defrag-setup.exe a variant of Win32/Toolbar.Widgi.N potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationC:\Windows.old\Users\Teka\Downloads\driverupdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AH applicationC:\Windows.old\Users\Teka\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationC:\Windows.old\Users\Teka\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe applicationC:\Windows.old\Users\Teka\Downloads\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe applicationC:\Windows.old\Users\Teka\Downloads\wufinstall.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationC:\Windows.old\Users\Teka\Downloads\Virus_Removal_Tool\Virus_Removal_Tool\Batch Files\Process.exe Win32/PrcView potentially unsafe applicationC:\Windows.old\Users\Teka\Downloads\Virus_Removal_Tool\Virus_Removal_Tool\Batch_Files\Process.exe Win32/PrcView potentially unsafe applicationD:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$R4GJJ6A.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$R6WU406.exe Win32/OpenCandy potentially unsafe applicationD:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RAQZT55.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RF9FRJ3.exe a variant of Win32/BSDownloader potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RJN7WXR.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RRKNNNK.exe Win32/Toolbar.Conduit.Y potentially unwanted applicationD:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001\$RTABBMW.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\C\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\C\Local Disk\Program Files\blekkotb\blekkoDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\C\Local Disk\Program Files\blekkotb\blekkotb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\C\Local Disk\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\C\Local Disk\Program Files\PriceGong\2.5.0\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationD:\C\Local Disk\Program Files\PriceGong\2.5.0\FF\components\PriceGongFF.dll a variant of Win32/PriceGong.A potentially unwanted applicationD:\C\Local Disk\Program Files\SIW\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe applicationD:\C\Local Disk\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationD:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\C\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationD:\C\Local Disk\Users\Adnim 2011\Downloads\wufinstall.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationD:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Profile 3\Cache\f_0011bf a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\C\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\C\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\C\Program Files\blekkotb\blekkoDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\C\Program Files\blekkotb\blekkotb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\C\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\C\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted applicationD:\Documents\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted applicationD:\Documents\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted applicationD:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted applicationD:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted applicationD:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted applicationD:\Documents\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationD:\Documents\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted applicationD:\Documents\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\Documents\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\Documents\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationD:\Documents\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationD:\Documents\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted applicationD:\Documents\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted applicationD:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted applicationD:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationD:\Documents\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationD:\Documents\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationD:\Documents\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\Local Disk\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\Local Disk\Program Files\blekkotb\blekkoDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\Local Disk\Program Files\blekkotb\blekkotb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\Local Disk\Program Files\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\Local Disk\Program Files\PriceGong\2.5.0\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationD:\Local Disk\Program Files\PriceGong\2.5.0\FF\components\PriceGongFF.dll a variant of Win32/PriceGong.A potentially unwanted applicationD:\Local Disk\Program Files\SIW\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe applicationD:\Local Disk\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationD:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted applicationD:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationD:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\Local Disk\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationD:\Local Disk\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted applicationD:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003c6 a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationD:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0004e0 a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\is1598539481\blekkoTb_1.0.0.12.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationD:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\RarSFX0\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationD:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\RarSFX0\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationD:\Local Disk\Users\Adnim 2011\AppData\Local\Temp\RarSFX0\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationD:\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationD:\Local Disk\Users\Adnim 2011\AppData\Roaming\OpenCandy\0568706DFCE84E969156D038E1811666\AVG923_p1v3.exe a variant of Win32/OpenCandy.A potentially unsafe applicationD:\Local Disk\Users\Adnim 2011\AppData\Roaming\OpenCandy\0568706DFCE84E969156D038E1811666\OCBrowserHelper_1.0.3.85.dll a variant of Win32/OpenCandy.A potentially unsafe applicationD:\Local Disk\Users\archieve email progs\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationD:\Local Disk\Users\archieve email progs\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.0\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationD:\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen backup Nov 2014\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\Karen backup Nov 2014\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\Karen backup Nov 2014\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\Karen backup Nov 2014\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\Karen backup Nov 2014\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\Karen backup Nov 2014\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationJ:\Karen backup Nov 2014\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted applicationJ:\Karen backup Nov 2014\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen backup Nov 2014\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen backup Nov 2014\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen backup Nov 