Jump to content

smmaher1

Honorary Members
  • Posts

    54
  • Joined

  • Last visited

Reputation

0 Neutral
  1. What the virus/malware was has done some sort of damage to the OS. Does anyone have any ideas how to repair it. Maybe some of the other forum admins could take a look? It would be greatly appreciated. I have to keep this PC for the next few months until daughter can graduate.
  2. New scans you requested. Also after looking further in cntrol panel add/remove it seems only 22 items are showing and recently installed things are not there either. Addition.txt FRST.txt
  3. still acting strange. Lots of programs that should be in add/remove programs are just missing.
  4. Fixlog results and adwcleaner results Fixlog.txt AdwCleanerS0.txt
  5. Hi Thanks for your help. Requested logs are attached. MBAM Scan.txt Addition.txt FRST.txt
  6. Having alot of issues with Win8 pc. MBAM has detected and quarantined multiple things. Please help. Farbar scan Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Anita (administrator) on CHEETAH on 21-01-2015 17:55:56 Running from C:\AV Loaded Profiles: Anita (Available profiles: Anita) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (ClientConnect LTD) C:\Program Files (x86)\ScreenGlaze\ClientConnect.ScreenGlaze.Agent.exe () C:\Windows\System32\valWBFPolicyService.exe (MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe (MicroTools) C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5041200 2014-10-19] (AVAST Software) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKU\S-1-5-21-3572732792-1879118195-3801782386-1002\...\Run: [updateAdmin] => C:\Users\Anita\AppData\Local\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [HKLM] => http=127.0.0.1:55046;https=127.0.0.1:55046 ProxyServer: [HKLM-x32] => http=127.0.0.1:55046;https=127.0.0.1:55046 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-3572732792-1879118195-3801782386-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms} HKU\S-1-5-21-3572732792-1879118195-3801782386-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006 StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM -> {EE11F40A-4255-4650-A4FB-4737BE960AAD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKLM-x32 -> {EE11F40A-4255-4650-A4FB-4737BE960AAD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = SearchScopes: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms} SearchScopes: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002 -> {EE11F40A-4255-4650-A4FB-4737BE960AAD} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM - Yahoo Toolbar - {F64DE60D-5C0A-40C5-8828-FC19B112D70C} - C:\Program Files (x86)\TNT2\Profiles\11191\passport64.dll No File Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Yahoo Toolbar - {F64DE60D-5C0A-40C5-8828-FC19B112D70C} - C:\Program Files (x86)\TNT2\Profiles\11191\passport.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-19] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> trovi.search CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms} CHR Profile: C:\Users\Anita\AppData\Local\Google\Chrome\User Data\Default CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-19] CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-10-19] CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-19] (AVAST Software) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 ScreenGlazeAgent; C:\Program Files (x86)\ScreenGlaze\ClientConnect.ScreenGlaze.Agent.exe [39136 2015-01-07] (ClientConnect LTD) R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-01-21] (Enigma Software Group USA, LLC.) R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-08-18] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation) R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed] R2 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [2968696 2014-12-13] (MicroTools) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-19] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79696 2014-10-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-19] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-19] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-19] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427872 2014-10-19] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [108512 2014-10-19] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-19] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-21] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 17:55 - 2015-01-21 17:55 - 00000000 ____D () C:\FRST 2015-01-21 17:55 - 2015-01-21 17:55 - 00000000 ____D () C:\AV 2015-01-21 17:47 - 2015-01-21 17:47 - 00003324 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup 2015-01-21 17:47 - 2015-01-21 17:47 - 00001087 _____ () C:\Users\Anita\Desktop\SpyHunter.lnk 2015-01-21 17:47 - 2015-01-21 17:47 - 00000000 ____D () C:\Users\Anita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-01-21 17:47 - 2015-01-21 17:47 - 00000000 ____D () C:\Users\Anita\AppData\Roaming\Enigma Software Group 2015-01-21 17:47 - 2015-01-21 17:47 - 00000000 ____D () C:\sh4ldr 2015-01-21 17:47 - 2015-01-21 17:47 - 00000000 _____ () C:\autoexec.bat 2015-01-21 17:46 - 2015-01-21 17:46 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-01-21 17:45 - 2015-01-21 17:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Anita\Downloads\SpyHunter-Installer.exe 2015-01-21 17:45 - 2015-01-21 17:45 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-21 12:10 - 2015-01-21 12:10 - 00896048 _____ () C:\Users\Anita\Downloads\Norton_Removal_Tool.exe 2015-01-21 12:09 - 2015-01-21 12:09 - 00779704 _____ (Symantec) C:\Users\Anita\Downloads\Setup.exe 2015-01-21 09:28 - 2015-01-21 09:29 - 08741688 _____ (Symantec Corporation) C:\Users\Anita\Downloads\NRnR.exe 2015-01-21 08:31 - 2015-01-21 08:31 - 00001268 _____ () C:\Users\Anita\Desktop\Revo Uninstaller.lnk 2015-01-21 08:31 - 2015-01-21 08:31 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-21 08:20 - 2015-01-21 08:20 - 00000000 ____D () C:\ProgramData\dahebcdmmgkadfhdenjjpaagljhehpho 2015-01-21 08:11 - 2015-01-21 17:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-21 08:10 - 2015-01-21 08:10 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-01-21 08:10 - 2015-01-21 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-01-21 08:10 - 2015-01-21 08:10 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-21 08:10 - 2015-01-21 08:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-01-21 08:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-21 08:10 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-21 08:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-21 08:08 - 2015-01-21 08:09 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Anita\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-15 17:54 - 2014-12-10 23:51 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-15 17:53 - 2014-12-18 23:48 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-15 17:53 - 2014-12-06 00:53 - 00458240 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-01-15 17:53 - 2014-12-06 00:53 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe 2015-01-15 17:53 - 2014-12-06 00:52 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll 2015-01-15 17:53 - 2014-12-06 00:52 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-15 17:53 - 2014-12-06 00:52 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll 2015-01-15 17:53 - 2014-12-06 00:51 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2015-01-15 17:53 - 2014-12-06 00:51 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-01-15 17:53 - 2014-12-06 00:50 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-01-15 17:53 - 2014-12-05 23:10 - 00355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-01-15 17:53 - 2014-12-05 23:10 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe 2015-01-15 17:53 - 2014-12-05 23:09 - 00332800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll 2015-01-15 17:53 - 2014-12-05 23:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-15 17:52 - 2014-12-18 21:35 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-15 17:52 - 2014-12-11 00:35 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-15 17:24 - 2015-01-15 17:24 - 00000000 ____D () C:\ProgramData\ScreenGlaze 2015-01-15 17:24 - 2015-01-15 17:24 - 00000000 ____D () C:\Program Files (x86)\ScreenGlaze 2015-01-15 17:24 - 2015-01-15 17:24 - 00000000 _____ () C:\END 2015-01-15 17:24 - 2015-01-07 07:01 - 00656096 _____ (ClientConnect LTD) C:\Windows\system32\ScreenGlaze.scr 2015-01-15 17:20 - 2015-01-15 17:20 - 00000000 ____D () C:\Program Files (x86)\Software Update Services 2015-01-14 13:56 - 2015-01-14 13:56 - 00026457 ____H () C:\Users\Anita\Documents\~WRL0004.tmp 2015-01-14 13:38 - 2015-01-21 08:49 - 00000000 ____D () C:\ProgramData\dEEalster 2015-01-14 13:38 - 2015-01-21 08:20 - 00000000 ____D () C:\ProgramData\d9c5bbc5079de995 2015-01-14 13:37 - 2015-01-21 08:49 - 00000000 ____D () C:\ProgramData\ttopdeual 2015-01-02 09:27 - 2015-01-02 09:27 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-30 17:36 - 2014-10-08 21:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2014-12-30 17:36 - 2014-10-08 21:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2014-12-30 17:36 - 2014-10-08 21:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll 2014-12-30 17:36 - 2014-10-08 20:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll 2014-12-30 17:36 - 2014-10-08 20:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll 2014-12-30 17:30 - 2015-01-02 09:27 - 00000000 ____D () C:\Windows\system32\AutoUpdateLicense 2014-12-29 22:36 - 2014-12-09 00:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe 2014-12-29 22:36 - 2014-12-09 00:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-12-29 22:36 - 2014-10-21 20:34 - 00010777 _____ () C:\Windows\system32\AutoconfigV2.cab 2014-12-29 22:36 - 2014-10-21 18:08 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-12-29 22:36 - 2014-10-21 18:08 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-12-29 22:36 - 2014-10-21 18:01 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-12-29 22:36 - 2014-10-21 18:01 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2014-12-29 22:36 - 2014-10-21 18:01 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-12-29 22:36 - 2014-10-21 18:00 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2014-12-28 21:30 - 2014-12-28 21:30 - 00022528 _____ () C:\Users\Anita\AppData\Local\dsisetup7283751572.exe 2014-12-28 21:28 - 2014-12-28 21:28 - 00234679 _____ () C:\Users\Anita\AppData\Local\dsi1.dat 2014-12-28 21:19 - 2014-12-28 21:19 - 00000000 ____D () C:\ProgramData\15692154931553102229 2014-12-23 08:49 - 2014-11-21 01:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-23 08:49 - 2014-11-21 01:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-23 08:49 - 2014-11-21 01:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-23 08:49 - 2014-11-21 01:37 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-12-23 08:49 - 2014-11-21 01:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-23 08:49 - 2014-11-21 01:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-23 08:49 - 2014-11-21 01:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-23 08:49 - 2014-11-21 00:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-23 08:49 - 2014-11-21 00:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-23 08:49 - 2014-11-21 00:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-23 08:49 - 2014-11-21 00:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-23 08:49 - 2014-11-21 00:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-23 08:49 - 2014-11-21 00:17 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-23 08:49 - 2014-11-21 00:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-23 08:49 - 2014-11-21 00:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-23 08:49 - 2014-11-20 23:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-23 08:49 - 2014-11-20 21:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-12-23 08:48 - 2014-11-21 00:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-21 17:55 - 2013-01-31 20:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-21 17:47 - 2012-12-25 14:33 - 01222233 _____ () C:\Windows\WindowsUpdate.log 2015-01-21 17:40 - 2012-12-25 14:46 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3572732792-1879118195-3801782386-1002 2015-01-21 17:35 - 2013-10-28 15:18 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-21 17:29 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp 2015-01-21 17:19 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-21 17:18 - 2012-09-08 06:32 - 00000000 ____D () C:\ProgramData\Norton 2015-01-21 17:18 - 2012-08-03 15:23 - 00594354 _____ () C:\Windows\PFRO.log 2015-01-21 17:03 - 2013-10-28 15:18 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-21 17:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru 2015-01-21 12:13 - 2012-09-08 06:33 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared 2015-01-21 11:22 - 2014-11-21 15:09 - 00000000 ___HD () C:\$Windows.