Jump to content

S34n4e

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Everything posted by S34n4e

  1. S34n4e
    Oh.... No... Wait... I have some threats in Quarantine MBAM. Should I delete those threats with MBAM?
  2. S34n4e
    We did it ^-^ ! You're so smart to solve those problems. I think everything is solved. Thanks for all your help.
  3. S34n4e
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014 Ran by Vic at 2014-11-24 13:22:53 Run:2 Running from C:\Users\Vic\Desktop Loaded Profile: Vic (Available profiles: Vic) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk [2014-09-12] ***************** C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk => Moved successfully. ==== End of Fixlog ====
  4. S34n4e
    Ok... Um... I have no problem with "bad image" anymore and the pc is running very well. Everything is working fine. Thanks for everything ^-^. adwCleaner log: # AdwCleaner v4.101 - Report created 23/11/2014 at 11:25:18 # Updated 09/11/2014 by Xplode # Database : 2014-11-23.6 [Live] # Operating System : Windows 7 Enterprise Service Pack 1 (32 bits) # Username : Vic - VIC-PC # Running from : C:\Users\Vic\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : 671c50b0 [#] Service Deleted : 916e5338 ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\MountainApp Folder Deleted : C:\ProgramData\StarApp Folder Deleted : C:\ProgramData\50CouuPons Folder Deleted : C:\ProgramData\CheApMe Folder Deleted : C:\ProgramData\cOOntiinuetoosave Folder Deleted : C:\ProgramData\CooupaEixtension Folder Deleted : C:\ProgramData\DaigiSavEr Folder Deleted : C:\ProgramData\ExsttraCoupon Folder Deleted : C:\ProgramData\Funo2Save Folder Deleted : C:\ProgramData\ReGulearDeaLs Folder Deleted : C:\ProgramData\c12e3f83e4cc17db Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiinuetoosave Folder Deleted : C:\Program Files\FoxTab Folder Deleted : C:\Program Files\globalUpdate Folder Deleted : C:\Program Files\PCDApp Folder Deleted : C:\Program Files\WebSearch Folder Deleted : C:\Users\Vic\AppData\Local\Assistant Folder Deleted : C:\Users\Vic\AppData\Local\Babylon Folder Deleted : C:\Users\Vic\AppData\Local\globalUpdate Folder Deleted : C:\Users\Vic\AppData\LocalLow\cOOntiinuetoosave Folder Deleted : C:\Users\Vic\AppData\Roaming\DownLite Folder Deleted : C:\Users\Vic\AppData\Roaming\FoxTab Folder Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\3WvnC@d.net Folder Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\Pl@wwrPfj.edu File Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\invalidprefs.js File Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\user.js ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe Key Deleted : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe.5.1 Key Deleted : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa Key Deleted : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa.1.8 Key Deleted : HKLM\SOFTWARE\5d55df8cb36fb912 Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} [#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Deleted : HKCU\Software\GlobalUpdate Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\GlobalUpdate Key Deleted : HKLM\SOFTWARE\InstallCore Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions Key Deleted : HKLM\SOFTWARE\Upd Inst Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\assist~1.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v33.1 (x86 es-ES) [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "6c1e7cec000000000000001e65d66545"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15883"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", ""); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.518:56:31"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babExt", ""); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=250613_gr3&tsp=4926"); [ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.srcExt", "ss"); -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [28753 octets] - [23/11/2014 07:12:28] AdwCleaner[R1].txt - [10171 octets] - [23/11/2014 11:20:03] AdwCleaner[s0].txt - [10485 octets] - [23/11/2014 11:25:18] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10546 octets] ########## ESET log: C:\AdwCleaner\Quarantine\C\Program Files\PCDApp\dmon.exe.vir Win32/CoinMiner.SI trojan C:\AdwCleaner\Quarantine\C\Program Files\PCDApp\StartHelp.exe.vir NSIS/CoinMiner.B trojan C:\FRST\Quarantine\C\ProgramData\GoSaVeo\2TWjeMmehObJ2r.dll a variant of Win32/AdWare.MultiPlug.BN application C:\FRST\Quarantine\C\ProgramData\GoSaVeo\2TWjeMmehObJ2r.exe a variant of Win32/AdWare.MultiPlug.BN application C:\ProgramData\InstallMate\{51913798-5014-4BF7-A91C-18368A72156E}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\Qoobox\Quarantine\C\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\51b48feec5fb25.60954951.js.vir Win32/Adware.MultiPlug.H application C:\Qoobox\Quarantine\C\Windows\System32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application C:\Users\All Users\InstallMate\{51913798-5014-4BF7-A91C-18368A72156E}\Custom.dll Win32/InstalleRex.M potentially unwanted application C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk\184\content.js JS/Chromex.Agent.L trojan
  5. S34n4e
    The ADWCleaner's log is here: # AdwCleaner v4.101 - Report created 23/11/2014 at 07:12:28 # Updated 09/11/2014 by Xplode # Database : 2014-11-22.1 [Live] # Operating System : Windows 7 Enterprise Service Pack 1 (32 bits) # Username : Vic - VIC-PC # Running from : C:\Users\Vic\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** Service Found : 671c50b0 Service Found : 916e5338 Service Found : globalUpdatem ***** [ Files / Folders ] ***** File Found : C:\Program Files\Assistant.dll File Found : C:\Program Files\AssistantSvc.dll File Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\invalidprefs.js File Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\user.js Folder Found : C:\Program Files\FoxTab Folder Found : C:\Program Files\globalUpdate Folder Found : C:\Program Files\HD-V1.8 Folder Found : C:\Program Files\PCDApp Folder Found : C:\Program Files\WebSearch Folder Found : C:\ProgramData\50CouuPons Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Browser System Enahncer Folder Found : C:\ProgramData\browser system enahncer Folder Found : C:\ProgramData\c12e3f83e4cc17db Folder Found : C:\ProgramData\CheApMe Folder Found : C:\ProgramData\cOOntiinuetoosave Folder Found : C:\ProgramData\CooupaEixtension Folder Found : C:\ProgramData\DaigiSavEr Folder Found : C:\ProgramData\DIgICoupon Folder Found : C:\ProgramData\ExstraCouPon Folder Found : C:\ProgramData\ExsttraCoupon Folder Found : C:\ProgramData\Funo2Save Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiinuetoosave Folder Found : C:\ProgramData\MountainApp Folder Found : C:\ProgramData\ReGulearDeaLs Folder Found : C:\ProgramData\StarApp Folder Found : C:\Users\Vic\AppData\Local\Assistant Folder Found : C:\Users\Vic\AppData\Local\Babylon Folder Found : C:\Users\Vic\AppData\Local\globalUpdate Folder Found : C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi Folder Found : C:\Users\Vic\AppData\LocalLow\cOOntiinuetoosave Folder Found : C:\Users\Vic\AppData\Roaming\DownLite Folder Found : C:\Users\Vic\AppData\Roaming\FoxTab Folder Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\3WvnC@d.net Folder Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\Pl@wwrPfj.edu Folder Found : C:\Users\Vic\AppData\Roaming\OpenCandy ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found : HKCU\Software\AppDataLow\Software\HD-V1.8 Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\GlobalUpdate Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{331EAEFD-F548-7117-0994-F67A475E5D0F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{332F6E83-CD5F-5348-CD19-C728E3A9D548} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AC379FB-E133-A5D0-0166-CA5941E4D295} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD37466-9164-8B5D-FA66-26709EE1CBBF} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{331EAEFD-F548-7117-0994-F67A475E5D0F} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{332F6E83-CD5F-5348-CD19-C728E3A9D548} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AC379FB-E133-A5D0-0166-CA5941E4D295} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD37466-9164-8B5D-FA66-26709EE1CBBF} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\5d55df8cb36fb912 Key Found : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa Key Found : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa.1.8 Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Found : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe Key Found : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe.5.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282} Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} Key Found : HKLM\SOFTWARE\Classes\CLSID\{331EAEFD-F548-7117-0994-F67A475E5D0F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{332F6E83-CD5F-5348-CD19-C728E3A9D548} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AC379FB-E133-A5D0-0166-CA5941E4D295} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090} Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5} Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AFD37466-9164-8B5D-FA66-26709EE1CBBF} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} Key Found : HKLM\SOFTWARE\Classes\CoupExtteinsion.CoupExtteinsion Key Found : HKLM\SOFTWARE\Classes\CoupExtteinsion.CoupExtteinsion.1.3 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\DaigiSAveeru.DaigiSAveeru Key Found : HKLM\SOFTWARE\Classes\DaigiSAveeru.DaigiSAveeru.6.7 Key Found : HKLM\SOFTWARE\Classes\DDiGGiCOupon.DDiGGiCOupon Key Found : HKLM\SOFTWARE\Classes\DDiGGiCOupon.DDiGGiCOupon.5.3 Key Found : HKLM\SOFTWARE\Classes\ExsTraaCouponi.ExsTraaCouponi Key Found : HKLM\SOFTWARE\Classes\ExsTraaCouponi.ExsTraaCouponi.4.3 Key Found : HKLM\SOFTWARE\Classes\ExsTrrACCoupoon.ExsTrrACCoupoon Key Found : HKLM\SOFTWARE\Classes\ExsTrrACCoupoon.ExsTrrACCoupoon.4.3 Key Found : HKLM\SOFTWARE\Classes\Fun2Savee.Fun2Savee Key Found : HKLM\SOFTWARE\Classes\Fun2Savee.Fun2Savee.4.5 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0 Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682} Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\RRegguulairDeals.RRegguulairDeals Key Found : HKLM\SOFTWARE\Classes\RRegguulairDeals.RRegguulairDeals.7.2 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Key Found : HKLM\SOFTWARE\GlobalUpdate Key Found : HKLM\SOFTWARE\HD-V1.8 Key Found : HKLM\SOFTWARE\InstallCore Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{331EAEFD-F548-7117-0994-F67A475E5D0F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{332F6E83-CD5F-5348-CD19-C728E3A9D548} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AC379FB-E133-A5D0-0166-CA5941E4D295} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD37466-9164-8B5D-FA66-26709EE1CBBF} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{331EAEFD-F548-7117-0994-F67A475E5D0F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{332F6E83-CD5F-5348-CD19-C728E3A9D548} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3AC379FB-E133-A5D0-0166-CA5941E4D295} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AFD37466-9164-8B5D-FA66-26709EE1CBBF} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB785A98-E594-7A5D-521C-B0E10326B732} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HD-V1.8 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1291239527 Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 Key Found : HKLM\SOFTWARE\Upd Inst ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v33.1 (x86 es-ES) [ajjnurov.default] - Line Found : user_pref("aol_toolbar.default.homepage.check", false); [ajjnurov.default] - Line Found : user_pref("aol_toolbar.default.search.check", false); [ajjnurov.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q="); [ajjnurov.default] - Line Found : user_pref("extensions.51b48feec6122.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...] [ajjnurov.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0); [ajjnurov.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); [ajjnurov.default] - Line Found : user_pref("extensions.Cr4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...] [ajjnurov.default] - Line Found : user_pref("extensions.JK2nHyyu9mnd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...] [ajjnurov.default] - Line Found : user_pref("extensions.Jb_Tq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] [ajjnurov.default] - Line Found : user_pref("extensions.P5qu0V.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...] [ajjnurov.default] - Line Found : user_pref("extensions.TT5ZF.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.backgroundjs", "\n\nappAPI.ready(function(l){function g(){var a=k.apply(null,[99,100,110,51,46,110[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.js", "\n\n /************************************************************************************\[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_13.name", "CrossriderAppUtils"); [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_14.name", "CrossriderUtils"); [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...] [ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_78.name", "CrossriderInfo"); [ajjnurov.default] - Line Found : user_pref("extensions.aD5VS8.