2014\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen backup Nov 2014\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted applicationJ:\Karen backup Nov 2014\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted applicationJ:\Karen backup Nov 2014\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted applicationJ:\Karen backup Nov 2014\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationJ:\Karen backup Nov 2014\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationJ:\Karen backup Nov 2014\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen backup Nov 2014\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe applicationJ:\karen doc replication\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\karen doc replication\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\karen doc replication\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\karen doc replication\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\karen doc replication\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe Win32/DownloadAdmin.G potentially unwanted applicationJ:\karen doc replication\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationJ:\karen doc replication\gvsetup.exe a variant of Win32/Toolbar.Conduit.J potentially unwanted applicationJ:\karen doc replication\PandoraRecovery2.1.1Setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\karen doc replication\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\karen doc replication\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\karen doc replication\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\karen doc replication\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe a variant of Win32/BSDownloader potentially unwanted applicationJ:\karen doc replication\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted applicationJ:\karen doc replication\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe a variant of Win32/CNETInstaller.B potentially unwanted applicationJ:\karen doc replication\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationJ:\karen doc replication\Downloads\ccsetup407.exe Win32/Bundled.Toolbar.Google.D potentially unsafe applicationJ:\karen doc replication\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\karen doc replication\Downloads\KeyFinderInstaller.exe Win32/OpenCandy potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\$RECYCLE.BIN\S-1-5-21-3429899735-1859134748-1137319262-1001\$RJIK8P9.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\$RECYCLE.BIN\S-1-5-21-3429899735-1859134748-1137319262-1001\$RKD3I5V.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Program Files\AskBarDis\bar\bin\askBar.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Program Files\AskBarDis\bar\bin\askPopStp.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\del_DM_DLL_91.dll Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\del_DM_EXE_3.dll a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\del_IEBHO_1.dll Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\PriceGong\2.5.0\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\PriceGong\2.5.0\FF\components\PriceGongFF.dll a variant of Win32/PriceGong.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SDULauncher.exe a variant of Win32/Adware.SpeedingUpMyPC.AN applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SDUSchedule.exe a variant of Win32/Adware.SpeedingUpMyPC.AL applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SDUSmartScan.exe a variant of Win32/Adware.SpeedingUpMyPC.C applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Smart PC Solutions\Smart Driver Updater\SmartDriverUpdater.exe a variant of Win32/Adware.SpeedingUpMyPC.AM applicationJ:\Karen replicator copy  drive C\drive c\Program Files\uTorrentBar\tbuTor.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite.AC potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\dtUser.exe a variant of Win32/Toolbar.Visicom.C potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipband.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Program Files\Windows jZip Toolbar\Datamngr\ToolBar\jzipdtx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\ProgramData\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}\BearShare_V10_en_Setup.res a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\iMesh_V11_en_Setup.res a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C92B6398\D48124DA\InstallHelper.dll a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Babylon\Setup\Setup.exe a variant of Win32/Toolbar.Babylon.H potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0002d9 a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003c6 a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\ApnIC[2].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\brand_files[1].7zip a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUOQDVVW\brand_files[2].7zip Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\BearShare_setup.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\iMesh_setup.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\Installhelper.dll a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\SetupDataMngr_iMesh.exe Win32/Toolbar.SearchSuite potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\SRAssetsHelper.dll a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\mia1\InstallHelper.dll a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\Local\Temp\oi_ohZ16498iE\Setup_FreeBurner.exe Win32/Toolbar.Widgi potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2\tbIncr.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\BearShareV10 (1).exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\ButterScotch_Integration.exe Win32/Toolbar.Conduit.Y potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Adnim 2011\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0035af a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1JR4OM3\brand_files[1].7zip a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\BearShare_setup.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\2449153_Setup.DAT a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\2472583_Setup.DAT a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\6373692_Setup.DAT a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\Temp\is1598539481\MyBabylonTB.exe Win32/Toolbar.Babylon potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}\BRAND_FILES\5C2678F3\65F2D705\InstallHelper.dll a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\Local\{0B944FF9-D61F-4D53-99D1-CBD889A971D0}\BRAND_FILES\C54DC6FB\E2C169D5\SetupDataMngr_BearShare.exe a variant of Win32/Toolbar.Visicom.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Desktop\disk-defrag-setup[2].exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\BearShareV10.exe a variant of Win32/Toolbar.SearchSuite.Z potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\iMeshV11.exe a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\WPatcherP5575987.zip Win32/HackHosts.AC potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\wufinstall.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)\Cracks for x64 + x86\ALL WORKING ACTIVATORS\7Loader by Hazar 1.5 (Old one, but still works)\7Loader v1.5.exe a variant of MSIL/HackTool.WinActivator.A potentially unsafe applicationJ:\Karen replicator copy  drive C\drive c\Users\Kathy and Ted\Downloads\Microsoft Windows 7 Ultimate Retail(Final) x86 (32 bit) and x64 (64 bit)\Cracks for x64 + x86\ALL WORKING ACTIVATORS\Windows 7 Loader 1.6.9 by Daz\Windows 7 Loader.exe Win32/HackTool.WinActivator.I potentially unsafe application