~BT 2015-01-21 11:07 - 2012-12-25 14:34 - 00000000 ____D () C:\Users\Anita\AppData\Local\Packages 2015-01-21 11:07 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2015-01-21 10:56 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2015-01-21 09:16 - 2012-12-25 23:00 - 00000000 ____D () C:\Users\Anita\AppData\Local\CrashDumps 2015-01-21 09:10 - 2014-12-10 11:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-21 09:10 - 2013-01-21 21:39 - 00000000 ____D () C:\Users\Anita\AppData\Roaming\Mozilla 2015-01-21 09:10 - 2013-01-21 21:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-21 08:55 - 2014-10-19 11:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-01-21 08:52 - 2014-12-15 10:13 - 00000000 ____D () C:\ProgramData\lcjoioisn 2015-01-21 08:52 - 2014-10-19 11:33 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2015-01-21 08:52 - 2012-07-25 22:26 - 01048576 ___SH () C:\Windows\system32\config\BBI 2015-01-21 08:50 - 2014-10-19 11:33 - 00000000 ____D () C:\Users\Anita\AppData\Roaming\FirefoxToolbar 2015-01-21 08:49 - 2014-12-15 10:12 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.14 2015-01-21 08:49 - 2014-10-22 17:45 - 00000000 ____D () C:\Program Files (x86)\OpenSoftwareUpdater 2015-01-21 08:09 - 2012-12-25 14:38 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0C17F58A-7D7D-4BC5-9A12-799215854515} 2015-01-21 08:08 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-17 16:18 - 2012-07-26 00:21 - 00043040 _____ () C:\Windows\setupact.log 2015-01-17 16:17 - 2013-04-18 18:39 - 00209408 ___SH () C:\Users\Anita\Documents\Thumbs.db 2015-01-17 16:15 - 2013-03-26 19:48 - 00299008 ___SH () C:\Users\Anita\Downloads\Thumbs.db 2015-01-15 19:08 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache 2015-01-15 19:04 - 2013-08-15 17:04 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-15 18:55 - 2013-01-04 20:52 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-15 17:22 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2015-01-15 17:20 - 2014-10-19 12:11 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services 2015-01-14 13:56 - 2013-01-31 20:02 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-06 11:28 - 2014-10-19 12:28 - 00000195 _____ () C:\Users\Anita\AppData\Roaming\WB.CFG 2015-01-05 16:28 - 2014-11-27 16:34 - 00714176 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-05 16:28 - 2014-11-27 16:34 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-30 17:38 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData 2014-12-30 17:30 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore 2014-12-28 21:30 - 2014-10-22 17:29 - 00000001 _____ () C:\Users\Anita\AppData\Local\DSI.DAT ==================== Files in the root of some directories ======= 2014-07-11 14:42 - 2014-07-11 14:42 - 0000000 _____ () C:\Program Files (x86)\GUT951E.tmp 2014-10-19 12:28 - 2015-01-06 11:28 - 0000195 _____ () C:\Users\Anita\AppData\Roaming\WB.CFG 2014-10-22 17:29 - 2014-12-28 21:30 - 0000001 _____ () C:\Users\Anita\AppData\Local\DSI.DAT 2014-12-28 21:28 - 2014-12-28 21:28 - 0234679 _____ () C:\Users\Anita\AppData\Local\dsi1.dat 2014-12-10 12:28 - 2014-12-10 12:28 - 0022528 _____ () C:\Users\Anita\AppData\Local\dsisetup13887202.exe 2014-12-28 21:30 - 2014-12-28 21:30 - 0022528 _____ () C:\Users\Anita\AppData\Local\dsisetup7283751572.exe 2014-10-19 12:11 - 2014-10-19 12:11 - 0612065 _____ (CMI Limited) C:\Users\Anita\AppData\Local\nsm1388.tmp 2014-10-19 12:30 - 2014-10-19 12:29 - 0627504 _____ (CMI Limited) C:\Users\Anita\AppData\Local\nszF771.tmp 2013-10-07 21:17 - 2013-10-07 21:17 - 0000057 _____ () C:\ProgramData\Ament.ini 2013-01-21 21:06 - 2013-03-19 19:26 - 0001342 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\Anita\AppData\Local\Temp\bbcgcabebeii.exe C:\Users\Anita\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp01qpra.dll C:\Users\Anita\AppData\Local\Temp\optprosetup.exe C:\Users\Anita\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-15 17:56 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015 Ran by Anita at 2015-01-21 17:56:37 Running from C:\AV Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Connect 9 Add-in (HKU\S-1-5-21-3572732792-1879118195-3801782386-1002\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated) HP Connected Music (Meridian - player) (HKU\S-1-5-21-3572732792-1879118195-3801782386-1002\...\HPConnectedMusic) (Version: 1.1 (build 96) hp - Meridian Audio Ltd) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3572732792-1879118195-3801782386-1002_Classes\CLSID\{F64DE60D-5C0A-40C5-8828-FC19B112D70C}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\11191\passport64.dll No File ==================== Restore Points ========================= 15-12-2014 22:23:08 Windows Update 20-12-2014 11:02:20 Windows Update 29-12-2014 22:27:24 Windows Update 05-01-2015 17:25:06 Windows Update 15-01-2015 17:54:19 Windows Update 21-01-2015 09:00:01 Revo Uninstaller's restore point - WinZip Driver Updater ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2014-10-22 17:51 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1A5FB379-8AD3-4C09-9CF4-5BEC23722A8D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {1C69B036-5BF7-41A7-967B-944C7042BA83} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {2DECACAD-9A2F-448E-907D-122BE9CAD975} - \PastaQuotes No Task File <==== ATTENTION Task: {308C5DA0-75D3-4C15-93BF-801F8EA152F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-28] (Google Inc.) Task: {3165E45C-D5D8-4D96-89AC-561BD3AFA0B9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe Task: {31E76862-5EF1-4BBF-A405-C39F4E109480} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {46346F59-BA2C-4927-ADC3-AC575FC3FC7F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe Task: {4AF70F2E-B04A-49FD-B120-CD7F011F1FA2} - System32\Tasks\UpdateAdmin => C:\Users\Anita\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2014-10-16] (DownloadAdmin) Task: {5060692C-0D3B-428C-88BF-1DA06B345306} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {59BF2166-60C1-46B5-A7D6-328C68367045} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {601AA8FD-6D91-4E1D-A282-018C6F7048A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {6B8B2CC2-06FF-425C-908B-B0D0BA5314C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {7ADAE756-D443-481D-87E2-9D5C7B3EDA2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company) Task: {87D9084A-B715-4529-B0F7-3415BD8A43A4} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {A1846041-8A40-4FCD-87C0-AEA2F021B02C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-19] (AVAST Software) Task: {A8C12B50-61A9-4FC1-B891-D761DDC150A6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-01-21] (Enigma Software Group USA, LLC.) Task: {B2CBEBA5-FE86-4E01-9F55-158D493745DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated) Task: {B390E94A-6315-4AA3-A9B0-3C585BA45397} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.) Task: {B7F37647-25A1-45A2-AA83-7062BA7F61CA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated) Task: {C76E7595-ECC0-441E-B6CE-D62BAEFB1CCF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-28] (Google Inc.) Task: {C80F3FAA-1713-4DF1-B84C-AEA04DE7EF6C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe Task: {CA3EDE9F-EE95-4787-A929-1078F121FE31} - \ASP No Task File <==== ATTENTION Task: {D3F04489-880E-4384-8198-D101CA1CA1E0} - System32\Tasks\{4073DEF4-06E6-4EDF-86E5-AEB1BBBF9EB4} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe" Task: {DDD1213B-F39A-4036-8963-E77630E8F6BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {F36903ED-B4D7-4B54-8C0E-121125FA50BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {FF6DF721-4BA3-46A2-975C-A1BA565658E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-08 10:36 - 2012-08-08 10:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-08-18 12:52 - 2012-08-18 12:52 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe 2012-08-10 01:36 - 2012-08-10 01:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe 2012-08-08 10:36 - 2012-08-08 10:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-08-08 10:22 - 2012-08-08 10:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2015-01-21 12:12 - 2015-01-21 12:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012101\algo.dll 2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-08-10 01:36 - 2012-08-10 01:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll 2014-10-19 11:30 - 2014-10-19 11:30 - 38950392 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2012-09-08 06:19 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-12-12 13:04 - 2014-12-05 18:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll 2014-12-12 13:03 - 2014-12-05 18:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll 2014-12-12 13:04 - 2014-12-05 18:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll 2014-12-12 13:03 - 2014-12-05 18:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run32: => "ConvertAd" ========================= Accounts: ========================== Administrator (S-1-5-21-3572732792-1879118195-3801782386-500 - Administrator - Disabled) Anita (S-1-5-21-3572732792-1879118195-3801782386-1002 - Administrator - Enabled) => C:\Users\Anita Guest (S-1-5-21-3572732792-1879118195-3801782386-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3572732792-1879118195-3801782386-1004 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= Name: Validity Sensors (WBF) (PID=0018) Description: Validity Sensors (WBF) (PID=0018) Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359} Manufacturer: Validity Sensors, Inc. Service: WUDFRd Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Officejet Pro 8500 A909n Description: Officejet Pro 8500 A909n Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8600 Description: Officejet Pro 8600 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8500 A909g Description: Officejet Pro 8500 A909g Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8600 Description: Officejet Pro 8600 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet 3600 Description: HP Color LaserJet 3600 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: Hewlett-Packard Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Officejet Pro 8610 Description: HP Officejet Pro 8610 Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} Manufacturer: HP Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Officejet Pro 8500 A909n Description: Officejet Pro 8500 A909n Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: HP Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2015 09:16:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: ccSvcHst.exe, version: 12.3.3.2, time stamp: 0x519ab0d3 Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4 Exception code: 0xc000070a Fault offset: 0x000b0dea Faulting process id: 0x18d0 Faulting application start time: 0xccSvcHst.exe0 Faulting application path: ccSvcHst.exe1 Faulting module path: ccSvcHst.exe2 Report Id: ccSvcHst.exe3 Faulting package full name: ccSvcHst.exe4 Faulting package-relative application ID: ccSvcHst.exe5 Error: (01/17/2015 03:57:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 29.0.1.5239, time stamp: 0x5369959a Faulting module name: smdmfldr.dll, version: 0.0.0.0, time stamp: 0x548e3a75 Exception code: 0xc0000005 Fault offset: 0x00002a65 Faulting process id: 0xe6c Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Faulting package full name: firefox.exe4 Faulting package-relative application ID: firefox.exe5 Error: (01/15/2015 06:56:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (01/15/2015 06:55:14 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (01/15/2015 06:08:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 29.0.1.5239, time stamp: 0x5369959a Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4 Exception code: 0xc0000005 Fault offset: 0x000584a7 Faulting process id: 0x1994 Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Faulting package full name: firefox.exe4 Faulting package-relative application ID: firefox.exe5 Error: (01/15/2015 05:54:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (01/15/2015 05:46:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: firefox.exe, version: 1.0.0.0, time stamp: 0x4bc06cda Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b485c4 