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...] [ajjnurov.default] - Line Found : user_pref("extensions.crossrider.bic", "13fd10f9cbe56582e7575ffcec377c4d"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.admin", false); [ajjnurov.default] - Line Found : user_pref("extensions.delta.aflt", "babsst"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.autoRvrt", "false"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.dfltLng", "en"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.excTlbr", false); [ajjnurov.default] - Line Found : user_pref("extensions.delta.ffxUnstlRst", true); [ajjnurov.default] - Line Found : user_pref("extensions.delta.id", "6c1e7cec000000000000001e65d66545"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.instlDay", "15883"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.instlRef", "sst"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.newTab", false); [ajjnurov.default] - Line Found : user_pref("extensions.delta.prdct", "delta"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.prtnrId", "delta"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.rvrt", "false"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.smplGrp", "none"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.tlbrId", "base"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.tlbrSrchUrl", ""); [ajjnurov.default] - Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.518:56:31"); [ajjnurov.default] - Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5"); [ajjnurov.default] - Line Found : user_pref("extensions.delta_i.babExt", ""); [ajjnurov.default] - Line Found : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=250613_gr3&tsp=4926"); [ajjnurov.default] - Line Found : user_pref("extensions.delta_i.srcExt", "ss"); [ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "WebSearch"); [ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true); [ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q="); [ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google"); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=E03FFB51-A720-44AB-A767-7AE7AAC381A0&n=77fcdf2d&p2=^9N^xdm006^S05388^cr&si=CP7Xm4r05rYCFcdU4[...] [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.hp.enabled", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", ""); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2013060909"); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "^9N^xdm006^S05388^cr"); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "CP7Xm4r05rYCFcdU4AodsV8APg"); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "E03FFB51-A720-44AB-A767-7AE7AAC381A0"); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1370790554072"); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "myscrapnook@mindspark.com"); [ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "myscrapnook@mindspark.com"); [ajjnurov.default] - Line Found : user_pref("extensions.uAg7V500ladKF0Rd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...] [ajjnurov.default] - Line Found : user_pref("extensions.uHASPJOeDmaykihn.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...] [ajjnurov.default] - Line Found : user_pref("extensions.uvFsSkdd_f3E.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...] [ajjnurov.default] - Line Found : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=E03FFB51-A720-44AB-A767-7AE7AAC381A0&n=77fcdf2d&p2=^9N^xdm006^S05388^cr&si=CP7Xm4r05rYCFcdU4AodsV8[...] [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", ""); [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); [ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [28611 octets] - [23/11/2014 07:12:28] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [28672 octets] ########## The Malwarebytes Anti-Malware's log is here: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 23/11/2014 Scan Time: 07:23:00 a.m. Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.23.04 Rootkit Database: v2014.11.22.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Vic Scan Type: Threat Scan Result: Completed Objects Scanned: 303251 Time Elapsed: 15 min, 44 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 28 PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec], PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy\918684622D21481A998DD17A3D9EF450, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec], PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy\969DD4996B2941B5BE3318187176B799, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec], PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy\D9C61DFFD0EE409BA93C1FFE18586843, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa, Quarantined, [ab85be8181fbfd390e829479e61dfa06], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0, Quarantined, [ab85be8181fbfd390e829479e61dfa06], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js, Quarantined, [ab85be8181fbfd390e829479e61dfa06], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\api, Quarantined, [ab85be8181fbfd390e829479e61dfa06], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\app, Quarantined, [ab85be8181fbfd390e829479e61dfa06], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib, Quarantined, [ab85be8181fbfd390e829479e61dfa06], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\popupResource, Quarantined, [ab85be8181fbfd390e829479e61dfa06], PUP.Optional.PlusHD.A, C:\Program Files\HD-V1.8, Quarantined, [b97797a8b3c969cdef03170853b035cb], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\extensionData, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\extensionData\plugins, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\extensionData\userCode, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js\api, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js\lib, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js\lib\popupResource, Quarantined, [e94743fcf38961d54b1146dc4db61fe1], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [df51b58a2359d85e4f515cc8ed1644bc], PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [df51b58a2359d85e4f515cc8ed1644bc], PUP.Optional.Updater.A, C:\Users\Vic\AppData\Roaming\FoxTab\UpdateProc, Quarantined, [e24e3c03bfbd3df90b4e31f71ee50af6], PUP.Optional.BrowserSystemEnahncer.A, C:\ProgramData\Browser System Enahncer, Quarantined, [40f0bd82fe7e1b1b1c98a48731d2a45c], PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraCouPon, Quarantined, [ab85d669aad2e452b211e34d27dc4cb4], PUP.Optional.MultiPlug.A, C:\ProgramData\DIgICoupon, Quarantined, [cf617bc423591e1874b2a58e1de61be5], PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker, Quarantined, [e947043b98e4fb3bb70d90a4ed169967], Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  6. S34n4e
    I dunno if you want it as a reply or attached... so... I did both ComboFix.txt: ComboFix 14-11-18.01 - Vic 21/11/2014 18:09:36.1.2 - x86 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1976.846 [GMT -6:00] Running from: c:\users\Vic\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\hosts\hoSTs-bho.dll c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\51b48feec5fb25.60954951.js c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\background.html c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\content.js c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\lsdb.js c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\sqlite.js c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\windows\msdownld.tmp c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\roboot.exe . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_globalUpdate -------\Service_ProtectMonitor . . ((((((((((((((((((((((((( Files Created from 2014-10-22 to 2014-11-22 ))))))))))))))))))))))))))))))) . . 2014-11-22 00:18 . 2014-11-22 00:21 -------- d-----w- c:\users\Vic\AppData\Local\temp 2014-11-22 00:18 . 2014-11-22 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-11-21 19:32 . 2014-09-20 02:41 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9442087F-C670-4324-ABA3-C71A87AAE266}\gapaengine.dll 2014-11-21 19:32 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B43E482E-8E7D-41B0-9F68-80244ECC42FE}\mpengine.dll 2014-11-21 19:18 . 