These filese aren´t malware but contain security risks. I´d delete them immediately - your choice.

Stop using/saving cracks!

J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 24.zip a variant of Win32/InstallCore.D potentially unwanted applicationJ:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 25.zip Win32/SoftonicDownloader.D potentially unwanted applicationJ:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 28.zip a variant of Win32/Toolbar.SearchSuite.AD potentially unwanted applicationJ:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 44.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe applicationJ:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624\Backup files 45.zip Win32/MagicalJellyBean.A potentially unsafe application

Thse backup sets contain security risks. Delete them and create a new set when we´re done.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites
Teka

Teka

Posted
  • Author
Posted

Thanks for your further help

 

I have deleted directory with many of the risky files. Do you have any suggestions for quickly deleting the rest?

 

I had to download on any PC and use memory stick to run the programs

 

Here is the Adware report

# AdwCleaner v4.208 - Logfile created 15/07/2015 at 20:11:36
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [server]
# Operating system : Windows Vista Home Premium Service Pack 2 (x86)
# Username : Admin - PACKARDBELL
# Running from : K:\downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : swdumon

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\slimware utilities inc
Folder Deleted : C:\ProgramData\{790a2198-ed2d-202d-790a-a2198ed28663}
Folder Deleted : C:\Users\Admin\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Admin\AppData\Local\slimware utilities inc
Folder Deleted : C:\Users\Admin\AppData\Local\27251C00-1426594686-0720-0821-184414000000
Folder Deleted : C:\Users\Admin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Folder Deleted : C:\Users\Kated\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
File Deleted : C:\Windows\system32\drivers\swdumon.sys
File Deleted : C:\Users\Kated\AppData\Roaming\CZXHWFK
File Deleted : C:\Users\Kated\AppData\Roaming\NIHLTJT
File Deleted : C:\Users\Kated\AppData\Roaming\RGJL
File Deleted : C:\Users\Kated\AppData\Roaming\TIYRASLF

***** [ Scheduled tasks ] *****

Task Deleted : CZXHWFK
Task Deleted : NIHLTJT
Task Deleted : RGJL
Task Deleted : TIYRASLF

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Deleted : HKCU\Software\Kromtech
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\AIM Toolbar
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16669


-\\ Google Chrome v41.0.2272.101

[C:\Users\Kated\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\Kated\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?gct=hp
[C:\Users\Kated\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}",
"usage_count": 0
}
},
"extensions": {
"settings": {
"aaaaaiabcopkplhgaedhbloeejhhankf": {
"ack_prompt_count": 2,
"active_permissions": {
"api": [ "homepage", "management", "nativeMessaging", "searchProvider", "startupPages", "storage", "tabs", "webRequest", "webRequestBlocking" ],
"explicit_host": [ "hxxp://*/*", "hxxps://*/*" ],
"manifest_permissions": [ ],
"scriptable_host": [ "*://*.ask.com/

*************************

AdwCleaner[R2].txt - [3910 bytes] - [15/07/2015 20:07:33]
AdwCleaner[s2].txt - [3451 bytes] - [15/07/2015 20:11:36]

