S34n4e
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by S34n4e
-
-
We did it ^-^ !
You're so smart to solve those problems.
I think everything is solved.
Thanks for all your help.
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2014
Ran by Vic at 2014-11-24 13:22:53 Run:2
Running from C:\Users\Vic\Desktop
Loaded Profile: Vic (Available profiles: Vic)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk [2014-09-12]
*****************
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk => Moved successfully.
==== End of Fixlog ==== -
Ok... Um...
I have no problem with "bad image" anymore and the pc is running very well. Everything is working fine. Thanks for everything ^-^.
adwCleaner log:
# AdwCleaner v4.101 - Report created 23/11/2014 at 11:25:18
# Updated 09/11/2014 by Xplode
# Database : 2014-11-23.6 [Live]
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Vic - VIC-PC
# Running from : C:\Users\Vic\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : 671c50b0
[#] Service Deleted : 916e5338
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\MountainApp
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\50CouuPons
Folder Deleted : C:\ProgramData\CheApMe
Folder Deleted : C:\ProgramData\cOOntiinuetoosave
Folder Deleted : C:\ProgramData\CooupaEixtension
Folder Deleted : C:\ProgramData\DaigiSavEr
Folder Deleted : C:\ProgramData\ExsttraCoupon
Folder Deleted : C:\ProgramData\Funo2Save
Folder Deleted : C:\ProgramData\ReGulearDeaLs
Folder Deleted : C:\ProgramData\c12e3f83e4cc17db
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiinuetoosave
Folder Deleted : C:\Program Files\FoxTab
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\PCDApp
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Users\Vic\AppData\Local\Assistant
Folder Deleted : C:\Users\Vic\AppData\Local\Babylon
Folder Deleted : C:\Users\Vic\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Vic\AppData\LocalLow\cOOntiinuetoosave
Folder Deleted : C:\Users\Vic\AppData\Roaming\DownLite
Folder Deleted : C:\Users\Vic\AppData\Roaming\FoxTab
Folder Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\3WvnC@d.net
Folder Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\Pl@wwrPfj.edu
File Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\invalidprefs.js
File Deleted : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\user.js
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe
Key Deleted : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe.5.1
Key Deleted : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa
Key Deleted : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa.1.8
Key Deleted : HKLM\SOFTWARE\5d55df8cb36fb912
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Upd Inst
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\assist~1.dll
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v33.1 (x86 es-ES)
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false);
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false);
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "6c1e7cec000000000000001e65d66545");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15883");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.518:56:31");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babExt", "");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=250613_gr3&tsp=4926");
[ajjnurov.default\prefs.js] - Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [28753 octets] - [23/11/2014 07:12:28]
AdwCleaner[R1].txt - [10171 octets] - [23/11/2014 11:20:03]
AdwCleaner[s0].txt - [10485 octets] - [23/11/2014 11:25:18]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10546 octets] ##########
ESET log:
C:\AdwCleaner\Quarantine\C\Program Files\PCDApp\dmon.exe.vir Win32/CoinMiner.SI trojan
C:\AdwCleaner\Quarantine\C\Program Files\PCDApp\StartHelp.exe.vir NSIS/CoinMiner.B trojan
C:\FRST\Quarantine\C\ProgramData\GoSaVeo\2TWjeMmehObJ2r.dll a variant of Win32/AdWare.MultiPlug.BN application
C:\FRST\Quarantine\C\ProgramData\GoSaVeo\2TWjeMmehObJ2r.exe a variant of Win32/AdWare.MultiPlug.BN application
C:\ProgramData\InstallMate\{51913798-5014-4BF7-A91C-18368A72156E}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\51b48feec5fb25.60954951.js.vir Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Windows\System32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application
C:\Users\All Users\InstallMate\{51913798-5014-4BF7-A91C-18368A72156E}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk\184\content.js JS/Chromex.Agent.L trojan
-
The ADWCleaner's log is here:
# AdwCleaner v4.101 - Report created 23/11/2014 at 07:12:28
# Updated 09/11/2014 by Xplode
# Database : 2014-11-22.1 [Live]
# Operating System : Windows 7 Enterprise Service Pack 1 (32 bits)
# Username : Vic - VIC-PC
# Running from : C:\Users\Vic\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : 671c50b0
Service Found : 916e5338