2014-11-21 20:14 -------- d-----w- C:\FRST 2014-11-20 03:17 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-11-19 23:47 . 2014-11-19 23:47 -------- d-----w- c:\windows\system32\wbem\MOF\good 2014-11-19 23:47 . 2014-11-19 23:47 -------- d-----w- c:\windows\system32\wbem\MOF\bad 2014-11-19 21:48 . 2014-11-19 21:48 -------- d-----w- c:\windows\system32\wbem\Logs 2014-11-19 21:37 . 2014-11-20 01:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2014-11-19 21:37 . 2014-11-19 21:37 -------- d-----w- c:\programdata\Malwarebytes 2014-11-12 18:32 . 2014-11-12 18:32 -------- d-----w- c:\users\Vic\AppData\Local\Skype 2014-11-12 18:32 . 2014-11-12 18:32 -------- d-----w- c:\program files\Common Files\Skype 2014-11-12 18:32 . 2014-11-12 18:32 -------- d-----r- c:\program files\Skype 2014-11-12 18:17 . 2014-11-20 02:58 -------- d-----w- c:\users\Vic\AppData\Roaming\Skype 2014-11-05 21:37 . 2014-11-05 21:37 -------- d-----w- c:\program files\Lexmark 2014-11-05 21:36 . 2014-11-05 21:36 -------- d-----w- c:\programdata\Xerox 2014-11-05 21:28 . 2002-07-22 15:36 28112 ----a-w- c:\windows\system32\drivers\sqcaptur.sys 2014-11-05 21:28 . 2002-07-22 15:36 25193 ----a-w- c:\windows\system32\drivers\SQCamD.sys 2014-11-04 00:48 . 2014-11-04 00:48 -------- d-----w- c:\programdata\EPSON 2014-11-04 00:46 . 2006-12-08 09:04 76800 ----a-w- c:\windows\system32\E_FLBBZL.DLL 2014-11-04 00:46 . 2006-04-19 09:00 62976 ----a-w- c:\windows\system32\E_FD4BBZL.DLL 2014-11-04 00:45 . 2014-11-04 00:45 -------- d-----w- c:\program files\EPSON 2014-11-03 12:47 . 2009-07-14 01:15 33280 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EP0NPP01.DLL 2014-10-30 22:19 . 2014-10-30 22:19 -------- d-----w- c:\program files\Common Files\Java 2014-10-30 22:18 . 2014-10-30 22:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-10-25 17:59 . 2014-10-25 17:59 -------- d-----w- c:\programdata\AVAST Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-11-13 23:20 . 2013-01-14 21:22 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-11-13 23:20 . 2013-01-14 21:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-10-30 11:24 . 2013-01-14 20:14 229000 ------w- c:\windows\system32\MpSigStub.exe 2014-10-04 13:22 . 2014-10-04 13:22 98304 ----a-r- c:\users\Vic\AppData\Roaming\Microsoft\Installer\{61121B12-88BD-4261-A6EE-AB32610A56DD}\python_icon.exe 2014-09-20 02:41 . 2013-03-25 16:01 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-06-14 20:31 . 2014-06-14 20:31 4296192 ----a-w- c:\program files\Assistant.dll 2014-06-14 20:31 . 2014-06-14 20:31 174928 ----a-w- c:\program files\AssistantSvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2014-07-07 14:34 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4}] 2014-08-04 18:01 449024 ----a-w- c:\programdata\ExsttraCoupon\UImA.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{331EAEFD-F548-7117-0994-F67A475E5D0F}] 2014-07-04 20:50 459776 ----a-w- c:\programdata\DIgICoupon\0K6jv8.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{332F6E83-CD5F-5348-CD19-C728E3A9D548}] 2014-09-07 21:01 616960 ----a-w- c:\programdata\ExstraCouPon\e9SK.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3AC379FB-E133-A5D0-0166-CA5941E4D295}] 2014-07-27 15:24 449024 ----a-w- c:\programdata\CooupaEixtension\FY2EeRU0D.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34}] 2013-06-09 14:23 118272 ----a-w- c:\programdata\cOOntiinuetoosave\51b48feec620c.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5}] 2014-06-01 03:27 371200 ----a-w- c:\programdata\DaigiSavEr\xf_Cr.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{AFD37466-9164-8B5D-FA66-26709EE1CBBF}] 2014-04-03 22:36 425472 ----a-w- c:\programdata\ReGulearDeaLs\SSz.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0}] 2014-07-04 20:30 459776 ----a-w- c:\programdata\Funo2Save\GJf.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176] "Connectify Hotspot"="c:\program files\Connectify\Connectify.exe" [2014-03-24 4170528] "Connectify Dispatch"="c:\program files\Connectify\DispatchUI.exe" [2014-03-24 2217760] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744] "XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 53760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R1 MpKsldcf9dba8;MpKsldcf9dba8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{954644EF-27AD-4684-9D2B-80631B3C5460}\MpKsldcf9dba8.sys [x] R2 671c50b0;Browser System Enahncer;c:\windows\system32\rundll32.exe [2009-07-14 44544] R2 916e5338;Install Supporter;c:\windows\system32\rundll32.exe [2009-07-14 44544] R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-07-07 2175264] R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [2012-04-09 655712] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136] R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-07-07 68608] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-07 95616] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-11-24 27520] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-03-07 195072] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 sonydcam;Generic 1394 Desktop Camera;c:\windows\system32\DRIVERS\sonydcam.sys [2009-07-13 26752] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-14 1343400] S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys [2014-07-07 29672] S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [2014-03-24 487936] S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2011-05-17 254464] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 26168] S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-11-24 76544] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 23:20] . 2014-10-07 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job - c:\program files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-07 13:56] . . ------- Supplementary Scan ------- . uStart Page = https://www.goog%20la%20finca%20de%20mis%20abuelos/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2ADD26DB-EA13-43C8-B13E-92639E4031A5}: NameServer = 200.91.75.5 200.91.75.6 TCP: Interfaces\{76BC8F27-E806-4D79-AE08-C443582778BA}: NameServer = 200.91.75.5 200.91.75.6 TCP: Interfaces\{D8B26E8B-3BBB-4CF8-A45E-5A762FDAD1D6}: NameServer = 200.91.75.5 200.91.75.6 FF - ProfilePath - c:\users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\ FF - prefs.js: browser.search.defaulturl - hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q= FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.cr/ FF - prefs.js: keyword.URL - FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 6c1e7cec000000000000001e65d66545 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15883 FF - user.js: extensions.delta.vrsn - 1.8.21.5 FF - user.js: extensions.delta.vrsni - 1.8.21.5 FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:56 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=121562&tt=250613_gr3&tsp=4926 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false FF - user.js: extensions.irspeeddial.aflt - fxtb103 FF - user.js: extensions.irspeeddial.instlRef - FF - user.js: extensions.irspeeddial.cr - 1949478564 FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutCzz0AzytDyDzz0B0BtA0DyEyB0C0E0CtN0D0Tzu0SzytCyBtN1L2XzutBtFtBtCtFtCtBtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtD0DtDyD0DzzzztG0BzytAtDtG0BzzyByEtG0D0C0CtBtGyD0BtB0B0CtD0F0E0ByC0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtA0FzzyC0FyDtGtAyDtCtCtG0EzytC0DtGtCyC0AzztGyC0A0AyDyByEtC0B0DtA0F0B2Q . - - - - ORPHANS REMOVED - - - - . BHO-{97264c98-7e3b-4ad6-baff-f382350ad08b} - c:\programdata\GoSaVeo\2TWjeMmehObJ2r.dll AddRemove-LSI Soft Modem - c:\windows\agrsmdel AddRemove-{64A4ABCA-CF3D-C548-2DC4-72A55DC5882A} - c:\programdata\GoSaVeo\2TWjeMmehObJ2r.exe AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\cOOntiinuetoosave\uninstall.exe AddRemove-pyenchant-py3.4 - c:\python34\Removepyenchant.