########## EOF - \AdwCleaner\AdwCleaner[s2].txt - [3510 bytes] ##########

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Here is JRT report

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows Vista Home Premium x86
Ran by Admin on 16/07/2015 at 14:38:39.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6667031D-9206-43EB-8E03-6062C09F67E8}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6667031d-9206-43eb-8e03-6062c09f67e8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6667031d-9206-43eb-8e03-6062c09f67e8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Admin\appdata\local\downloaded installers
Successfully deleted: [Folder] C:\Users\Admin\appdata\locallow\company
Successfully deleted: [Folder] C:\users\public\documents\downloaded installers
Successfully deleted: [Folder] C:\ProgramData\12541929720226260669



~~~ Chrome


[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Admin\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/07/2015 at 14:43:39.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Here is security check report

 

 Results of screen317's Security Check version 1.005 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
avast! Antivirus  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 Spybot - Search & Destroy
 SUPERAntiSpyware    
 Secunia PSI (3.0.0.10004)  
 CCleaner    
 Java 8 Update 45 
 Adobe Reader 10.1.14 Adobe Reader out of Date! 
 Google Chrome 41.0.2272.101 Google Chrome out of date! 
````````Process Check: objlist.exe by Laurent```````` 
 WinPatrol winpatrol.exe
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Exploit mbae.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast AvastUI.exe 
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast avBugReport.exe 
 WinPatrol WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

Link to post
Share on other sites
Teka

Teka

Posted
  • Author
Posted

Hi

 

thanks again for your continuing help

 

I have deleted

 

c:\old documents

 

c:\users\admin\appdata\local\microsoft\windows\ temporary internet files

 

c:\users\admin\appdata\local\temp

 

J:\Karen replicator copy drive

 

 

 

 

I'm away on holiday tomorrow so please can we continue when I return in 12 days time

Link to post
Share on other sites
Psychotic

Psychotic

Posted
Posted

Delete C:\windows.old manually.

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

     

     

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

 

  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Also update your chrome browser!

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:
 

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.



Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.
  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

 

 

 

fixlist.txt

Link to post
Share on other sites
  • 2 weeks later...
Teka

Teka

Posted
  • Author
Posted

Hi Psychotic - I'm back from holiday

 

Thanks for the FRST fix - here is the log

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-07-2015
Ran by Kated at 2015-07-13 13:27:09 Run:1
Running from C:\Users\Kated\Desktop
Loaded Profiles: Kated (Available Profiles: Admin & Kated)
Boot Mode: Normal

==============================================

fixlist content:
*****************
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM - (No Name) - {6667031d-9206-43eb-8e03-6062c09f67e8} - No File
Toolbar: HKU\S-1-5-21-3202543499-4289128183-162094314-1000 -> No Name - {6667031D-9206-43EB-8E03-6062C09F67E8} - No File
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx [Not Found]
BHO: No Name -> {6667031d-9206-43eb-8e03-6062c09f67e8} -> No File