Exception code: 0xc0000005 Fault offset: 0x000584a7 Faulting process id: 0x141c Faulting application start time: 0xfirefox.exe0 Faulting application path: firefox.exe1 Faulting module path: firefox.exe2 Report Id: firefox.exe3 Faulting package full name: firefox.exe4 Faulting package-relative application ID: firefox.exe5 Error: (01/15/2015 05:27:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hpasset.exe, version: 3.0.0.8, time stamp: 0x4f5fb07c Faulting module name: hpasset.exe, version: 3.0.0.8, time stamp: 0x4f5fb07c Exception code: 0xc0000005 Fault offset: 0x00021683 Faulting process id: 0x478 Faulting application start time: 0xhpasset.exe0 Faulting application path: hpasset.exe1 Faulting module path: hpasset.exe2 Report Id: hpasset.exe3 Faulting package full name: hpasset.exe4 Faulting package-relative application ID: hpasset.exe5 Error: (01/14/2015 01:20:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hpasset.exe, version: 3.0.0.8, time stamp: 0x4f5fb07c Faulting module name: hpasset.exe, version: 3.0.0.8, time stamp: 0x4f5fb07c Exception code: 0xc0000005 Fault offset: 0x00021683 Faulting process id: 0x19bc Faulting application start time: 0xhpasset.exe0 Faulting application path: hpasset.exe1 Faulting module path: hpasset.exe2 Report Id: hpasset.exe3 Faulting package full name: hpasset.exe4 Faulting package-relative application ID: hpasset.exe5 Error: (01/06/2015 00:01:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FlashPlayerPlugin_15_0_0_246.exe, version: 15.0.0.246, time stamp: 0x548108cd Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x7360467c Faulting process id: 0xe3c Faulting application start time: 0xFlashPlayerPlugin_15_0_0_246.exe0 Faulting application path: FlashPlayerPlugin_15_0_0_246.exe1 Faulting module path: FlashPlayerPlugin_15_0_0_246.exe2 Report Id: FlashPlayerPlugin_15_0_0_246.exe3 Faulting package full name: FlashPlayerPlugin_15_0_0_246.exe4 Faulting package-relative application ID: FlashPlayerPlugin_15_0_0_246.exe5 System errors: ============= Error: (01/21/2015 05:45:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/21/2015 05:45:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s). Error: (01/21/2015 05:18:42 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (01/21/2015 05:18:59 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:57:01 PM on ‎1/‎21/‎2015 was unexpected. Error: (01/21/2015 00:10:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (01/21/2015 10:56:46 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (01/21/2015 10:57:01 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 10:52:43 AM on ‎1/‎21/‎2015 was unexpected. Error: (01/21/2015 09:31:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. Error: (01/21/2015 09:28:16 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. Error: (01/21/2015 09:28:16 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. Microsoft Office Sessions: ========================= Error: (01/21/2015 09:16:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: ccSvcHst.exe12.3.3.2519ab0d3ntdll.dll6.2.9200.1704653b485c4c000070a000b0dea18d001d03592cb041140C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exeC:\Windows\SYSTEM32\ntdll.dllcf8ec37c-a188-11e4-beec-082e5f799a65 Error: (01/17/2015 03:57:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: firefox.exe29.0.1.52395369959asmdmfldr.dll0.0.0.0548e3a75c000000500002a65e6c01d032a8dfa131ddC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll3aebe5d5-9e9c-11e4-beea-082e5f799a65 Error: (01/15/2015 06:56:41 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\Users\Anita\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe Error: (01/15/2015 06:55:14 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\Users\Anita\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe Error: (01/15/2015 06:08:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: firefox.exe29.0.1.52395369959antdll.dll6.2.9200.1704653b485c4c0000005000584a7199401d03128eb677424C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\ntdll.dll2b221201-9d1c-11e4-bee8-082e5f799a65 Error: (01/15/2015 05:54:52 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\Users\Anita\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe Error: (01/15/2015 05:46:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: firefox.exe1.0.0.04bc06cdantdll.dll6.2.9200.1704653b485c4c0000005000584a7141c01d03125da576a63C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\ntdll.dll18d58c8f-9d19-11e4-bee6-082e5f799a65 Error: (01/15/2015 05:27:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: hpasset.exe3.0.0.84f5fb07chpasset.exe3.0.0.84f5fb07cc00000050002168347801d031233d07d614C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe7e16d7b0-9d16-11e4-bee6-082e5f799a65 Error: (01/14/2015 01:20:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: hpasset.exe3.0.0.84f5fb07chpasset.exe3.0.0.84f5fb07cc00000050002168319bc01d030378faf00e5C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exeC:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exed08e6789-9c2a-11e4-bee5-082e5f799a65 Error: (01/06/2015 00:01:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: FlashPlayerPlugin_15_0_0_246.exe15.0.0.246548108cdunknown0.0.0.000000000c00000057360467ce3c01d029e32254acd5C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exeunknown619f6535-95d6-11e4-bee5-082e5f799a65 ==================== Memory info =========================== Processor: AMD A10-4600M APU with Radeon HD Graphics Percentage of memory in use: 30% Total physical RAM: 7642.25 MB Available physical RAM: 5282.61 MB Total Pagefile: 8794.25 MB Available Pagefile: 6086.57 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:672.04 GB) (Free:598.29 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:25.83 GB) (Free:3.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ==================== End Of Log ============================
  7. Results of screen317's Security Check version 0.99.89 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 15.0.0.152 Adobe Reader 10.1.12 Adobe Reader out of Date! Google Chrome 37.0.2062.124 Google Chrome 38.0.2125.111 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log``````````````````````
  8. Seems to be running much better. Do you think we are done?
  9. TDSS did not find anything. Both logs below. 14:34:09.0268 0x0c54 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34 14:34:14.0851 0x0c54 ============================================================ 14:34:14.0851 0x0c54 Current date / time: 2014/11/02 14:34:14.0851 14:34:14.0851 0x0c54 SystemInfo: 14:34:14.0852 0x0c54 14:34:14.0852 0x0c54 OS Version: 6.1.7601 ServicePack: 1.0 14:34:14.0852 0x0c54 Product type: Workstation 14:34:14.0852 0x0c54 ComputerName: OUIDA-PC 14:34:14.0852 0x0c54 UserName: OUIDA 14:34:14.0852 0x0c54 Windows directory: C:\windows 14:34:14.0852 0x0c54 System windows directory: C:\windows 14:34:14.0852 0x0c54 Running under WOW64 14:34:14.0852 0x0c54 Processor architecture: Intel x64 14:34:14.0852 0x0c54 Number of processors: 2 14:34:14.0852 0x0c54 Page size: 0x1000 14:34:14.0852 0x0c54 Boot type: Normal boot 14:34:14.0852 0x0c54 ============================================================ 14:34:15.0493 0x0c54 KLMD registered as C:\windows\system32\drivers\50480046.sys 14:34:16.0498 0x0c54 System UUID: {0F533E6B-9920-0544-D146-3E50EBBE0574} 14:34:17.0626 0x0c54 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:34:17.0638 0x0c54 ============================================================ 14:34:17.0638 0x0c54 \Device\Harddisk0\DR0: 14:34:17.0643 0x0c54 MBR partitions: 14:34:17.0643 0x0c54 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2710000 14:34:17.0643 0x0c54 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2742800, BlocksNum 0x37C43030 14:34:17.0643 0x0c54 ============================================================ 14:34:17.0661 0x0c54 C: <-> \Device\Harddisk0\DR0\Partition2 14:34:17.0661 0x0c54 ============================================================ 14:34:17.0661 0x0c54 Initialize success 14:34:17.0661 0x0c54 ============================================================ 14:43:00.0570 0x1458 KLMD registered as C:\windows\system32\drivers\91894343.sys 14:43:01.0212 0x1458 Deinitialize success ComboFix 14-10-29.01 - OUIDA 11/02/2014 15:00:05.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3560.2127 [GMT -6:00] Running from: c:\users\OUIDA\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\273c3a302e5f292b_c c:\users\OUIDA\AppData\Local\common_functions.dll c:\users\OUIDA\AppData\Local\ie_runner_app.exe c:\users\OUIDA\AppData\Local\nsn9472.tmp . . ((((((((((((((((((((((((( Files Created from 2014-10-02 to 2014-11-02 ))))))))))))))))))))))))))))))) . . 2014-11-02 21:07 . 2014-11-02 21:07 -------- d-----w- c:\users\Guest\AppData\Local\temp 2014-11-02 21:07 . 2014-11-02 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-02 20:54 . 2014-11-02 20:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD5C4F67-5941-47A3-B340-E27C689D1E25}\offreg.dll 2014-11-02 03:48 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-11-02 03:47 . 2014-11-02 03:52 -------- d-----w- C:\AdwCleaner 2014-11-02 03:25 . 2014-11-02 03:57 -------- d-----w- c:\windows\ERUNT 2014-11-02 02:20 . 2014-11-02 02:20 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2014-11-02 02:20 . 2014-11-02 02:20 -------- d-----w- c:\programdata\RogueKiller 2014-11-02 00:00 . 2014-11-02 03:28 -------- d-----w- C:\FRST 2014-11-01 22:55 . 2014-11-01 22:55 -------- d-----w- c:\users\OUIDA\AppData\Local\VS Revo Group 2014-11-01 22:55 . 2014-11-01 22:55 -------- d-----w- c:\programdata\VS Revo Group 2014-11-01 22:55 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2014-11-01 22:55 . 2014-11-01 22:55 -------- d-----w- c:\program files\VS Revo Group 2014-11-01 22:39 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD5C4F67-5941-47A3-B340-E27C689D1E25}\mpengine.dll 2014-10-17 22:55 . 2014-11-02 20:45 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-10-17 22:55 . 2014-10-17 22:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-10-17 22:55 . 2014-10-17 22:55 -------- d-----w- c:\programdata\Malwarebytes 2014-10-17 22:55 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-10-17 22:55 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-10-17 22:55 . 2014-10-01 16:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-10-16 19:37 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll 2014-10-16 19:36 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll 2014-10-16 19:36 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-28 11:34 . 2010-11-21 03:27 275080 ------w- c:\windows\system32\MpSigStub.exe 2014-10-16 20:06 . 2012-11-01 08:15 103265616 ----a-w- c:\windows\system32\MRT.exe 2014-09-28 22:53 . 2012-10-25 08:47 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-28 22:53 . 2012-10-25 08:47 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-04 22:17 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-23 02:07 . 2014-09-04 22:34 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-09-04 22:34 311808 ----a-w- c:\windows\SysWow64\gdi32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-14 343168] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2014-09-04 40336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-03 43816] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SpUninstallDeleteDir"="rmdir" [X] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 0136871396797231mcinstcleanup;McAfee Application Installer Cleanup (0136871396797231);c:\windows\TEMP\013687~1.EXE;c:\windows\TEMP\013687~1.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\accelern.sys;c:\windows\SYSNATIVE\DRIVERS\accelern.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 37907851 *Deregistered* - 37907851 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-11-02 20:23 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 22:53] . 2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 04:01] . 2014-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15 04:01] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-08 1424896] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2012-10-25 7464448] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-09-10 206336] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-09-10 7168] . ------- Supplementary Scan ------- . uStart Page = www.google.com uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{2713b394-286f-4d7c-89ea-4174eeab9f5a} - (no file) URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) Toolbar-10 - (no file) SafeBoot-37907851.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-10 - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-11-02 15:10:13 ComboFix-quarantined-files.txt 2014-11-02 21:10 . Pre-Run: 438,737,203,200 bytes free Post-Run: 438,573,985,792 bytes free . - - End Of File - - 6AF094A9F6F0590A35FA0749D85BC2C5 A36C5E4F47E84449FF07ED3517B43A31