Service Found : globalUpdatem
***** [ Files / Folders ] *****
File Found : C:\Program Files\Assistant.dll
File Found : C:\Program Files\AssistantSvc.dll
File Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\invalidprefs.js
File Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\user.js
Folder Found : C:\Program Files\FoxTab
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\HD-V1.8
Folder Found : C:\Program Files\PCDApp
Folder Found : C:\Program Files\WebSearch
Folder Found : C:\ProgramData\50CouuPons
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser System Enahncer
Folder Found : C:\ProgramData\browser system enahncer
Folder Found : C:\ProgramData\c12e3f83e4cc17db
Folder Found : C:\ProgramData\CheApMe
Folder Found : C:\ProgramData\cOOntiinuetoosave
Folder Found : C:\ProgramData\CooupaEixtension
Folder Found : C:\ProgramData\DaigiSavEr
Folder Found : C:\ProgramData\DIgICoupon
Folder Found : C:\ProgramData\ExstraCouPon
Folder Found : C:\ProgramData\ExsttraCoupon
Folder Found : C:\ProgramData\Funo2Save
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiinuetoosave
Folder Found : C:\ProgramData\MountainApp
Folder Found : C:\ProgramData\ReGulearDeaLs
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\Users\Vic\AppData\Local\Assistant
Folder Found : C:\Users\Vic\AppData\Local\Babylon
Folder Found : C:\Users\Vic\AppData\Local\globalUpdate
Folder Found : C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Folder Found : C:\Users\Vic\AppData\LocalLow\cOOntiinuetoosave
Folder Found : C:\Users\Vic\AppData\Roaming\DownLite
Folder Found : C:\Users\Vic\AppData\Roaming\FoxTab
Folder Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\3WvnC@d.net
Folder Found : C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\Pl@wwrPfj.edu
Folder Found : C:\Users\Vic\AppData\Roaming\OpenCandy
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\HD-V1.8
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{331EAEFD-F548-7117-0994-F67A475E5D0F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{332F6E83-CD5F-5348-CD19-C728E3A9D548}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AC379FB-E133-A5D0-0166-CA5941E4D295}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AFD37466-9164-8B5D-FA66-26709EE1CBBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{331EAEFD-F548-7117-0994-F67A475E5D0F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{332F6E83-CD5F-5348-CD19-C728E3A9D548}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AC379FB-E133-A5D0-0166-CA5941E4D295}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AFD37466-9164-8B5D-FA66-26709EE1CBBF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\5d55df8cb36fb912
Key Found : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa
Key Found : HKLM\SOFTWARE\Classes\50Couponsa.50Couponsa.1.8
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe
Key Found : HKLM\SOFTWARE\Classes\CheaapMMe.CheaapMMe.5.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{331EAEFD-F548-7117-0994-F67A475E5D0F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{332F6E83-CD5F-5348-CD19-C728E3A9D548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AC379FB-E133-A5D0-0166-CA5941E4D295}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AFD37466-9164-8B5D-FA66-26709EE1CBBF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CoupExtteinsion.CoupExtteinsion
Key Found : HKLM\SOFTWARE\Classes\CoupExtteinsion.CoupExtteinsion.1.3
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\DaigiSAveeru.DaigiSAveeru
Key Found : HKLM\SOFTWARE\Classes\DaigiSAveeru.DaigiSAveeru.6.7
Key Found : HKLM\SOFTWARE\Classes\DDiGGiCOupon.DDiGGiCOupon
Key Found : HKLM\SOFTWARE\Classes\DDiGGiCOupon.DDiGGiCOupon.5.3
Key Found : HKLM\SOFTWARE\Classes\ExsTraaCouponi.ExsTraaCouponi
Key Found : HKLM\SOFTWARE\Classes\ExsTraaCouponi.ExsTraaCouponi.4.3
Key Found : HKLM\SOFTWARE\Classes\ExsTrrACCoupoon.ExsTrrACCoupoon
Key Found : HKLM\SOFTWARE\Classes\ExsTrrACCoupoon.ExsTrrACCoupoon.4.3
Key Found : HKLM\SOFTWARE\Classes\Fun2Savee.Fun2Savee
Key Found : HKLM\SOFTWARE\Classes\Fun2Savee.Fun2Savee.4.5
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\RRegguulairDeals.RRegguulairDeals
Key Found : HKLM\SOFTWARE\Classes\RRegguulairDeals.RRegguulairDeals.7.2
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\HD-V1.8