Task: {06263311-6B2D-42C2-9CE6-DB7F7C9B5805} - System32\Tasks\TIYRASLF => C:\Users\Kated\AppData\Roaming\TIYRASLF.exe <==== ATTENTION
Task: {1AEBADC2-412A-4E26-98D1-743EB486F624} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-7 No Task File <==== ATTENTION
Task: {1CFE34F7-EC69-40AD-89ED-B503E7243ADB} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-6 No Task File <==== ATTENTION
Task: {201E5F0D-A283-488F-B2EF-BE2498392FCD} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-1-7 No Task File <==== ATTENTION
Task: {280E57E9-7972-420E-9FB3-76F6D0C0069E} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-1-6 No Task File <==== ATTENTION
Task: {2D2C78A3-7393-46CB-A6B0-E051A24375A2} - System32\Tasks\NIHLTJT => C:\Users\Kated\AppData\Roaming\NIHLTJT.exe <==== ATTENTION
Task: {2E182A1D-9CC0-4CFE-B44B-38D19B6A54EE} - \TheBestDeals Update No Task File <==== ATTENTION
Task: {3232B46F-E568-4464-8096-C4F8B67EF5ED} - \Selection Tools Update No Task File <==== ATTENTION
Task: {453D3C0B-20BB-4862-889A-89C62F176F31} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-10_user No Task File <==== ATTENTION
Task: {4912157F-B5E7-4CBE-917E-FAAD925E3949} - System32\Tasks\BPLPTDUHWxp0wWn => C:\Users\Admin\AppData\Roaming\rVG5Pby\6y9HA9l.exe
Task: {4A419DC6-5178-492A-8537-97338E2A9FD1} - \ac57dff0-57f4-4b76-8736-05864f68c04d-5_user No Task File <==== ATTENTION
Task: {4D46BA77-B226-4991-B1C5-C0C3ABCD754E} - \ac57dff0-57f4-4b76-8736-05864f68c04d-10_user No Task File <==== ATTENTION
Task: {64A64FC3-4D9B-4051-8FA3-E59F4AC4B53F} - \041f00ab-33dc-42ac-aadd-7f85fa988a70-5 No Task File <==== ATTENTION
Task: {67956809-5260-40BD-BC6C-21BA9D30EA8B} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {845CD4A8-D741-4B69-AFE4-78A354BA4F18} - \ac57dff0-57f4-4b76-8736-05864f68c04d-5 No Task File <==== ATTENTION
Task: {97432605-37B6-4E19-81B1-5A6541AD712F} - \ac57dff0-57f4-4b76-8736-05864f68c04d-1-7 No Task File <==== ATTENTION
Task: {9C870D54-D502-4912-AAB5-66D9FBF6621C} - \gtaUpt No Task File <==== ATTENTION
Task: {A158805F-7DDA-425C-8C4E-B804D16906A6} - System32\Tasks\RGJL => C:\Users\Kated\AppData\Roaming\RGJL.exe <==== ATTENTION
Task: {AEDF6C91-0818-4582-B490-901C36180AF1} - \ac57dff0-57f4-4b76-8736-05864f68c04d-1-6 No Task File <==== ATTENTION
Task: {BF1B9475-E79E-4564-AF40-47C83962A867} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5_user No Task File <==== ATTENTIONk
Task: {D33B2653-A12D-4828-B6BA-B43BE9611DE9} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5 No Task File <==== ATTENTION
Task: {DE0C5DD4-6645-4A25-B07C-E9793AE2237C} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-6 No Task File <==== ATTENTION
Task: {ECEFC2FB-5406-4E79-B251-0BF24619861B} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5 No Task File <==== ATTENTION
Task: {F74F0BF2-5302-4D21-9B86-31C64E4F5194} - \6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5_user No Task File <==== ATTENTION
Task: {F8C436D2-9588-4194-907D-90D2C3FCC436} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-7 No Task File <==== ATTENTION
Task: {F97887BD-B150-44EF-9061-14392A39424E} - \01b9e87c-2679-4ac5-acf8-11f78b8a2d24-10_user No Task File <==== ATTENTION
Task: {FA727CFC-6E7D-49F3-9978-8BBBE86BCC2A} - System32\Tasks\CZXHWFK => C:\Users\Kated\AppData\Roaming\CZXHWFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\CZXHWFK.job => C:\Users\Kated\AppData\Roaming\CZXHWFK.exe <==== ATTENTION
Task: C:\Windows\Tasks\NIHLTJT.job => C:\Users\Kated\AppData\Roaming\NIHLTJT.exe <==== ATTENTION
Task: C:\Windows\Tasks\RGJL.job => C:\Users\Kated\AppData\Roaming\RGJL.exe <==== ATTENTION
Task: C:\Windows\Tasks\TIYRASLF.job => C:\Users\Kated\AppData\Roaming\TIYRASLF.exe <==== ATTENTION
FirewallRules: [{2A15D44E-C3F3-47F3-84E3-BB16A1F4B5AF}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{0F75DE81-5F8A-41EC-82DA-67DA307F47B1}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{8DB95175-EEBE-4CAF-9978-EEF9EF9ED0DA}] => (Allow) C:\Program Files\Dll-Files.com Fixer\DLLFixer.exe

2015-03-30 17:14 - 2015-03-30 17:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Kated\AppData\Roaming\TIYRASLF.exe
C:\Users\Kated\AppData\Roaming\RGJL.exe
C:\Users\Kated\AppData\Roaming\NIHLTJT.exe
C:\Users\Kated\AppData\Roaming\CZXHWFK.exe
C:\Users\Admin\AppData\Roaming\rVG5Pby

EmptyTemp:
Hosts:
*****************

hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => Error setting value.

"C:\Windows\system32\GroupPolicy\Machine" folder move:

Could not move "C:\Windows\system32\GroupPolicy\Machine" folder => Scheduled to move on reboot.