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\AEADISRV.EXE c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Droid Explorer\SDK\tools\adb.exe c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Connectify\ConnectifyD.exe c:\windows\system32\conhost.exe c:\windows\system32\conhost.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\system32\DllHost.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\DllHost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Completion time: 2014-11-21 18:26:10 - machine was rebooted ComboFix-quarantined-files.txt 2014-11-22 00:26 . Pre-Run: 86.068.625.408 bytes free Post-Run: 85.529.915.392 bytes free . - - End Of File - - AEB0F368F1A38AA2BB59B90957AD4ECD A36C5E4F47E84449FF07ED3517B43A31 ComboFix.txt
  7. S34n4e
    The Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-11-2014 Ran by Vic at 2014-11-21 14:12:56 Run:1 Running from C:\Users\Vic\Desktop Loaded Profile: Vic (Available profiles: Vic) Boot Mode: Normal ============================================== Content of fixlist: ***************** AppInit_DLLs: c:\progra~2\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4463616 2014-02-09] () AppInit_DLLs: c:\progra~1\assist~1.dll => c:\Program Files\Assistant.dll [4296192 2014-06-14] () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\jmemjkhklaiadlnlhnkkaljenchcgoli 2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\GoSaVeo Task: {19534C8B-7416-488A-98E7-7B28B7F817BC} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-11.exe [2014-07-07] () <==== ATTENTION Task: {1A17E6C3-CAB8-44D6-A620-8C0FD6172B93} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe [2014-07-07] () <==== ATTENTION Task: {2BB4E467-AE25-435B-AED2-31487EAECF27} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-07] () <==== ATTENTION Task: {48668375-5247-42C8-96FD-80C9BD35E3FC} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-07] () <==== ATTENTION Task: {50DAC9FF-A152-4DAA-B2D1-2D4C82DC3C36} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-3.exe [2014-07-07] () <==== ATTENTION Task: {5FCABEFD-925E-40ED-9A4D-2AE493B6C9D4} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe [2014-07-07] () <==== ATTENTION Task: {68356DC1-7704-4D75-A473-6FAD111C9039} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1 => C:\Program Files\HD-V1.8\HD-V1.8-codedownloader.exe <==== ATTENTION Task: {A166BB6A-E49D-4809-8FDF-827BA73733B4} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-4.exe [2014-07-07] () <==== ATTENTION Task: {A71F51E3-D613-4488-8925-C1F9D55DCEFD} - System32\Tasks\FoxTab => C:\Users\Vic\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION Task: {B8672E92-C41A-4421-B725-98E9976D6FD6} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-10.exe [2014-07-07] () <==== ATTENTION Task: {B9DEEF22-EA2A-49EC-BF2F-053A6D8C5F0A} - System32\Tasks\AmiUpdXp => C:\Users\Vic\AppData\Local\1638\a28231.exe [2014-07-07] () <==== ATTENTION Task: {CC4632C6-139A-4ED4-ACB4-BB9E95A73FD3} - System32\Tasks\Upd Inst-S-1291239527 => c:\programdata\mountainapp\upd inst\Upd Inst.exe [2013-06-14] () <==== ATTENTION Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Vic\AppData\Local\1638\a28231.exe <==== ATTENTION Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1.job => C:\Program Files\HD-V1.8\HD-V1.8-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-10.exe <==== ATTENTION Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-11.exe <==== ATTENTION Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-3.exe <==== ATTENTION Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-4.exe <==== ATTENTION Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe <==== ATTENTION Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe <==== ATTENTION Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Vic\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\Upd Inst-S-1291239527.job => c:\programdata\mountainapp\upd inst\Upd Inst.exe <==== ATTENTION EmptyTemp: ***************** "c:\progra~2\browse~1\browse~1.dll" => Value Data removed successfully. " c:\progra~1\assist~1.dll" => Value Data removed successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. C:\ProgramData\jmemjkhklaiadlnlhnkkaljenchcgoli => Moved successfully. C:\ProgramData\GoSaVeo => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19534C8B-7416-488A-98E7-7B28B7F817BC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19534C8B-7416-488A-98E7-7B28B7F817BC}" => Key deleted successfully. C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-11" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A17E6C3-CAB8-44D6-A620-8C0FD6172B93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A17E6C3-CAB8-44D6-A620-8C0FD6172B93}" => Key deleted successfully. C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB4E467-AE25-435B-AED2-31487EAECF27}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB4E467-AE25-435B-AED2-31487EAECF27}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48668375-5247-42C8-96FD-80C9BD35E3FC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48668375-5247-42C8-96FD-80C9BD35E3FC}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50DAC9FF-A152-4DAA-B2D1-2D4C82DC3C36}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50DAC9FF-A152-4DAA-B2D1-2D4C82DC3C36}" => Key deleted successfully. C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-3" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FCABEFD-925E-40ED-9A4D-2AE493B6C9D4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FCABEFD-925E-40ED-9A4D-2AE493B6C9D4}" => Key deleted successfully. C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-5" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68356DC1-7704-4D75-A473-6FAD111C9039}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68356DC1-7704-4D75-A473-6FAD111C9039}" => Key deleted successfully. C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A166BB6A-E49D-4809-8FDF-827BA73733B4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A166BB6A-E49D-4809-8FDF-827BA73733B4}" => Key deleted successfully. C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-4" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A71F51E3-D613-4488-8925-C1F9D55DCEFD}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71F51E3-D613-4488-8925-C1F9D55DCEFD}" => Key deleted successfully. C:\Windows\System32\Tasks\FoxTab => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8672E92-C41A-4421-B725-98E9976D6FD6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8672E92-C41A-4421-B725-98E9976D6FD6}" => Key deleted