  10. Part 2 of logs AdwCleaner[R0].txt - [43953 octets] - [01/11/2014 22:47:54] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [44014 octets] ########## # AdwCleaner v3.311 - Report created 01/11/2014 at 22:51:23 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : OUIDA - OUIDA-PC # Running from : C:\Users\OUIDA\Desktop\New folder\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Systweak Folder Deleted : C:\ProgramData\apn Folder Deleted : C:\ProgramData\AskPartnerNetwork Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Conduit Folder Deleted : C:\ProgramData\Iminent Folder Deleted : C:\ProgramData\PCFixSpeed Folder Deleted : C:\ProgramData\Systweak Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot Folder Deleted : C:\Program Files (x86)\Advanced System Protector Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\OApps Folder Deleted : C:\Program Files (x86)\otshot Folder Deleted : C:\Program Files (x86)\PC Health Kit Folder Deleted : C:\Program Files (x86)\PC TEKNIX Folder Deleted : C:\Program Files (x86)\PCFixSpeed Folder Deleted : C:\Program Files (x86)\PCTechHotline Folder Deleted : C:\Program Files (x86)\RegClean Pro Folder Deleted : C:\Program Files (x86)\SweetIM Folder Deleted : C:\Program Files (x86)\ToggleMark Folder Deleted : C:\Program Files (x86)\tuguu sl Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella Folder Deleted : C:\Users\Guest\AppData\Local\AOL Toolbar Folder Deleted : C:\Users\Guest\AppData\LocalLow\AppGraffiti Folder Deleted : C:\Users\Guest\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Guest\AppData\LocalLow\iac Folder Deleted : C:\Users\Guest\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\Guest\AppData\LocalLow\RebateInformer Folder Deleted : C:\Users\Guest\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\OUIDA\AppData\Local\Conduit Folder Deleted : C:\Users\OUIDA\AppData\Local\DownloadTerms Folder Deleted : C:\Users\OUIDA\AppData\Local\iac Folder Deleted : C:\Users\OUIDA\AppData\Local\NativeMessaging Folder Deleted : C:\Users\OUIDA\AppData\Local\SwvUpdater Folder Deleted : C:\Users\OUIDA\AppData\Local\torch Folder Deleted : C:\Users\OUIDA\AppData\Local\visi_coupon Folder Deleted : C:\Users\OUIDA\AppData\Local\WhiteListing Folder Deleted : C:\Users\OUIDA\AppData\LocalLow\Conduit Folder Deleted : C:\Users\OUIDA\AppData\LocalLow\Delta Folder Deleted : C:\Users\OUIDA\AppData\LocalLow\iac Folder Deleted : C:\Users\OUIDA\AppData\LocalLow\visi_coupon Folder Deleted : C:\Users\OUIDA\AppData\Roaming\ap_logs Folder Deleted : C:\Users\OUIDA\AppData\Roaming\Babylon Folder Deleted : C:\Users\OUIDA\AppData\Roaming\Iminent Folder Deleted : C:\Users\OUIDA\AppData\Roaming\PC Health Kit Folder Deleted : C:\Users\OUIDA\AppData\Roaming\PC Tech Hotline Folder Deleted : C:\Users\OUIDA\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\OUIDA\AppData\Roaming\StatusWinks Folder Deleted : C:\Users\OUIDA\AppData\Roaming\Strongvault Folder Deleted : C:\Users\OUIDA\AppData\Roaming\Systweak Folder Deleted : C:\Users\OUIDA\AppData\Roaming\VOPackage Folder Deleted : C:\Users\OUIDA\Documents\Optimizer Pro Folder Deleted : C:\Users\OUIDA\Documents\PC Health Kit File Deleted : C:\END File Deleted : C:\windows\System32\roboot64.exe File Deleted : C:\Users\OUIDA\AppData\Roaming\aps.scan.quick.results File Deleted : C:\Users\OUIDA\AppData\Roaming\aps.scan.results File Deleted : C:\Users\OUIDA\AppData\Roaming\aps.uninstall.scan.results File Deleted : C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Deleted : C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** Task Deleted : RocketTab Update Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [specialSavings@SpecialSavings.com] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [specialSavings@SpecialSavings.com] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{63ADCAB1-34B5-ACCA-7D6B-F82DDF8E706A}] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ToggleMark_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ToggleMark_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateToggleMark_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateToggleMark_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilToggleMark_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilToggleMark_RASMANCS Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update ToggleMark Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util ToggleMark Key Deleted : HKCU\Software\5c55da8cbc3ab845 Key Deleted : HKLM\SOFTWARE\5c55da8cbc3ab845 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3284668 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287375 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297955 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B04A9E6A-C9C5-4A2F-ADF9-B69BAC127A14} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C990ECA-72D6-4E65-A35B-A08C1DF79E6E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5CCB33F-6C0A-418A-8AF1-10C35BBD579A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5BFAD3A-D783-4AD7-98AA-D8F082626F8D} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC65300A-DC43-4D86-B153-E59CF6E74216} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} Key Deleted : HKCU\Software\AnyProtect Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\BRS Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Optimizer Pro Key Deleted : HKCU\Software\Search Extensions Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\SocialBit Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\torch Key Deleted : HKCU\Software\Tutorials Key Deleted : HKCU\Software\AppDataLow\ToggleMark Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\firstsearch Key Deleted : HKLM\SOFTWARE\iLividSRTB Key Deleted : HKLM\SOFTWARE\InfoAtoms Key Deleted : HKLM\SOFTWARE\InstallCore Key Deleted : HKLM\SOFTWARE\PIP Key Deleted : HKLM\SOFTWARE\systweak Key Deleted : HKLM\SOFTWARE\torch Key Deleted : HKLM\SOFTWARE\Tutorials Key Deleted : HKLM\SOFTWARE\Uniblue Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF687AD3-80CD-431E-A50F-25DD8F9C96C3} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\3DA786FCDC08E1345AF052DDF8C9693C Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3DA786FCDC08E1345AF052DDF8C9693C Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D01B4BB24CCD043B69431CCABB1A34 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3 Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA786FCDC08E1345AF052DDF8C9693C Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v37.0.2062.124 [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : igdhbblpcellaljokkpfhcjlagemhgjl Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Deleted [search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN59659900867463073&ctid=CT3279414&UM=2&UP= Deleted [search Provider] : hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_adk3_14_29&cd=2XzuyEtN2Y1L1QzuyBzzyEyD0CyE0A0CtCtCyE0EzzyC0DyEtN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1T1Q1JtA1VtCyE1VtBzytN1L1G1B1V1N2Y1L1Qzu2SyCtAyCyBzyyEtAtCtGtCyD0F0FtGzytDtDyCtGyByD0A0FtGtD0AyCzyzy0AyD0F0FyDyDtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0DyBzztDyB0DyDtGyEtAyBtCtGyE0Fzy0CtG0ByE0E0EtGzy0D0EyEtAtByE0DtB0D0ByC2Q&cr=1446761629&ir= ************************* AdwCleaner[R0].txt - [44799 octets] - [01/11/2014 22:47:54] AdwCleaner[s0].txt - [44581 octets] - [01/11/2014 22:51:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [44642 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.5 (10.31.2014:1) OS: Windows 7 Home Premium x64 Ran by OUIDA on Sat 11/01/2014 at 22:57:44.35 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\paSkPlay_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\paSkPlay_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\paSkPlay_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67097627-FD8E-4F6B-AF4B-ECB65E50112E} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2713b394-286f-4d7c-89ea-4174eeab9f5a} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{2713b394-286f-4d7c-89ea-4174eeab9f5a} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67097627-fd8e-4f6b-af4b-ecb65e50112e} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{67097627-fd8e-4f6b-af4b-ecb65e50112e} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2713b394-286f-4d7c-89ea-4174eeab9f5a} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{2713b394-286f-4d7c-89ea-4174eeab9f5a} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67097627-fd8e-4f6b-af4b-ecb65e50112e} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{67097627-fd8e-4f6b-af4b-ecb65e50112e} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} ~~~ Files ~~~ Folders Failed to delete: [Folder] "C:\ProgramData\strongvault online backup" Successfully deleted: [Folder] "C:\Users\OUIDA\appdata\local\cre" Successfully deleted: [Folder] "C:\Users\OUIDA\appdata\local\strongvault online backup" Successfully deleted: [Folder] "C:\Users\OUIDA\appdata\locallow\yahoocouponaddon" Successfully deleted: [Folder] "C:\Program Files (x86)\searchpage" Successfully deleted: [Folder] "C:\ai_recyclebin" Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\OUIDA\appdata\local\{3915085D-58DD-4A59-BF87-20B916BA8D7B} Successfully deleted: [Empty Folder] C:\Users\OUIDA\appdata\local\{7D706E5B-3AED-4F18-AC78-F6428496F044} Successfully deleted: [Empty Folder] C:\Users\OUIDA\appdata\local\{C49CC138-08B4-4F9D-8EB3-2F426AA4B98C} Successfully deleted: [Empty Folder] C:\Users\OUIDA\appdata\local\{F41C57ED-7729-4955-8D4B-9559B3F086F4} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 11/01/2014 at 23:03:54.59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/1/2014 Scan Time: 11:06:25 PM Logfile: mbam rescan.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.02 Rootkit Database: v2014.11.01.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: OUIDA Scan Type: Threat Scan Result: Completed Objects Scanned: 351651 Time Elapsed: 16 min, 50 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  11. Ran all of the tools and rescanned with MBAM. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014 Ran by OUIDA at 2014-11-01 22:28:34 Run:1 Running from C:\Users\OUIDA\Desktop\New folder Loaded Profile: OUIDA (Available profiles: OUIDA & Guest) Boot Mode: Normal ============================================== Content of fixlist: ***************** AppInit_DLLs: C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll File Not Found GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org [2013-03-22] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2012-10-25] FF Extension: SpecialSavings - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-03-23] FF Extension: Smiley Bar for Facebook - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-03-23] CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll No File CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR HKCU\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\OUIDA\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2013-03-12] CHR HKCU\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\OUIDA\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2013-03-27] CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\OUIDA\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\OUIDA\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2013-03-12] CHR HKLM-x32\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\OUIDA\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\OUIDA\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-03-27] C:\Users\OUIDA\qdataOFXLOG.DAT C:\Users\OUIDA\qdata_OldSyncLog.dat C:\Users\OUIDA\qdata_SyncLog.dat AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:D346F792 Task: {15A4225D-6680-442C-A48D-627548C2D766} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-09-04] (AnyProtect.com) <==== ATTENTION Task: {2438BA2B-8616-44FE-BF0C-03B42EB9F5B7} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION C:\Program Files (x86)\MyPC Backup Task: {32E00ED5-1140-481E-B1C9-4F15D7EAE74F} - System32\Tasks\Yahoo! Search Udpater => C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe <==== ATTENTION Task: {34EAE923-73B3-495C-B3B8-88B3926BF392} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-09-04] (AnyProtect.com) <==== ATTENTION Task: {6CB93782-3729-4AA2-97AE-95E55A07B685} - \RocketTab No Task File <==== ATTENTION Task: {70653B44-A739-4463-B995-B267B2D93574} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-09-04] (AnyProtect.com) <==== ATTENTION