Could not move "C:\Windows\system32\GroupPolicy\GPT.ini" => Scheduled to move on reboot.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{6667031d-9206-43eb-8e03-6062c09f67e8} => value could not remove.
HKU\S-1-5-21-3202543499-4289128183-162094314-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6667031D-9206-43EB-8E03-6062C09F67E8} => value not found.
HKCR\CLSID\{6667031D-9206-43EB-8E03-6062C09F67E8} => key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6667031d-9206-43eb-8e03-6062c09f67e8} => key could not remove. Access Denied.
HKCR\CLSID\{6667031d-9206-43eb-8e03-6062c09f67e8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06263311-6B2D-42C2-9CE6-DB7F7C9B5805} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\TIYRASLF not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TIYRASLF => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AEBADC2-412A-4E26-98D1-743EB486F624} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CFE34F7-EC69-40AD-89ED-B503E7243ADB} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{201E5F0D-A283-488F-B2EF-BE2498392FCD} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{280E57E9-7972-420E-9FB3-76F6D0C0069E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2C78A3-7393-46CB-A6B0-E051A24375A2} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\NIHLTJT not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NIHLTJT => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E182A1D-9CC0-4CFE-B44B-38D19B6A54EE} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TheBestDeals Update => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3232B46F-E568-4464-8096-C4F8B67EF5ED} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Selection Tools Update => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{453D3C0B-20BB-4862-889A-89C62F176F31} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-10_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4912157F-B5E7-4CBE-917E-FAAD925E3949} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\BPLPTDUHWxp0wWn not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BPLPTDUHWxp0wWn => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A419DC6-5178-492A-8537-97338E2A9FD1} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-5_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D46BA77-B226-4991-B1C5-C0C3ABCD754E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-10_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64A64FC3-4D9B-4051-8FA3-E59F4AC4B53F} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\041f00ab-33dc-42ac-aadd-7f85fa988a70-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{67956809-5260-40BD-BC6C-21BA9D30EA8B} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{845CD4A8-D741-4B69-AFE4-78A354BA4F18} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97432605-37B6-4E19-81B1-5A6541AD712F} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C870D54-D502-4912-AAB5-66D9FBF6621C} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtaUpt => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A158805F-7DDA-425C-8C4E-B804D16906A6} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\RGJL not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RGJL => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEDF6C91-0818-4582-B490-901C36180AF1} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ac57dff0-57f4-4b76-8736-05864f68c04d-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF1B9475-E79E-4564-AF40-47C83962A867} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D33B2653-A12D-4828-B6BA-B43BE9611DE9} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE0C5DD4-6645-4A25-B07C-E9793AE2237C} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-1-6 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECEFC2FB-5406-4E79-B251-0BF24619861B} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F74F0BF2-5302-4D21-9B86-31C64E4F5194} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6bfdeade-f9bb-49f5-b932-80cb3f840d8c-5_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8C436D2-9588-4194-907D-90D2C3FCC436} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-1-7 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F97887BD-B150-44EF-9061-14392A39424E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\01b9e87c-2679-4ac5-acf8-11f78b8a2d24-10_user => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA727CFC-6E7D-49F3-9978-8BBBE86BCC2A} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\CZXHWFK not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CZXHWFK => key could not remove. Access Denied.
Could not move "C:\Windows\Tasks\CZXHWFK.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\NIHLTJT.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\RGJL.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\TIYRASLF.job" => Scheduled to move on reboot.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A15D44E-C3F3-47F3-84E3-BB16A1F4B5AF} => value could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F75DE81-5F8A-41EC-82DA-67DA307F47B1} => value could not remove.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8DB95175-EEBE-4CAF-9978-EEF9EF9ED0DA} => value could not remove.
C:\ProgramData\DP45977C.lfl => moved successfully.
"C:\Users\Kated\AppData\Roaming\TIYRASLF.exe" => File/Folder not found.
"C:\Users\Kated\AppData\Roaming\RGJL.exe" => File/Folder not found.
"C:\Users\Kated\AppData\Roaming\NIHLTJT.exe" => File/Folder not found.
"C:\Users\Kated\AppData\Roaming\CZXHWFK.exe" => File/Folder not found.