successfully. C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-10" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9DEEF22-EA2A-49EC-BF2F-053A6D8C5F0A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9DEEF22-EA2A-49EC-BF2F-053A6D8C5F0A}" => Key deleted successfully. C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC4632C6-139A-4ED4-ACB4-BB9E95A73FD3}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC4632C6-139A-4ED4-ACB4-BB9E95A73FD3}" => Key deleted successfully. C:\Windows\System32\Tasks\Upd Inst-S-1291239527 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Upd Inst-S-1291239527" => Key deleted successfully. C:\Windows\Tasks\AmiUpdXp.job => Moved successfully. C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1.job => Moved successfully. C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10.job => Moved successfully. C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11.job => Moved successfully. C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3.job => Moved successfully. C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4.job => Moved successfully. C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5.job => Moved successfully. C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user.job => Moved successfully. C:\Windows\Tasks\FoxTab.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\Upd Inst-S-1291239527.job => Moved successfully. EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====
  8. S34n4e
    Ok ^-^ Addition.txt is Attached FRST.txt is this: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014 Ran by Vic (administrator) on VIC-PC on 21-11-2014 13:19:38 Running from C:\Users\Vic\Downloads Loaded Profile: Vic (Available profiles: Vic) Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Connectify) C:\Program Files\Connectify\Connectify.exe (Connectify) C:\Program Files\Connectify\DispatchUI.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe (Ryan Conrad) C:\Program Files\Droid Explorer\DroidExplorer.Service.exe () C:\Program Files\Droid Explorer\SDK\tools\adb.exe (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE () C:\ProgramData\DatacardService\HWDeviceService.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Connectify) C:\Program Files\Connectify\ConnectifyService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Windows\Temp\dgen.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Connectify) C:\Program Files\Connectify\Connectifyd.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4170528 2014-03-24] (Connectify) HKLM\...\Run: [Connectify Dispatch] => C:\Program Files\Connectify\DispatchUI.exe [2217760 2014-03-24] (Connectify) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1 HKU\S-1-5-21-212562329-142324042-622042923-1001\...\Run: [EPSON Stylus C92 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZL.EXE [139264 2006-09-27] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {2b489963-6339-11e2-a46e-00247eed01ae} - E:\AutoRun.exe HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {2b489972-6339-11e2-a46e-00247eed01ae} - E:\AutoRun.exe HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {5bf84c61-6706-11e2-a41e-00247eed01ae} - E:\AutoRun.exe HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {5bf84c73-6706-11e2-a41e-18a9058bb3d4} - E:\AutoRun.exe HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {5bf84cb3-6706-11e2-a41e-18a9058bb3d4} - E:\AutoRun.exe HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {b55e0061-c096-11e2-9e16-00247eed01ae} - E:\AutoRun.exe AppInit_DLLs: c:\progra~2\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4463616 2014-02-09] () AppInit_DLLs: c:\progra~1\assist~1.dll => c:\Program Files\Assistant.dll [4296192 2014-06-14] () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.goog%20la%20finca%20de%20mis%20abuelos/ HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kolbi.msn.com/?rd=1&ucc=CR&dcc=CR&opt=0&ocid=iehp&tc=5 HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x991E60A617FBCD01 HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20 SearchScopes: HKU\S-1-5-21-212562329-142324042-622042923-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-212562329-142324042-622042923-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-212562329-142324042-622042923-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20 BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit) BHO: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files\hosts\hosts-bho.dll () BHO: ExsttraCoupon -> {2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4} -> C:\ProgramData\ExsttraCoupon\UImA.dll () BHO: DIgICoupon -> {331EAEFD-F548-7117-0994-F67A475E5D0F} -> C:\ProgramData\DIgICoupon\0K6jv8.dll () BHO: ExstraCouPon -> {332F6E83-CD5F-5348-CD19-C728E3A9D548} -> C:\ProgramData\ExstraCouPon\e9SK.dll () BHO: CooupaEixtension -> {3AC379FB-E133-A5D0-0166-CA5941E4D295} -> C:\ProgramData\CooupaEixtension\FY2EeRU0D.dll () BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: cOOntiinuetoosave -> {781DB29A-907A-BA6A-7F32-0AFCF84C1F34} -> C:\ProgramData\cOOntiinuetoosave\51b48feec620c.dll () BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: DaigiSavEr -> {95BD91D0-75E2-6B28-27F4-DB7FD9205AF5} -> C:\ProgramData\DaigiSavEr\xf_Cr.dll () BHO: GoSaVeo -> {97264c98-7e3b-4ad6-baff-f382350ad08b} -> C:\ProgramData\GoSaVeo\2TWjeMmehObJ2r.dll () BHO: ReGulearDeaLs -> {AFD37466-9164-8B5D-FA66-26709EE1CBBF} -> C:\ProgramData\ReGulearDeaLs\SSz.dll () BHO: Funo2Save -> {BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0} -> C:\ProgramData\Funo2Save\GJf.dll () BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2ADD26DB-EA13-43C8-B13E-92639E4031A5}: [NameServer] 200.91.75.5 200.91.75.6 Tcpip\..\Interfaces\{76BC8F27-E806-4D79-AE08-C443582778BA}: [NameServer] 200.91.75.5 200.91.75.6 Tcpip\..\Interfaces\{D8B26E8B-3BBB-4CF8-A45E-5A762FDAD1D6}: [NameServer] 200.91.75.5 200.91.75.6 FireFox: ======== FF ProfilePath: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default FF DefaultSearchEngine: FF DefaultSearchEngine,S: FF DefaultSearchUrl: hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q= FF SearchEngineOrder.1: FF SearchEngineOrder.1,S: FF SelectedSearchEngine: FF SelectedSearchEngine,S: FF Homepage: https://www.google.co.cr/ FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll () FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\user.js FF Extension: DigiSaver - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\3WvnC@d.net [2014-11-19] FF Extension: SaverExtension - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\Pl@wwrPfj.edu [2014-11-19] FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [Not Found] FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\translator@zoli.bod.xpi [Not Found] FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\netvideohunter@netvideohunter.com [Not Found] FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [Not Found] FF Extension: No Name - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} [Not Found] FF Extension: No Name - translator@zoli.bod [Not Found] FF Extension: No Name - netvideohunter@netvideohunter.com [Not Found] FF Extension: No Name - {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [Not