Task: {79C20649-21AE-4248-A3E6-6A550AE84DC0} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {8DEBE502-D343-44A0-81DB-8EDEB14F0EC3} - System32\Tasks\Test TimeTrigger => C:\Users\OUIDA\AppData\Local\Temp\Runner.exe [2014-10-17] () <==== ATTENTION Task: {93319035-1312-48BD-991A-E1696EDA3AF6} - \RocketTab Update Task No Task File <==== ATTENTIONTask: {AC90E4DB-714E-4C23-AFC9-6F777426EA67} - System32\Tasks\4551 => Wscript.exe C:\Users\OUIDA\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION C:\Users\OUIDA\AppData\Local\Temp\launchie.vbs Task: {AF3324CB-A22E-439D-B859-7F30C072A6AB} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {D6E8AA83-1D7B-41F0-9076-0692B9AFF173} - System32\Tasks\Yahoo! Search => C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe <==== ATTENTION C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION C:\Program Files (x86)\AnyProtectEx ***************** "C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll" => Value Data removed successfully. C:\windows\system32\GroupPolicy\Machine => Moved successfully. C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKCU\SOFTWARE\Policies\Google" => Key deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value deleted successfully. C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt => Moved successfully. C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com => Moved successfully. C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks => Moved successfully. C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll not found. C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll not found. C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll not found. C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found. "HKCU\SOFTWARE\Google\Chrome\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok" => Key deleted successfully. C:\Users\OUIDA\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx => Moved successfully. "HKCU\SOFTWARE\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh" => Key deleted successfully. C:\Users\OUIDA\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx => Moved successfully. "HKCU\SOFTWARE\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki" => Key deleted successfully. C:\Users\OUIDA\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx => Moved successfully. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfjbflachhjbdbhfgknpgcgpchaikkok" => Key deleted successfully. "C:\Users\OUIDA\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lonndllmbldmmoefheenkmgkencnkdkh" => Key deleted successfully. "C:\Users\OUIDA\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\neebgdeaohaofdhldpobdpfocdonmgki" => Key deleted successfully. "C:\Users\OUIDA\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx" => File/Directory not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj" => Key deleted successfully. "C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx" => File/Directory not found. C:\Users\OUIDA\qdataOFXLOG.DAT => Moved successfully. C:\Users\OUIDA\qdata_OldSyncLog.dat => Moved successfully. C:\Users\OUIDA\qdata_SyncLog.dat => Moved successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. C:\ProgramData\TEMP => ":D346F792" ADS removed successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15A4225D-6680-442C-A48D-627548C2D766}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15A4225D-6680-442C-A48D-627548C2D766}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2438BA2B-8616-44FE-BF0C-03B42EB9F5B7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2438BA2B-8616-44FE-BF0C-03B42EB9F5B7}" => Key deleted successfully. C:\Windows\System32\Tasks\LaunchApp => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully. C:\Program Files (x86)\MyPC Backup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32E00ED5-1140-481E-B1C9-4F15D7EAE74F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32E00ED5-1140-481E-B1C9-4F15D7EAE74F}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search Udpater => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search Udpater" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34EAE923-73B3-495C-B3B8-88B3926BF392}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34EAE923-73B3-495C-B3B8-88B3926BF392}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6CB93782-3729-4AA2-97AE-95E55A07B685}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CB93782-3729-4AA2-97AE-95E55A07B685}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70653B44-A739-4463-B995-B267B2D93574}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70653B44-A739-4463-B995-B267B2D93574}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{79C20649-21AE-4248-A3E6-6A550AE84DC0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79C20649-21AE-4248-A3E6-6A550AE84DC0}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DEBE502-D343-44A0-81DB-8EDEB14F0EC3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DEBE502-D343-44A0-81DB-8EDEB14F0EC3}" => Key deleted successfully. C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{93319035-1312-48BD-991A-E1696EDA3AF6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93319035-1312-48BD-991A-E1696EDA3AF6}" => Key deleted successfully. C:\Windows\\RocketTab Update Task No Task File <==== ATTENTIONTask: {AC90E4DB-714E-4C23-AFC9-6F777426EA67} - System32\Tasks\4551 not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\TreeTask: {93319035-1312-48BD-991A-E1696EDA3AF6} - \RocketTab Update Task No Task File <==== ATTENTION\4551" => Key not found. "C:\Users\OUIDA\AppData\Local\Temp\launchie.vbs" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF3324CB-A22E-439D-B859-7F30C072A6AB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF3324CB-A22E-439D-B859-7F30C072A6AB}" => Key deleted successfully. C:\Windows\System32\Tasks\0 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6E8AA83-1D7B-41F0-9076-0692B9AFF173}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6E8AA83-1D7B-41F0-9076-0692B9AFF173}" => Key deleted successfully. C:\Windows\System32\Tasks\Yahoo! Search => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Search" => Key deleted successfully. "C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe" => File/Directory not found. C:\windows\Tasks\APSnotifierPP1.job => Moved successfully. C:\windows\Tasks\APSnotifierPP2.job => Moved successfully. C:\windows\Tasks\APSnotifierPP3.job => Moved successfully. C:\Program Files (x86)\AnyProtectEx => Moved successfully. The system needed a reboot. ==== End of Fixlog ==== # AdwCleaner v3.311 - Report created 01/11/2014 at 22:47:54 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : OUIDA - OUIDA-PC # Running from : C:\Users\OUIDA\Desktop\New folder\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\END File Found : C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Found : C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Found : C:\Users\OUIDA\AppData\Roaming\aps.scan.quick.results File Found : C:\Users\OUIDA\AppData\Roaming\aps.scan.results File Found : C:\Users\OUIDA\AppData\Roaming\aps.uninstall.scan.results File Found : C:\windows\System32\roboot64.exe Folder Found : C:\Program Files (x86)\Advanced System Protector Folder Found : C:\Program Files (x86)\AskPartnerNetwork Folder Found : C:\Program Files (x86)\Common Files\Umbrella Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\OApps Folder Found : C:\Program Files (x86)\otshot Folder Found : C:\Program Files (x86)\PC Health Kit Folder Found : C:\Program Files (x86)\PC TEKNIX Folder Found : C:\Program Files (x86)\PCFixSpeed Folder Found : C:\Program Files (x86)\PCTechHotline Folder Found : C:\Program Files (x86)\RegClean Pro Folder Found : C:\Program Files (x86)\SweetIM Folder Found : C:\Program Files (x86)\ToggleMark Folder Found : C:\Program Files (x86)\ToggleMark Folder Found : C:\Program Files (x86)\tuguu sl Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\AskPartnerNetwork Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Conduit Folder Found : C:\ProgramData\Iminent Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot Folder Found : C:\ProgramData\PCFixSpeed Folder Found : C:\ProgramData\Systweak Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Systweak Folder Found : C:\Users\Guest\AppData\Local\AOL Toolbar Folder Found : C:\Users\Guest\AppData\LocalLow\AppGraffiti Folder Found : C:\Users\Guest\AppData\LocalLow\Conduit Folder Found : C:\Users\Guest\AppData\LocalLow\iac Folder Found : C:\Users\Guest\AppData\LocalLow\Inbox Toolbar Folder Found : C:\Users\Guest\AppData\LocalLow\RebateInformer Folder Found : C:\Users\Guest\AppData\Roaming\SearchProtect Folder Found : C:\Users\OUIDA\AppData\Local\Conduit Folder Found : C:\Users\OUIDA\AppData\Local\DownloadTerms Folder Found : C:\Users\OUIDA\AppData\Local\iac Folder Found : C:\Users\OUIDA\AppData\Local\NativeMessaging Folder Found : C:\Users\OUIDA\AppData\Local\SwvUpdater Folder Found : C:\Users\OUIDA\AppData\Local\torch Folder Found : C:\Users\OUIDA\AppData\Local\visi_coupon Folder Found : C:\Users\OUIDA\AppData\Local\WhiteListing Folder Found : C:\Users\OUIDA\AppData\LocalLow\Conduit Folder Found : C:\Users\OUIDA\AppData\LocalLow\Delta Folder Found : C:\Users\OUIDA\AppData\LocalLow\iac Folder Found : C:\Users\OUIDA\AppData\LocalLow\visi_coupon Folder Found : C:\Users\OUIDA\AppData\Roaming\ap_logs Folder Found : C:\Users\OUIDA\AppData\Roaming\Babylon Folder Found : C:\Users\OUIDA\AppData\Roaming\Iminent Folder Found : C:\Users\OUIDA\AppData\Roaming\PC Health Kit Folder Found : C:\Users\OUIDA\AppData\Roaming\PC Tech Hotline Folder Found : C:\Users\OUIDA\AppData\Roaming\SearchProtect Folder Found : C:\Users\OUIDA\AppData\Roaming\StatusWinks Folder Found : C:\Users\OUIDA\AppData\Roaming\Strongvault Folder Found : C:\Users\OUIDA\AppData\Roaming\Systweak Folder Found : C:\Users\OUIDA\AppData\Roaming\VOPackage Folder Found : C:\Users\OUIDA\Documents\Optimizer Pro Folder Found : C:\Users\OUIDA\Documents\PC Health Kit ***** [ Scheduled Tasks ] ***** Task Found : RocketTab Update Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\5c55da8cbc3ab845 Key Found : HKCU\Software\AnyProtect Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\CompeteInc Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\ToggleMark Key Found : HKCU\Software\AppDataLow\ToggleMark Key Found : HKCU\Software\BRS Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Found : HKCU\Software\Optimizer Pro Key Found : HKCU\Software\Search Extensions Key Found : HKCU\Software\SmartBar Key Found : HKCU\Software\SocialBit Key Found : HKCU\Software\systweak Key Found : HKCU\Software\torch Key Found : HKCU\Software\Tutorials Key Found : [x64] HKCU\Software\AnyProtect Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\BRS Key Found : [x64] HKCU\Software\Conduit Key Found : [x64] HKCU\Software\ilivid Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKCU\Software\Optimizer Pro Key Found : [x64] HKCU\Software\Search Extensions Key Found : [x64] HKCU\Software\SmartBar Key Found : [x64] HKCU\Software\SocialBit Key Found : [x64] HKCU\Software\systweak Key Found : [x64] HKCU\Software\torch Key Found : [x64] HKCU\Software\Tutorials Key Found : HKLM\SOFTWARE\5c55da8cbc3ab845 Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11} Key Found : HKLM\SOFTWARE\Classes\AppID\{FCF8BFD3-39B8-4370-B464-EC2AAACD97CF} Key Found : HKLM\SOFTWARE\Classes\AppID\SelectionLinks.DLL Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90} Key Found : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43} Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81} Key Found : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63} Key Found : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289} Key Found : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD} Key Found : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984} Key Found : HKLM\SOFTWARE\Classes\Installer\Features\3DA786FCDC08E1345AF052DDF8C9693C Key Found : HKLM\SOFTWARE\Classes\Installer\Products\3DA786FCDC08E1345AF052DDF8C9693C Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\speedupmypc Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3277370 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3284668 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287375 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3297955 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B04A9E6A-C9C5-4A2F-ADF9-B69BAC127A14} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\firstsearch Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih Key Found : HKLM\SOFTWARE\iLividSRTB Key Found : HKLM\SOFTWARE\InfoAtoms Key Found : HKLM\SOFTWARE\InstallCore Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6C990ECA-72D6-4E65-A35B-A08C1DF79E6E} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5CCB33F-6C0A-418A-8AF1-10C35BBD579A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F5BFAD3A-D783-4AD7-98AA-D8F082626F8D} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC65300A-DC43-4D86-B153-E59CF6E74216} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ToggleMark_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ToggleMark_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateToggleMark_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateToggleMark_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilToggleMark_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\utilToggleMark_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF687AD3-80CD-431E-A50F-25DD8F9C96C3} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zulagames Key Found : HKLM\SOFTWARE\PIP Key Found : HKLM\SOFTWARE\systweak Key Found : HKLM\SOFTWARE\torch Key Found : HKLM\SOFTWARE\Tutorials Key Found : HKLM\SOFTWARE\Uniblue Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update ToggleMark Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util ToggleMark Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D01B4BB24CCD043B69431CCABB1A34 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3 Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DA786FCDC08E1345AF052DDF8C9693C Key Found : [x64] HKLM\SOFTWARE\Tarma Installer Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{63ADCAB1-34B5-ACCA-7D6B-F82DDF8E706A}] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialSavings@SpecialSavings.com] Value Found : HKCU\Software\Mozilla\Firefox\Extensions [statuswinks@StatusWinks] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [specialSavings@SpecialSavings.com] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [statuswinks@StatusWinks] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Google Chrome v37.0.2062.124 [ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl Found [Extension] : igdhbblpcellaljokkpfhcjlagemhgjl Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\preferences ] *************************
  12. MBAM scan did not detect anything this time. The Rogue killer did however. Logs below: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/1/2014 Scan Time: 8:52:14 PM Logfile: mbam.txt Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.02.02 Rootkit Database: v2014.11.01.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: OUIDA Scan Type: Threat Scan Result: Completed Objects Scanned: 424126 Time Elapsed: 25 min, 12 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : OUIDA [Administrator] Mode : Scan -- Date : 11/01/2014 21:26:22 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 17 ¤¤¤ [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found [PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Found [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> Found [suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found [suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found [suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found [suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | SpUninstallDeleteDir : rmdir /s /q "C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0136871396797231mcinstcleanup (C:\windows\TEMP\013687~1.EXE -cleanup -nolog) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0136871396797231mcinstcleanup (C:\windows\TEMP\013687~1.EXE -cleanup -nolog) -> Found [suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\0136871396797231mcinstcleanup (C:\windows\TEMP\013687~1.EXE -cleanup -nolog) -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-205499447-1781432616-321701785-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-205499447-1781432616-321701785-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 5 ¤¤¤ [suspicious.Path] \\4551 -- wscript.exe (C:\Users\OUIDA\AppData\Local\Temp\launchie.vbs //B) -> Found [suspicious.Path] \\FGRun -- C:\Users\OUIDA\AppData\Roaming\pack.exe -> Found [suspicious.Path] \\Test TimeTrigger -- C:\Users\OUIDA\AppData\Local\Temp\Runner.exe (C:\Users\OUIDA\AppData\Local\Temp\DNS.exe) -> Found [suspicious.Path] \\Yahoo! Search -- C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found [suspicious.Path] \\Yahoo! Search Udpater -- C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++ --- User --- [MBR] 91daf2d2bfe077aa91a8ef444ec707e3 [bSP] 803b52d7450c96050938b770c5ec93a3 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 20000 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41166848 | Size: 456838 MB User = LL1 ... OK User = LL2 ... OK
  13. I am infected. MBAM Pro will detect, but files return after being quarantined. Please Help Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014 Ran by OUIDA (administrator) on OUIDA-PC on 01-11-2014 19:03:19 Running from C:\Users\OUIDA\Desktop\New folder Loaded Profile: OUIDA (Available profiles: OUIDA & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-02-10] (Dell Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7464448 2012-10-25] (Dell Inc.) HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-09-10] (Microsoft) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-14] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.) HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-09-10] (Microsoft) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-205499447-1781432616-321701785-1002\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe [540336 2014-09-28] (Adobe Systems Incorporated) HKU\S-1-5-21-205499447-1781432616-321701785-1002\...\MountPoints2: {be4f1670-1e82-11e2-8a9b-806e6f6e6963} - D:\CD_Start.exe HKU\S-1-5-18\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "C:\windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" AppInit_DLLs: C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll => C:\PROGRA~2\SEARCH~2\Datamngr\x64\mgrldr.dll File Not Found Lsa: [Notification Packages] DPPassFilter scecli GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie URLSearchHook: HKLM-x32 - (No Name) - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No File URLSearchHook: HKLM-x32 - (No Name) - {2713b394-286f-4d7c-89ea-4174eeab9f5a} - No File URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File URLSearchHook: HKCU - (No Name) - {67097627-fd8e-4f6b-af4b-ecb65e50112e} - No File URLSearchHook: HKCU - (No Name) - {2713b394-286f-4d7c-89ea-4174eeab9f5a} - No File URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=352&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5981912442044042&q={searchTerms} SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = SearchScopes: HKLM-x32 - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDSJS SearchScopes: HKLM-x32 - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=aolrt-ie&s_qt=sb&tb_uuid=20121101170610955&tb_oid=01-11-2012&tb_mrud=13-04-2013 SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=352&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=5981912442044042&q={searchTerms} SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YKxdm002YYus&ptnrS=YKxdm002YYus&si=CJnxh_bEwLMCFayDQgodlDkAmg&ptb=D6F2C4D4-51AA-4B37-808D-27EDA28C234E&psa=&ind=2012110818&st=sb&n=77ee5fe2&searchfor={searchTerms} SearchScopes: HKCU - DefaultScope {C25EC60C-069D-47CA-AD04-F15F5D5B24C8} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKCU - {C25EC60C-069D-47CA-AD04-F15F5D5B24C8} URL = https://www.google.com/search?q={searchTerms} BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File BHO-x32: No Name -> {2713b394-286f-4d7c-89ea-4174eeab9f5a} -> No File BHO-x32: No Name -> {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -> No File BHO-x32: Produtools Manuals 2.1 B2 Toolbar -> {589d7cff-0173-47a9-966a-9afae3e5c249} -> C:\Program Files (x86)\Produtools_Manuals_2.1_B2\prxtbProd.dll (Conduit Ltd.) BHO-x32: No Name -> {67097627-fd8e-4f6b-af4b-ecb65e50112e} -> No File BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) Toolbar: HKLM-x32 - Produtools Manuals 2.1 B2 Toolbar - {589d7cff-0173-47a9-966a-9afae3e5c249} - C:\Program Files (x86)\Produtools_Manuals_2.1_B2\prxtbProd.dll (Conduit Ltd.) Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @ei.RecipeHub_2j.com/Plugin -> C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISB.dll No File FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org [2013-03-22] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2012-10-25] FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF HKLM-x32\...\Firefox\Extensions: [specialSavings@SpecialSavings.com] - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com FF Extension: SpecialSavings - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-03-23] FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks FF Extension: Smiley Bar for Facebook - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-03-23] FF HKCU\...\Firefox\Extensions: [specialSavings@SpecialSavings.com] - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com FF HKCU\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\OUIDA\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks FF HKCU\...\Firefox\Extensions: [{63ADCAB1-34B5-ACCA-7D6B-F82DDF8E706A}] - C:\Program Files (x86)\ver4BlockAndSurf\178.xpi Chrome: ======= CHR HomePage: Default -> https://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll No File CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Recipe Hub Installer Plugin Stub) - C:\Program Files (x86)\RecipeHub_2jEI\Installr\1.bin\NP2jEISB.dll No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll No File CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File CHR Profile: C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-15] CHR Extension: (Google Drive) - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-15] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-01] CHR Extension: (YouTube) - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-15] CHR Extension: (Google Search) - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-15] CHR Extension: (Google Wallet) - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09] CHR Extension: (Gmail) - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-15] CHR HKCU\...\Chrome\Extension: [jccpjpmiegdnbmbnaiaicnaakpacgbdi] - C:\Users\OUIDA\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx [2013-10-03] CHR HKCU\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\OUIDA\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2013-03-12] CHR HKCU\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\OUIDA\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2013-03-27] CHR HKCU\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\OUIDA\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [bfcpnihmbfoaeoakalclfalkdepgiaje] - C:\Users\OUIDA\AppData\Roaming\SpecialSavings\SpecialSavings.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\OUIDA\AppData\Roaming\StatusWinks\statuswinks.crx [2013-02-05] CHR HKLM-x32\...\Chrome\Extension: [jccpjpmiegdnbmbnaiaicnaakpacgbdi] - C:\Users\OUIDA\AppData\Local\CRE\jccpjpmiegdnbmbnaiaicnaakpacgbdi.crx [2013-10-03] CHR HKLM-x32\...