"C:\Users\Admin\AppData\Roaming\rVG5Pby" folder move:

Could not move "C:\Users\Admin\AppData\Roaming\rVG5Pby" folder => Scheduled to move on reboot.

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 1.9 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-17 16:55:17)<=

"C:\Windows\system32\GroupPolicy\Machine" => Could not move
"C:\Windows\system32\GroupPolicy\GPT.ini" => Could not move
C:\Windows\Tasks\CZXHWFK.job => is moved successfully
C:\Windows\Tasks\NIHLTJT.job => is moved successfully
C:\Windows\Tasks\RGJL.job => is moved successfully
C:\Windows\Tasks\TIYRASLF.job => is moved successfully
"C:\Users\Admin\AppData\Roaming\rVG5Pby" => Could not move

==== End of Fixlog 16:55:17 ====

 

--------------------------------------------------------------------------------------------------------------------------------------------------

 

Adobe reader update - now 10.1.15

 

Chrome updated now 43.0.2403.107m

 

Delfix run - ok

 

Restore points deleted and new created

 

Advice read and noted  - thanks

 

Windows live mail is not working - should I delete and reinstall or would you suggest something else?

Link to post
Share on other sites
Teka

Teka

Posted
  • Author
Posted

Thanks Psyhotic

 

Here is the log after running FRST as admin

 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
Ran by Admin (2015-08-04 20:25:31) Run:2
Running from C:\Users\Kated\Desktop
Loaded Profiles: Admin & Kated (Available Profiles: Admin & Kated)
Boot Mode: Normal

==============================================

fixlist content:
*****************
C:\Windows\System32\LavasoftTcpService.dll
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar
D:\C\Local Disk\Program Files\blekkotb
D:\C\Local Disk\Program Files\ConduitEngine
D:\C\Local Disk\Program Files\PriceGong
D:\C\Local Disk\Program Files\uTorrentBar
D:\C\Local Disk\Program Files\Windows jZip Toolbar
D:\C\Local Disk\Users\Adnim 2011\AppData\Local\Babylon
D:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2
D:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar
D:\C\Local Disk\Users\Adnim 2011\Downloads
D:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb
D:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Profile 3\Cache\f_0011bf
D:\C\Program Files\BearShare Applications\MediaBar
D:\C\Program Files\blekkotb
D:\C\Program Files\ConduitEngine
D:\C\Users\Adnim 2011\AppData\Local\Babylon
D:\Documents\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe
D:\Documents\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe
D:\Documents\ccsetup323.exe
D:\Documents\gvsetup.exe
D:\Documents\PandoraRecovery2.1.1Setup.exe
D:\Documents\SetupImgBurn_2.5.7.0.exe
D:\Documents\Downloads\BearShareV10 (1).exe
D:\Documents\Downloads\BearShareV10.exe
D:\Documents\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe
D:\Documents\Downloads\ButterScotch_Integration.exe
D:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe
D:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe
D:\Documents\Downloads\ccsetup407.exe
D:\Documents\Downloads\iMeshV11.exe
D:\Documents\Downloads\KeyFinderInstaller.exe
D:\Local Disk\Program Files\BearShare Applications\MediaBar
D:\Local Disk\Program Files\blekkotb
D:\Local Disk\Program Files\ConduitEngine
D:\Local Disk\Program Files\PriceGong
D:\Local Disk\Program Files\uTorrentBar
D:\Local Disk\Program Files\Windows jZip Toolbar
D:\Local Disk\Users\Adnim 2011\AppData\Local\Babylon
D:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003c6
D:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0004e0
D:\Local Disk\Users\Adnim 2011\AppData\Local\Temp
D:\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2
D:\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar
D:\Local Disk\Users\Adnim 2011\AppData\Roaming\OpenCandy
D:\Local Disk\Users\archieve email progs\AppData\LocalLow\IncrediMail_MediaBar_2
D:\Local Disk\Users\archieve email progs\AppData\LocalLow\uTorrentBar
D:\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb
J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624