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{331EAEFD-F548-7117-0994-F67A475E5D0F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{332F6E83-CD5F-5348-CD19-C728E3A9D548}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AC379FB-E133-A5D0-0166-CA5941E4D295}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD37466-9164-8B5D-FA66-26709EE1CBBF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0AF8E6E7-9C0C-FF64-EC69-402B09AE7010}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{331EAEFD-F548-7117-0994-F67A475E5D0F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{332F6E83-CD5F-5348-CD19-C728E3A9D548}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3AC379FB-E133-A5D0-0166-CA5941E4D295}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AFD37466-9164-8B5D-FA66-26709EE1CBBF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CB785A98-E594-7A5D-521C-B0E10326B732}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{671c50b0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{916e5338}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7223EDAC-E091-B3C1-BD91-B66CE557800F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HD-V1.8
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1291239527
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\Upd Inst
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v33.1 (x86 es-ES)
[ajjnurov.default] - Line Found : user_pref("aol_toolbar.default.homepage.check", false);
[ajjnurov.default] - Line Found : user_pref("aol_toolbar.default.search.check", false);
[ajjnurov.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q=");
[ajjnurov.default] - Line Found : user_pref("extensions.51b48feec6122.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
[ajjnurov.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[ajjnurov.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[ajjnurov.default] - Line Found : user_pref("extensions.Cr4.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net[...]
[ajjnurov.default] - Line Found : user_pref("extensions.JK2nHyyu9mnd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
[ajjnurov.default] - Line Found : user_pref("extensions.Jb_Tq.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
[ajjnurov.default] - Line Found : user_pref("extensions.P5qu0V.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
[ajjnurov.default] - Line Found : user_pref("extensions.TT5ZF.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.backgroundjs", "\n\nappAPI.ready(function(l){function g(){var a=k.apply(null,[99,100,110,51,46,110[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.js", "\n\n /************************************************************************************\[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_13.name", "CrossriderAppUtils");
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_14.name", "CrossriderUtils");
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
[ajjnurov.default] - Line Found : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_78.name", "CrossriderInfo");
[ajjnurov.default] - Line Found : user_pref("extensions.aD5VS8.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
[ajjnurov.default] - Line Found : user_pref("extensions.crossrider.bic", "13fd10f9cbe56582e7575ffcec377c4d");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.admin", false);
[ajjnurov.default] - Line Found : user_pref("extensions.delta.aflt", "babsst");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.autoRvrt", "false");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.dfltLng", "en");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.excTlbr", false);
[ajjnurov.default] - Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
[ajjnurov.default] - Line Found : user_pref("extensions.delta.id", "6c1e7cec000000000000001e65d66545");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.instlDay", "15883");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.instlRef", "sst");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.newTab", false);
[ajjnurov.default] - Line Found : user_pref("extensions.delta.prdct", "delta");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.prtnrId", "delta");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.rvrt", "false");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.smplGrp", "none");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.tlbrId", "base");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.518:56:31");
[ajjnurov.default] - Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
[ajjnurov.default] - Line Found : user_pref("extensions.delta_i.babExt", "");
[ajjnurov.default] - Line Found : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=250613_gr3&tsp=4926");
[ajjnurov.default] - Line Found : user_pref("extensions.delta_i.srcExt", "ss");
[ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "WebSearch");
[ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q=");
[ajjnurov.default] - Line Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=E03FFB51-A720-44AB-A767-7AE7AAC381A0&n=77fcdf2d&p2=^9N^xdm006^S05388^cr&si=CP7Xm4r05rYCFcdU4[...]