\Chrome\Extension: [jfjbflachhjbdbhfgknpgcgpchaikkok] - C:\Users\OUIDA\AppData\Local\CRE\jfjbflachhjbdbhfgknpgcgpchaikkok.crx [2013-03-12] CHR HKLM-x32\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\OUIDA\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [neebgdeaohaofdhldpobdpfocdonmgki] - C:\Users\OUIDA\AppData\Local\CRE\neebgdeaohaofdhldpobdpfocdonmgki.crx [2013-03-27] CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\OUIDA\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx [2013-03-27] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 0136871396797231mcinstcleanup; C:\windows\TEMP\013687~1.EXE [0 2014-10-17] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-14] (Advanced Micro Devices, Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6146560 2012-10-25] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U0 kepceekj; C:\Windows\System32\drivers\wvhlqqy.sys [79064 2014-11-01] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 19:00 - 2014-11-01 19:03 - 00000000 ____D () C:\FRST 2014-11-01 18:57 - 2014-11-01 18:57 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\wvhlqqy.sys 2014-11-01 18:49 - 2014-11-01 19:03 - 00000000 ____D () C:\Users\OUIDA\Desktop\New folder 2014-11-01 17:55 - 2014-11-01 17:55 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2014-11-01 17:55 - 2014-11-01 17:55 - 00000000 ____D () C:\Users\OUIDA\AppData\Local\VS Revo Group 2014-11-01 17:55 - 2014-11-01 17:55 - 00000000 ____D () C:\ProgramData\VS Revo Group 2014-11-01 17:55 - 2014-11-01 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2014-11-01 17:55 - 2014-11-01 17:55 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-11-01 17:55 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys 2014-10-17 17:55 - 2014-11-01 18:19 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-17 17:55 - 2014-10-17 17:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-17 17:55 - 2014-10-17 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-17 17:55 - 2014-10-17 17:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-17 17:55 - 2014-10-17 17:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-17 17:55 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-10-17 17:55 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-10-17 17:55 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-10-17 17:53 - 2014-10-17 17:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\OUIDA\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-16 14:40 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-16 14:40 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-10-16 14:40 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-16 14:40 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-16 14:40 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-10-16 14:40 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-10-16 14:40 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-10-16 14:40 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-10-16 14:40 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-10-16 14:40 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-16 14:40 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-16 14:40 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-16 14:40 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-16 14:40 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-10-16 14:40 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-16 14:40 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-16 14:40 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-16 14:40 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-16 14:40 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-16 14:40 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-16 14:40 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-16 14:40 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-16 14:40 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-16 14:40 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-16 14:40 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-10-16 14:40 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-16 14:40 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-16 14:40 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-16 14:40 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-10-16 14:40 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-16 14:40 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-16 14:40 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-10-16 14:40 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-16 14:40 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-10-16 14:40 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-10-16 14:40 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-16 14:40 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-10-16 14:40 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-16 14:40 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-10-16 14:40 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-10-16 14:40 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-10-16 14:40 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-10-16 14:40 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-10-16 14:40 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-10-16 14:40 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-16 14:40 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-16 14:40 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-16 14:40 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-16 14:40 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-16 14:40 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-10-16 14:40 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-10-16 14:40 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-10-16 14:40 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-16 14:40 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-10-16 14:40 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-16 14:40 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-10-16 14:40 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-10-16 14:40 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-16 14:40 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll 2014-10-16 14:40 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll 2014-10-16 14:40 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-16 14:40 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll 2014-10-16 14:40 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-16 14:37 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-16 14:37 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll 2014-10-16 14:37 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-16 14:37 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-16 14:37 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-16 14:37 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-16 14:37 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-16 14:37 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-16 14:37 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-16 14:37 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-16 14:37 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2014-10-16 14:37 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-10-16 14:37 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-10-16 14:37 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll 2014-10-16 14:37 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-10-16 14:37 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-10-16 14:37 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-16 14:37 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-16 14:36 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-16 14:36 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll 2014-10-16 14:21 - 2014-11-01 18:17 - 00002942 _____ () C:\windows\PFRO.log 2014-10-16 14:11 - 2014-10-16 14:12 - 00002898 _____ () C:\Users\OUIDA\AppData\Roaming\aps.scan.results 2014-10-16 14:11 - 2014-10-16 14:12 - 00001146 _____ () C:\Users\OUIDA\AppData\Roaming\aps.scan.quick.results 2014-10-16 14:11 - 2014-10-16 14:12 - 00000314 _____ () C:\Users\OUIDA\AppData\Roaming\aps.uninstall.scan.results 2014-10-16 14:11 - 2014-10-16 14:11 - 00003492 _____ () C:\windows\System32\Tasks\Yahoo! Search Udpater 2014-10-16 14:11 - 2014-10-16 14:11 - 00003488 _____ () C:\windows\System32\Tasks\Yahoo! Search 2014-10-04 17:19 - 2014-11-01 18:17 - 00000448 _____ () C:\windows\setupact.log 2014-10-04 17:19 - 2014-10-04 17:19 - 00000000 _____ () C:\windows\setuperr.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 19:03 - 2009-07-13 23:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-01 19:03 - 2009-07-13 23:45 - 00020928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-01 18:57 - 2009-07-14 00:37 - 00000000 ____D () C:\windows\DigitalLocker 2014-11-01 18:56 - 2014-07-15 10:04 - 00000000 ____D () C:\ProgramData\Systweak 2014-11-01 18:56 - 2014-07-15 10:00 - 00000000 ____D () C:\Users\OUIDA\AppData\Roaming\systweak 2014-11-01 18:52 - 2012-10-25 03:47 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-11-01 18:29 - 2013-04-06 22:27 - 00000000 ____D () C:\ProgramData\Yahoo! 2014-11-01 18:29 - 2013-04-06 22:26 - 00000000 ____D () C:\Program Files (x86)\Yahoo! 2014-11-01 18:28 - 2013-07-14 23:01 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-01 18:28 - 2012-11-03 08:48 - 00000000 ____D () C:\Users\OUIDA\AppData\Local\Google 2014-11-01 18:28 - 2012-11-03 08:48 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-01 18:24 - 2012-10-25 03:39 - 01305215 _____ () C:\windows\WindowsUpdate.log 2014-11-01 18:20 - 2013-04-12 17:25 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-11-01 18:18 - 2013-07-14 23:01 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-01 18:17 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-11-01 17:46 - 2014-03-02 15:56 - 00000000 ____D () C:\ProgramData\BoostSoftware 2014-11-01 17:23 - 2013-07-14 23:01 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-01 17:23 - 2013-07-14 23:01 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-01 17:22 - 2012-11-01 13:23 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{F4C91A14-43A9-4A9F-92D6-61C86D0270BD} 2014-10-28 06:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-10-17 19:20 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache 2014-10-17 18:45 - 2014-09-04 17:49 - 00000000 ____D () C:\Users\OUIDA\AppData\Roaming\VOPackage 2014-10-17 18:35 - 2014-09-04 18:06 - 00000000 ____D () C:\Program Files (x86)\TermTutor 2014-10-17 18:35 - 2014-09-04 17:45 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline 2014-10-17 18:35 - 2014-07-15 10:03 - 00000000 ____D () C:\Program Files (x86)\Advanced System Protector 2014-10-17 18:35 - 2013-11-06 21:11 - 00000000 ____D () C:\Users\OUIDA\AppData\Roaming\Iminent 2014-10-17 18:35 - 2013-11-06 21:10 - 00000000 ____D () C:\ProgramData\Iminent 2014-10-17 18:35 - 2013-10-08 19:06 - 00000000 ____D () C:\ProgramData\Conduit 2014-10-17 18:35 - 2013-05-24 14:57 - 00000000 ____D () C:\Users\OUIDA\AppData\Roaming\SearchProtect 2014-10-17 18:35 - 2013-03-24 13:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\SearchProtect 2014-10-17 18:35 - 2013-03-22 11:52 - 00000000 ____D () C:\Program Files (x86)\SweetIM 2014-10-17 18:35 - 2009-07-13 21:34 - 00000505 _____ () C:\windows\win.ini 2014-10-17 18:34 - 2014-09-04 18:17 - 00000000 ____D () C:\Program Files (x86)\ToggleMark 2014-10-17 18:34 - 2014-09-04 17:45 - 00000000 ____D () C:\Program Files (x86)\PCFixSpeed 2014-10-17 18:34 - 2013-11-06 21:06 - 00000000 ____D () C:\Program Files (x86)\PC Health Kit 2014-10-17 18:34 - 2013-03-16 16:59 - 00000000 ____D () C:\Users\OUIDA\AppData\Local\CRE 2014-10-17 14:17 - 2014-09-04 17:45 - 00000000 ____D () C:\ProgramData\PCFixSpeed 2014-10-17 13:36 - 2009-07-13 23:45 - 00300104 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-16 15:26 - 2012-11-01 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-16 15:06 - 2013-07-25 12:51 - 00000000 ____D () C:\windows\system32\MRT 2014-10-16 15:06 - 2012-11-01 03:15 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-10-16 14:45 - 2014-09-04 18:45 - 00000098 _____ () C:\Users\OUIDA\AppData\Roaming\WB.CFG 2014-10-16 14:21 - 2013-04-16 01:15 - 00000000 ____D () C:\Program Files\Common Files\McAfee Files to move or delete: ==================== C:\Users\OUIDA\qdataOFXLOG.DAT C:\Users\OUIDA\qdata_OldSyncLog.dat C:\Users\OUIDA\qdata_SyncLog.dat Some content of TEMP: ==================== C:\Users\OUIDA\AppData\Local\Temp\5942_fdminst.exe C:\Users\OUIDA\AppData\Local\Temp\92FE_install_flashplayer11x32_mssd_aih.exe C:\Users\OUIDA\AppData\Local\Temp\9551_install_flashplayer11x32_mssd_aih.exe C:\Users\OUIDA\AppData\Local\Temp\air4931.exe C:\Users\OUIDA\AppData\Local\Temp\air50A6.exe C:\Users\OUIDA\AppData\Local\Temp\air5943.exe C:\Users\OUIDA\AppData\Local\Temp\air6832.exe C:\Users\OUIDA\AppData\Local\Temp\air7434.exe C:\Users\OUIDA\AppData\Local\Temp\air74C9.exe C:\Users\OUIDA\AppData\Local\Temp\air7641.exe C:\Users\OUIDA\AppData\Local\Temp\air7D45.exe C:\Users\OUIDA\AppData\Local\Temp\air92ED.exe C:\Users\OUIDA\AppData\Local\Temp\air933E.exe C:\Users\OUIDA\AppData\Local\Temp\air9540.exe C:\Users\OUIDA\AppData\Local\Temp\air95D2.exe C:\Users\OUIDA\AppData\Local\Temp\airA66D.exe C:\Users\OUIDA\AppData\Local\Temp\airF1C3.exe C:\Users\OUIDA\AppData\Local\Temp\aol_toolbar7227.exe C:\Users\OUIDA\AppData\Local\Temp\aol_toolbarC027.exe C:\Users\OUIDA\AppData\Local\Temp\APNSetup.exe C:\Users\OUIDA\AppData\Local\Temp\BackupSetup.exe C:\Users\OUIDA\AppData\Local\Temp\ci-2.7.1-53firefox.exe C:\Users\OUIDA\AppData\Local\Temp\cicr-3.1.0-84.exe C:\Users\OUIDA\AppData\Local\Temp\ConsumerInputSetup-2.7.1-7927IE.exe C:\Users\OUIDA\AppData\Local\Temp\HotShot_installerNewNoStartUp.exe C:\Users\OUIDA\AppData\Local\Temp\install_flashplayer11x32axau_gtba_chra_dy_aaa_aih.exe C:\Users\OUIDA\AppData\Local\Temp\install_helper.exe C:\Users\OUIDA\AppData\Local\Temp\nsaCFB1.exe C:\Users\OUIDA\AppData\Local\Temp\nsc17A7.exe C:\Users\OUIDA\AppData\Local\Temp\nscF143.exe C:\Users\OUIDA\AppData\Local\Temp\nsd2686.exe C:\Users\OUIDA\AppData\Local\Temp\nsdC44.exe C:\Users\OUIDA\AppData\Local\Temp\nsg32D7.exe C:\Users\OUIDA\AppData\Local\Temp\nsgE048.exe C:\Users\OUIDA\AppData\Local\Temp\nsh2EA.exe C:\Users\OUIDA\AppData\Local\Temp\nsi2448.exe C:\Users\OUIDA\AppData\Local\Temp\nsj4447.exe C:\Users\OUIDA\AppData\Local\Temp\nsjED70.exe C:\Users\OUIDA\AppData\Local\Temp\nsjFDDA.tmp.tbProd.dll C:\Users\OUIDA\AppData\Local\Temp\nsm490.exe C:\Users\OUIDA\AppData\Local\Temp\nsn1AA5.exe C:\Users\OUIDA\AppData\Local\Temp\nsn9849.exe C:\Users\OUIDA\AppData\Local\Temp\nso1859.exe C:\Users\OUIDA\AppData\Local\Temp\nso6EE2.exe C:\Users\OUIDA\AppData\Local\Temp\nsq4956.exe C:\Users\OUIDA\AppData\Local\Temp\nsrA94C.exe C:\Users\OUIDA\AppData\Local\Temp\nsrED8C.exe C:\Users\OUIDA\AppData\Local\Temp\nss95A9.exe C:\Users\OUIDA\AppData\Local\Temp\nst2B29.exe C:\Users\OUIDA\AppData\Local\Temp\nst7B3D.exe C:\Users\OUIDA\AppData\Local\Temp\nsv63E4.exe C:\Users\OUIDA\AppData\Local\Temp\nsxE0FE.exe C:\Users\OUIDA\AppData\Local\Temp\nsxE2D3.exe C:\Users\OUIDA\AppData\Local\Temp\nsy2857.exe C:\Users\OUIDA\AppData\Local\Temp\nsy2C9C.exe C:\Users\OUIDA\AppData\Local\Temp\PIP2691_WBV5_.exe C:\Users\OUIDA\AppData\Local\Temp\post1.exe C:\Users\OUIDA\AppData\Local\Temp\post2.dll C:\Users\OUIDA\AppData\Local\Temp\post2.exe C:\Users\OUIDA\AppData\Local\Temp\Runner.exe C:\Users\OUIDA\AppData\Local\Temp\SecondStepInstaller.exe C:\Users\OUIDA\AppData\Local\Temp\SmartbarExeInstaller.exe C:\Users\OUIDA\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\OUIDA\AppData\Local\Temp\SPSetup.exe C:\Users\OUIDA\AppData\Local\Temp\SPStub.exe C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite16725.