EmptyTemp:
*****************

C:\Windows\System32\LavasoftTcpService.dll => moved successfully.
D:\$RECYCLE.BIN\S-1-5-21-2212704553-3800282899-2654397174-1001 => moved successfully.
D:\C\Local Disk\Program Files\BearShare Applications\MediaBar => moved successfully.
D:\C\Local Disk\Program Files\blekkotb => moved successfully.
D:\C\Local Disk\Program Files\ConduitEngine => moved successfully.
D:\C\Local Disk\Program Files\PriceGong => moved successfully.
D:\C\Local Disk\Program Files\uTorrentBar => moved successfully.
D:\C\Local Disk\Program Files\Windows jZip Toolbar => moved successfully.
D:\C\Local Disk\Users\Adnim 2011\AppData\Local\Babylon => moved successfully.
D:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2 => moved successfully.
D:\C\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar => moved successfully.
D:\C\Local Disk\Users\Adnim 2011\Downloads => moved successfully.
D:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb => moved successfully.
D:\C\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Profile 3\Cache\f_0011bf => moved successfully.
D:\C\Program Files\BearShare Applications\MediaBar => moved successfully.
D:\C\Program Files\blekkotb => moved successfully.
D:\C\Program Files\ConduitEngine => moved successfully.
D:\C\Users\Adnim 2011\AppData\Local\Babylon => moved successfully.
D:\Documents\cbsidlm-tr1_10a-Revo_Uninstaller-ORG-10687648.exe => moved successfully.
D:\Documents\cbsidlm-tr1_13-GSM_SIM_Utility-ORG-10396246.exe => moved successfully.
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (1).exe => moved successfully.
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850 (2).exe => moved successfully.
D:\Documents\cbsidlm-tr1_13-SimCardExplorer-ORG-10727850.exe => moved successfully.
D:\Documents\ccsetup323.exe => moved successfully.
D:\Documents\gvsetup.exe => moved successfully.
D:\Documents\PandoraRecovery2.1.1Setup.exe => moved successfully.
D:\Documents\SetupImgBurn_2.5.7.0.exe => moved successfully.
D:\Documents\Downloads\BearShareV10 (1).exe => moved successfully.
D:\Documents\Downloads\BearShareV10.exe => moved successfully.
D:\Documents\Downloads\Brothersoft_downloader_For_Data_Doctor_Recovery_SIM_Card.exe => moved successfully.
D:\Documents\Downloads\ButterScotch_Integration.exe => moved successfully.
D:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796 (1).exe => moved successfully.
D:\Documents\Downloads\cbsidlm-cbsi176-Pandora_Recovery-BP-10694796.exe => moved successfully.
D:\Documents\Downloads\ccsetup407.exe => moved successfully.
D:\Documents\Downloads\iMeshV11.exe => moved successfully.
D:\Documents\Downloads\KeyFinderInstaller.exe => moved successfully.
D:\Local Disk\Program Files\BearShare Applications\MediaBar => moved successfully.
D:\Local Disk\Program Files\blekkotb => moved successfully.
D:\Local Disk\Program Files\ConduitEngine => moved successfully.
D:\Local Disk\Program Files\PriceGong => moved successfully.
D:\Local Disk\Program Files\uTorrentBar => moved successfully.
D:\Local Disk\Program Files\Windows jZip Toolbar => moved successfully.
D:\Local Disk\Users\Adnim 2011\AppData\Local\Babylon => moved successfully.
D:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003c6 => moved successfully.
D:\Local Disk\Users\Adnim 2011\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0004e0 => moved successfully.
D:\Local Disk\Users\Adnim 2011\AppData\Local\Temp => moved successfully.
D:\Local Disk\Users\Adnim 2011\AppData\LocalLow\IncrediMail_MediaBar_2 => moved successfully.
D:\Local Disk\Users\Adnim 2011\AppData\LocalLow\uTorrentBar => moved successfully.
D:\Local Disk\Users\Adnim 2011\AppData\Roaming\OpenCandy => moved successfully.
D:\Local Disk\Users\archieve email progs\AppData\LocalLow\IncrediMail_MediaBar_2 => moved successfully.
D:\Local Disk\Users\archieve email progs\AppData\LocalLow\uTorrentBar => moved successfully.
D:\Local Disk\Users\Kathy and Ted\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0036cb => moved successfully.
J:\KATHYANDTEDPC\Backup Set 2012-07-26 131624\Backup Files 2012-07-26 131624 => moved successfully.
EmptyTemp: => 2.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:45:38 ====

Link to post
Share on other sites
  • 3 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.