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.hp.enabled", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.initialized", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.contextKey", "");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.installDate", "2013060909");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerId", "^9N^xdm006^S05388^cr");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.partnerSubId", "CP7Xm4r05rYCFcdU4AodsV8APg");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.success", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.installation.toolbarId", "E03FFB51-A720-44AB-A767-7AE7AAC381A0");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.lastActivePing", "1370790554072");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.defaultSearch", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.homePageEnabled", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.keywordEnabled", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark._12Members_.options.tabEnabled", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "myscrapnook@mindspark.com");
[ajjnurov.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "myscrapnook@mindspark.com");
[ajjnurov.default] - Line Found : user_pref("extensions.uAg7V500ladKF0Rd.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
[ajjnurov.default] - Line Found : user_pref("extensions.uHASPJOeDmaykihn.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\[...]
[ajjnurov.default] - Line Found : user_pref("extensions.uvFsSkdd_f3E.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]
[ajjnurov.default] - Line Found : user_pref("searchreset.backup.browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=E03FFB51-A720-44AB-A767-7AE7AAC381A0&n=77fcdf2d&p2=^9N^xdm006^S05388^cr&si=CP7Xm4r05rYCFcdU4AodsV8[...]
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
[ajjnurov.default] - Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [28611 octets] - [23/11/2014 07:12:28]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [28672 octets] ##########
The Malwarebytes Anti-Malware's log is here:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 23/11/2014
Scan Time: 07:23:00 a.m.
Logfile:
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.23.04
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Vic
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303251
Time Elapsed: 15 min, 44 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 28
PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec],
PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy\918684622D21481A998DD17A3D9EF450, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec],
PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy\969DD4996B2941B5BE3318187176B799, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec],
PUP.Optional.OpenCandy, C:\Users\Vic\AppData\Roaming\OpenCandy\D9C61DFFD0EE409BA93C1FFE18586843, Quarantined, [1020e857c7b580b60ede9e6c1ce714ec],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa, Quarantined, [ab85be8181fbfd390e829479e61dfa06],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0, Quarantined, [ab85be8181fbfd390e829479e61dfa06],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js, Quarantined, [ab85be8181fbfd390e829479e61dfa06],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\api, Quarantined, [ab85be8181fbfd390e829479e61dfa06],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\app, Quarantined, [ab85be8181fbfd390e829479e61dfa06],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib, Quarantined, [ab85be8181fbfd390e829479e61dfa06],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\js\lib\popupResource, Quarantined, [ab85be8181fbfd390e829479e61dfa06],
PUP.Optional.PlusHD.A, C:\Program Files\HD-V1.8, Quarantined, [b97797a8b3c969cdef03170853b035cb],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\extensionData, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\extensionData\plugins, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\extensionData\userCode, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js\api, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js\lib, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.CrossRider.A, C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi\1.26.52_0\js\lib\popupResource, Quarantined, [e94743fcf38961d54b1146dc4db61fe1],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, Quarantined, [df51b58a2359d85e4f515cc8ed1644bc],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, Quarantined, [df51b58a2359d85e4f515cc8ed1644bc],
PUP.Optional.Updater.A, C:\Users\Vic\AppData\Roaming\FoxTab\UpdateProc, Quarantined, [e24e3c03bfbd3df90b4e31f71ee50af6],
PUP.Optional.BrowserSystemEnahncer.A, C:\ProgramData\Browser System Enahncer, Quarantined, [40f0bd82fe7e1b1b1c98a48731d2a45c],
PUP.Optional.MultiPlug.A, C:\ProgramData\ExstraCouPon, Quarantined, [ab85d669aad2e452b211e34d27dc4cb4],
PUP.Optional.MultiPlug.A, C:\ProgramData\DIgICoupon, Quarantined, [cf617bc423591e1874b2a58e1de61be5],
PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker, Quarantined, [e947043b98e4fb3bb70d90a4ed169967],
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end) -
I dunno if you want it as a reply or attached... so... I did both
ComboFix.txt:
ComboFix 14-11-18.01 - Vic 21/11/2014 18:09:36.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.1976.846 [GMT -6:00]
Running from: c:\users\Vic\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\hosts\hoSTs-bho.dll
c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo
c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\51b48feec5fb25.60954951.js
c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\background.html
c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\content.js
c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\lsdb.js
c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo\1\sqlite.js
c:\users\Vic\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\msdownld.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Service_ProtectMonitor
.