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite19142.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite26471.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite30643.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite32765.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite34598.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite37768.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite40555.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite47089.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite49268.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite53839.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite55561.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite56616.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite62056.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite66367.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite70397.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite70482.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite76828.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite77743.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite78870.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite79064.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite79529.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite84539.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite92953.dll C:\Users\OUIDA\AppData\Local\Temp\System.Data.SQLite99247.dll C:\Users\OUIDA\AppData\Local\Temp\tbInte.dll C:\Users\OUIDA\AppData\Local\Temp\tbKeyB.dll C:\Users\OUIDA\AppData\Local\Temp\tbVafm.dll C:\Users\OUIDA\AppData\Local\Temp\ToolbarHelper.exe C:\Users\OUIDA\AppData\Local\Temp\uninst1.exe C:\Users\OUIDA\AppData\Local\Temp\UNINSTALL.EXE C:\Users\OUIDA\AppData\Local\Temp\UpdUninstall.exe C:\Users\OUIDA\AppData\Local\Temp\wget.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-17 19:11 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014 Ran by OUIDA at 2014-11-01 19:04:22 Running from C:\Users\OUIDA\Desktop\New folder Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{EE0AEC31-DAE0-6F50-FFD8-58F08CC74F07}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery Manager (HKLM\...\{975DFE7C-8E56-45BC-A329-401E6B1F8102}) (Version: 1.3 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.) DigitalPersona Fingerprint Software 5.20 (HKLM\...\{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}) (Version: 5.20.230 - DigitalPersona, Inc.) Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.96 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT) Iminent (x32 Version: 6.44.21.0 - Iminent) Hidden <==== ATTENTION iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Learn to Play Bridge 2 (HKLM-x32\...\Learn_to_Play_Bridge_2) (Version: - ) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Produtools Manuals 2.1 B2 Toolbar (HKLM-x32\...\Produtools_Manuals_2.1_B2 Toolbar) (Version: 6.13.3.1 - Produtools Manuals 2.1 B2) <==== ATTENTION Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.22 - Dell Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Validity Sensors DDK (HKLM\...\{56BAC4EE-B1DA-42A7-ACA5-7A353F2ED1DA}) (Version: 4.3.108.0 - Validity Sensors, Inc.) WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1167A0FF-837C-4041-9C59-F9E36130793F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-28] (Adobe Systems Incorporated) Task: {15A4225D-6680-442C-A48D-627548C2D766} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-09-04] (AnyProtect.com) <==== ATTENTION Task: {2438BA2B-8616-44FE-BF0C-03B42EB9F5B7} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION Task: {25FDCDF7-A6B7-4318-8185-08D145F5E04B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {32E00ED5-1140-481E-B1C9-4F15D7EAE74F} - System32\Tasks\Yahoo! Search Udpater => C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe <==== ATTENTION Task: {34EAE923-73B3-495C-B3B8-88B3926BF392} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-09-04] (AnyProtect.com) <==== ATTENTION Task: {5B103879-EC44-4D69-BED4-F87D270C977B} - System32\Tasks\FGRun => C:\Users\OUIDA\AppData\Roaming\pack.exe Task: {6018DB11-6894-41C5-A37A-C0426EC705E8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {6CB93782-3729-4AA2-97AE-95E55A07B685} - \RocketTab No Task File <==== ATTENTION Task: {70653B44-A739-4463-B995-B267B2D93574} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-09-04] (AnyProtect.com) <==== ATTENTION Task: {79C20649-21AE-4248-A3E6-6A550AE84DC0} - \Advanced System Protector_startup No Task File <==== ATTENTION Task: {8DEBE502-D343-44A0-81DB-8EDEB14F0EC3} - System32\Tasks\Test TimeTrigger => C:\Users\OUIDA\AppData\Local\Temp\Runner.exe [2014-10-17] () <==== ATTENTION Task: {93319035-1312-48BD-991A-E1696EDA3AF6} - \RocketTab Update Task No Task File <==== ATTENTION Task: {A9DF6314-E03A-4249-98FD-F3F70CF044D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.) Task: {AC90E4DB-714E-4C23-AFC9-6F777426EA67} - System32\Tasks\4551 => Wscript.exe C:\Users\OUIDA\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {AF3324CB-A22E-439D-B859-7F30C072A6AB} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {D6E8AA83-1D7B-41F0-9076-0692B9AFF173} - System32\Tasks\Yahoo! Search => C:\Users\OUIDA\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe <==== ATTENTION Task: {F22F026E-E4FD-4890-B327-7358D5D87507} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-14 13:50 - 2011-11-14 13:50 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2011-11-14 13:50 - 2011-11-14 13:50 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2011-11-14 13:36 - 2011-11-14 13:36 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:D346F792 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey MSCONFIG\startupreg: OtShot => C:\Program Files (x86)\OtShot\otshot.exe -minimize ========================= Accounts: ========================== Administrator (S-1-5-21-205499447-1781432616-321701785-500 - Administrator - Disabled) Guest (S-1-5-21-205499447-1781432616-321701785-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-205499447-1781432616-321701785-1004 - Limited - Enabled) OUIDA (S-1-5-21-205499447-1781432616-321701785-1002 - Administrator - Enabled) => C:\Users\OUIDA ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/01/2014 06:18:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2014 06:01:10 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: The system cannot find the file specified. (0x80070002). Error: (11/01/2014 05:47:50 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/01/2014 05:43:52 PM) (Source: VSS) (EventID: 12305) (User: ) Description: Volume Shadow Copy Service error: Volume/disk not connected or not found. Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5 - 00000000000000F4,0x0053c198,0000000000299FD0,0,0000000000298FC0,4096,[0]). Operation: Processing PostFinalCommitSnapshots Context: Execution Context: System Provider Error: (11/01/2014 05:38:55 PM) (Source: VSS) (EventID: 12305) (User: ) Description: Volume Shadow Copy Service error: Volume/disk not connected or not found. Error context: DeviceIoControl(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy4 - 00000000000000EC,0x0053c198,0000000000294FD0,0,0000000000293FC0,4096,[0]). Operation: Processing PostFinalCommitSnapshots Context: Execution Context: System Provider Error: (11/01/2014 05:25:37 PM) (Source: System Restore) (EventID: 8211) (User: ) Description: The scheduled restore point could not be created. Additional information: (0x81000101). Error: (11/01/2014 05:25:32 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101). Error: (11/01/2014 05:25:24 PM) (Source: VSS) (EventID: 12289) (User: ) Description: Volume Shadow Copy Service error: Unexpected error DeviceIoControl(\\?\Volume{11c12b47-1e7f-11e2-92c6-806e6f6e6963} - 0000000000000140,0x0053c008,00000000002FAFF0,0,00000000002FE780,4096,[0]). hr = 0x80070079, The semaphore timeout period has expired. . Operation: Processing EndPrepareSnapshots Context: Execution Context: System Provider Error: (10/18/2014 01:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 13213 Error: (10/18/2014 01:08:31 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 13213 System errors: ============= Error: (11/01/2014 06:00:06 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (11/01/2014 05:44:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The RBClientService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. Error: (11/01/2014 05:43:51 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (11/01/2014 05:38:54 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (11/01/2014 05:29:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (11/01/2014 05:29:06 PM) (Source: volsnap) (EventID: 14) (User: ) Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error: (11/01/2014 05:29:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. Error: (11/01/2014 05:26:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/01/2014 05:21:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/01/2014 05:25:22 PM) (Source: volsnap) (EventID: 67) (User: ) Description: The shadow copy of volume C: being created failed to install. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: AMD E2-3000M APU with Radeon HD Graphics Percentage of memory in use: 50% Total physical RAM: 3559.96 MB Available physical RAM: 1769.94 MB Total Pagefile: 7118.11 MB Available Pagefile: 4810.14 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:408.2 GB) NTFS Drive d: (Malwarebytes) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D8081152) Partition 1: (Not Active) - (Size=100 MB) - (Type=DE) Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  14. tool has been running for an hour. Is that normal? only options you suggested checked
  15. no change.... C:\Windows\system32>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2 Physical Address. . . . . . . . . : 24-77-03-55-55-0D DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® Centrino® Ultimate-N 6300 AGN Physical Address. . . . . . . . . : 24-77-03-55-55-0C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.88.206(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, May 11, 2014 9:29:11 AM Lease Expires . . . . . . . . . . : Wednesday, May 14, 2014 9:29:11 AM Default Gateway . . . . . . . . . : 192.168.88.1 DHCP Server . . . . . . . . . . . : 192.168.88.1 DNS Servers . . . . . . . . . . . : 192.168.88.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® 82579LM Gigabit Network Connection Physical Address. . . . . . . . . : D0-67-E5-47-B4-AC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{B34F914B-F548-4ED4-BEB9-AAAD5E933CF5}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{6A6675AB-06A7-4611-8DEF-925B6E3443FB}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{7FD6927D-CB09-484A-A2F9-C87263A9F252}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\Windows\system32>
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.