Found] Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ailcjmkbchjpglniippdjaaamimdniko [2014-07-27] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhddglpocgogkbpkbkoieiplhgbjmiim [2014-09-02] CHR Extension: (HD-V1.8) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi [2014-07-07] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmaefpkmcgmfndnfmdhillmdpilcbana [2014-04-03] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamlmgkgpkoacendnhjdlccbijpkflbf [2014-07-05] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo [2014-10-13] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo [2013-06-09] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk [2014-09-12] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcioajokdgfncdnnhajlofmphdobjhla [2014-07-04] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2014-06-14] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa [2013-07-11] CHR Extension: (Remote Torrent Adder) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabphaconndgibllomdcjbfdghcmenci [2014-11-19] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonogefhmapoekojlmgdocegllngpehg [2014-05-21] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgemiaeoikobfdndbhbenpapipajcbh [2014-05-31] CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljlekgobmkopcjnljkinpmppkekangd [2014-06-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 671c50b0; c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll [174928 2014-02-09] () [File not signed] S2 916e5338; c:\Program Files\AssistantSvc.dll [174928 2014-06-14] () [File not signed] R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation) R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2014-03-24] (Connectify) [File not signed] R2 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [254464 2011-05-17] (Ryan Conrad) [File not signed] R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION) S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-07] () [File not signed] S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-07] () [File not signed] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] () S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-07] (IObit) S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2012-04-09] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation) S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [65846 2014-06-27] () [File not signed] <==== ATTENTION ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2014-07-07] (Connectify) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-03-06] (Huawei Technologies Co., Ltd.) S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2011-11-24] (Huawei Technologies Co., Ltd.) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [195072 2012-03-06] (Huawei Technologies Co., Ltd.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 sonydcam; C:\Windows\System32\DRIVERS\sonydcam.sys [26752 2009-07-13] (Microsoft Corporation) S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S1 MpKsldcf9dba8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{954644EF-27AD-4684-9D2B-80631B3C5460}\MpKsldcf9dba8.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-21 13:19 - 2014-11-21 13:20 - 00017811 _____ () C:\Users\Vic\Downloads\FRST.txt 2014-11-21 13:18 - 2014-11-21 13:19 - 00000000 ____D () C:\FRST 2014-11-21 13:17 - 2014-11-21 13:17 - 01108992 _____ (Farbar) C:\Users\Vic\Desktop\FRST.exe 2014-11-19 21:01 - 2014-11-19 21:01 - 00000000 __RSH () C:\MSDOS.SYS 2014-11-19 21:01 - 2014-11-19 21:01 - 00000000 __RSH () C:\IO.SYS 2014-11-19 15:37 - 2014-11-19 19:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-11-19 15:37 - 2014-11-19 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-17 16:48 - 2014-11-17 17:24 - 02933655 _____ () C:\Users\Vic\Downloads\Filosofia unir.pptx 2014-11-16 12:36 - 2014-11-16 12:39 - 00000000 ____D () C:\Users\Vic\Desktop\NUEVAMEMORIA8 2014-11-16 12:24 - 2014-11-16 12:25 - 00000000 ____D () C:\Users\Vic\Downloads\The World Ends With You v1.0.1 apkmania.com 2014-11-15 08:29 - 2014-11-15 08:29 - 47833472 _____ () C:\Users\Vic\Downloads\Wii FFCC My Life as a Darklord.wad 2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ___RD () C:\Program Files\Skype 2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ____D () C:\Users\Vic\AppData\Local\Skype 2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-11-12 12:17 - 2014-11-19 20:58 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\Skype 2014-11-12 12:17 - 2014-11-12 12:32 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-10 20:47 - 2014-11-10 20:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-11-09 16:07 - 2014-11-09 06:05 - 16545711 _____ () C:\Users\Vic\Desktop\video_nov_09_2014_0.mp4 2014-11-06 18:25 - 2014-11-03 15:49 - 00257371 _____ () C:\Users\Vic\Desktop\recording1757039512.3gp 2014-11-06 18:25 - 2014-11-03 15:40 - 00350061 _____ () C:\Users\Vic\Desktop\recording1984617104.3gp 2014-11-06 18:25 - 2014-11-03 15:31 - 00055195 _____ () C:\Users\Vic\Desktop\recording-1669787602.3gp 2014-11-06 18:25 - 2014-11-03 15:28 - 00468699 _____ () C:\Users\Vic\Desktop\recording-1399137794.3gp 2014-11-05 15:37 - 2014-11-05 15:37 - 00000000 ____D () C:\Program Files\Lexmark 2014-11-05 15:36 - 2014-11-05 15:36 - 00000000 ____D () C:\ProgramData\Xerox 2014-11-05 15:28 - 2002-07-22 09:36 - 00028112 _____ (Service & Quality Technology.) C:\Windows\system32\Drivers\sqcaptur.sys 2014-11-05 15:28 - 2002-07-22 09:36 - 00025193 _____ (Service & Quality Technology.) C:\Windows\system32\Drivers\SQCamD.sys 2014-11-04 16:47 - 2014-11-04 17:33 - 00009369 _____ () C:\Users\Vic\Documents\RPGSTATS.xlsx 2014-11-03 18:48 - 2014-11-03 18:48 - 00000000 ____D () C:\ProgramData\EPSON 2014-11-03 18:46 - 2014-11-03 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2014-11-03 18:46 - 2006-12-08 03:04 - 00076800 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBBZL.DLL 2014-11-03 18:46 - 2006-07-12 02:00 - 00005385 _____ () C:\Windows\EPBUYINK.HTM 2014-11-03 18:46 - 2006-04-19 03:00 - 00062976 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BBZL.DLL 2014-11-03 18:45 - 2014-11-03 18:45 - 00000000 ____D () C:\Program Files\EPSON 2014-11-02 19:25 - 2014-11-04 20:42 - 00732770 _____ () C:\Users\Vic\Downloads\Apps for your Healthcare.pptx 2014-10-30 17:46 - 2014-10-30 17:46 - 00000000 ____D () C:\Users\Vic\Desktop\USO DEL SUELO 2014-10-30 16:19 - 2014-10-30 16:19 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-10-30 16:19 - 2014-10-30 16:18 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-30 16:18 - 2014-10-30 16:18 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-10-30 16:18 - 2014-10-30 16:18 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-10-30 16:18 - 2014-10-30 16:18 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2014-10-30 16:18 - 2014-10-30 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\jmemjkhklaiadlnlhnkkaljenchcgoli 2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\GoSaVeo 2014-10-25 16:28 - 2014-10-25 16:31 - 104291207 _____ () C:\Users\Vic\Downloads\Rooster Teeth · RWBY Volume 2, Chapter 11.mp4 2014-10-25 11:59 - 2014-10-25 11:59 - 00000000 ____D () C:\ProgramData\AVAST Software ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-07-04 19:15 - 2013-01-24 09:00 - 134217728 _____ () C:\Users\Vic\Documents\pokemn dungeon.nds 2014-11-21 13:20 - 2010-11-20 15:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-21 13:18 - 2013-01-14 13:48 - 01316216 _____ () C:\Windows\WindowsUpdate.log 2014-11-21 13:15 - 2014-07-07 07:49 - 00000000 ____D () C:\Program Files\PCDApp 2014-11-21 13:14 - 2014-07-07 07:51 - 00001360 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user.job 2014-11-21 13:14 - 2014-07-07 07:51 - 00001340 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5.job 2014-11-21 13:14 - 2014-07-07 07:51 - 00001184 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10.job 2014-11-21 13:14 - 2014-07-07 07:50 - 00003430 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11.job 2014-11-21 13:14 - 2014-07-07 07:50 - 00002748 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3.job 2014-11-21 13:14 - 2014-07-07 07:50 - 00002106 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4.job 2014-11-21 13:14 - 2014-07-07 07:50 - 00001434 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1.job 2014-11-21 13:14 - 2014-07-07 07:50 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job 2014-11-21 13:14 - 2014-07-07 07:45 - 00000334 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-11-21 13:14 - 2014-06-14 14:31 - 00000436 ____H () C:\Windows\Tasks\Upd Inst-S-1291239527.job 2014-11-21 13:13 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-21 13:13 - 2009-07-13 22:39 - 00109319 _____ () C:\Windows\setupact.log 2014-11-20 21:31 - 2014-07-05 16:31 - 00000280 _____ () C:\Windows\Tasks\FoxTab.job 2014-11-20 21:12 - 2013-01-14 15:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-20 19:55 - 2014-07-07 07:50 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job 2014-11-20 18:31 - 2014-08-17 14:18 - 00017920 ___SH () C:\Users\Vic\Downloads\Thumbs.db 2014-11-20 18:16 - 2009-07-13 22:34 - 00022208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-20 18:16 - 2009-07-13 22:34 - 00022208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-20 14:05 - 2013-06-23 06:42 - 00000000 ____D () C:\Users\Vic\AppData\Local\Paint.NET 2014-11-19 21:01 - 2013-01-14 13:48 - 00000000 ____D () C:\Users\Vic 2014-11-19 20:59 - 2014-07-07 07:50 - 00000000 ____D () C:\Program Files\HD-V1.8 2014-11-19 20:59 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-11-19 20:58 - 2014-09-02 09:54 - 00000000 ____D () C:\ProgramData\ExstraCouPon 2014-11-19 20:58 - 2014-08-04 12:01 - 00000000 ____D () C:\ProgramData\ExsttraCoupon 2014-11-19 20:58 - 2014-07-27 09:24 - 00000000 ____D () C:\ProgramData\CooupaEixtension 2014-11-19 20:58 - 2014-07-07 08:35 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\ProductData 2014-11-19 20:58 - 2014-07-07 07:50 - 00000000 ____D () C:\Program Files\globalUpdate 2014-11-19 20:58 - 2014-07-07 07:45 - 00000000 ____D () C:\Users\Vic\AppData\Local\1638 2014-11-19 20:58 - 2014-07-05 16:31 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\FoxTab 2014-11-19 20:58 - 2014-07-04 14:50 - 00000000 ____D () C:\ProgramData\DIgICoupon 2014-11-19 20:58 - 2014-07-04 14:30 - 00000000 ____D () C:\ProgramData\Funo2Save 2014-11-19 20:58 - 2014-05-31 21:27 - 00000000 ____D () C:\ProgramData\DaigiSavEr 2014-11-19 20:58 - 2014-04-03 16:36 - 00000000 ____D () C:\ProgramData\ReGulearDeaLs 2014-11-19 20:58 - 2014-02-09 16:50 - 00000000 ____D () C:\ProgramData\Browser System Enahncer 2014-11-19 20:58 - 2013-07-11 22:12 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-19 20:58 - 2013-06-26 18:49 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\OpenCandy 2014-11-19 20:58 - 2013-06-09 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiinuetoosave 2014-11-19 20:58 - 2013-06-09 08:22 - 00000000 ____D () C:\ProgramData\cOOntiinuetoosave 2014-11-19 20:58 - 2013-06-08 19:51 - 00000000 ____D () C:\Windows\system32\Adobe 2014-11-19 20:58 - 2013-01-14 15:21 - 00000000 ____D () C:\Windows\system32\Macromed 2014-11-19 20:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-19 20:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-11-19 20:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\ias 2014-11-19 20:57 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\spool 2014-11-19 20:57 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\registration 2014-11-15 08:31 - 2014-07-05 17:31 - 00000111 _____ () C:\Users\Vic\AppData\Roaming\WB.CFG 2014-11-13 17:20 - 2013-07-16 17:26 - 00000000 ____D () C:\Users\Vic\AppData\Local\Adobe 2014-11-13 17:20 - 2013-01-14 15:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-11-13 17:20 - 2013-01-14 15:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-11-12 12:32 - 2014-01-01 21:08 - 00000000 ____D () C:\ProgramData\Skype 2014-11-11 13:18 - 2013-03-02 21:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-11-10 07:08 - 2014-07-07 08:34 - 00000000 ____D () C:\ProgramData\ProductData 2014-11-05 15:56 - 2014-06-14 14:14 - 00000000 ____D () C:\Users\Vic\AppData\Local\Windows Live 2014-11-05 15:38 - 2013-01-14 14:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information 2014-11-05 15:38 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\twain_32 2014-11-04 20:34 - 2014-08-07 20:42 - 00110592 ___SH () C:\Users\Vic\Documents\Thumbs.db 2014-10-30 18:13 - 2014-10-04 07:22 - 00000000 ___HD () C:\Python27 2014-10-30 16:26 - 2014-09-12 19:47 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-30 16:18 - 2013-06-08 08:19 - 00000000 ____D () C:\Program Files\Java 2014-10-30 05:24 - 2013-01-14 14:14 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-26 19:33 - 2014-10-04 07:25 - 00000000 ____D () C:\Users\Vic\Downloads\DRE 2014-10-26 07:51 - 2014-04-03 16:36 - 00000000 ____D () C:\ProgramData\c12e3f83e4cc17db Some content of TEMP: ==================== C:\Users\Vic\AppData\Local\Temp\app_d.exe C:\Users\Vic\AppData\Local\Temp\app_e.exe C:\Users\Vic\AppData\Local\Temp\crpt.exe C:\Users\Vic\AppData\Local\Temp\DataCard_Setup.exe C:\Users\Vic\AppData\Local\Temp\dgen.exe C:\Users\Vic\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE C:\Users\Vic\AppData\Local\Temp\FreemakeVideoConverter_4.0.2.3.exe C:\Users\Vic\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Vic\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Vic\AppData\Local\Temp\libcurl.dll C:\Users\Vic\AppData\Local\Temp\ose00000.exe C:\Users\Vic\AppData\Local\Temp\pthreadGC2.dll C:\Users\Vic\AppData\Local\Temp\ResetDevice.exe C:\Users\Vic\AppData\Local\Temp\Shockwave_Installer_FF.exe C:\Users\Vic\AppData\Local\Temp\starter.exe C:\Users\Vic\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-05 18:50 ==================== End Of Log ============================ Addition.txt
  9. S34n4e
    Um... Hello. I'm having a problem with several boxes with the title of... For example: "Insertsomethinghere.exe- Bad Image c:/progra~2/browse~1/browse~1.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. This happens when I turn up the PC and when I try to open almost all applications. The problem started after I use Malwarebytes to delete some disturbing malwares. Everything appears to work fine but those boxes are so annoying. Salutations.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.