.
((((((((((((((((((((((((( Files Created from 2014-10-22 to 2014-11-22 )))))))))))))))))))))))))))))))
.
.
2014-11-22 00:18 . 2014-11-22 00:21 -------- d-----w- c:\users\Vic\AppData\Local\temp
2014-11-22 00:18 . 2014-11-22 00:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-21 19:32 . 2014-09-20 02:41 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9442087F-C670-4324-ABA3-C71A87AAE266}\gapaengine.dll
2014-11-21 19:32 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B43E482E-8E7D-41B0-9F68-80244ECC42FE}\mpengine.dll
2014-11-21 19:18 . 2014-11-21 20:14 -------- d-----w- C:\FRST
2014-11-20 03:17 . 2014-11-02 04:17 8941456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-19 23:47 . 2014-11-19 23:47 -------- d-----w- c:\windows\system32\wbem\MOF\good
2014-11-19 23:47 . 2014-11-19 23:47 -------- d-----w- c:\windows\system32\wbem\MOF\bad
2014-11-19 21:48 . 2014-11-19 21:48 -------- d-----w- c:\windows\system32\wbem\Logs
2014-11-19 21:37 . 2014-11-20 01:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-19 21:37 . 2014-11-19 21:37 -------- d-----w- c:\programdata\Malwarebytes
2014-11-12 18:32 . 2014-11-12 18:32 -------- d-----w- c:\users\Vic\AppData\Local\Skype
2014-11-12 18:32 . 2014-11-12 18:32 -------- d-----w- c:\program files\Common Files\Skype
2014-11-12 18:32 . 2014-11-12 18:32 -------- d-----r- c:\program files\Skype
2014-11-12 18:17 . 2014-11-20 02:58 -------- d-----w- c:\users\Vic\AppData\Roaming\Skype
2014-11-05 21:37 . 2014-11-05 21:37 -------- d-----w- c:\program files\Lexmark
2014-11-05 21:36 . 2014-11-05 21:36 -------- d-----w- c:\programdata\Xerox
2014-11-05 21:28 . 2002-07-22 15:36 28112 ----a-w- c:\windows\system32\drivers\sqcaptur.sys
2014-11-05 21:28 . 2002-07-22 15:36 25193 ----a-w- c:\windows\system32\drivers\SQCamD.sys
2014-11-04 00:48 . 2014-11-04 00:48 -------- d-----w- c:\programdata\EPSON
2014-11-04 00:46 . 2006-12-08 09:04 76800 ----a-w- c:\windows\system32\E_FLBBZL.DLL
2014-11-04 00:46 . 2006-04-19 09:00 62976 ----a-w- c:\windows\system32\E_FD4BBZL.DLL
2014-11-04 00:45 . 2014-11-04 00:45 -------- d-----w- c:\program files\EPSON
2014-11-03 12:47 . 2009-07-14 01:15 33280 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EP0NPP01.DLL
2014-10-30 22:19 . 2014-10-30 22:19 -------- d-----w- c:\program files\Common Files\Java
2014-10-30 22:18 . 2014-10-30 22:18 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-25 17:59 . 2014-10-25 17:59 -------- d-----w- c:\programdata\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 23:20 . 2013-01-14 21:22 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-13 23:20 . 2013-01-14 21:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24 . 2013-01-14 20:14 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-04 13:22 . 2014-10-04 13:22 98304 ----a-r- c:\users\Vic\AppData\Roaming\Microsoft\Installer\{61121B12-88BD-4261-A6EE-AB32610A56DD}\python_icon.exe
2014-09-20 02:41 . 2013-03-25 16:01 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-06-14 20:31 . 2014-06-14 20:31 4296192 ----a-w- c:\program files\Assistant.dll
2014-06-14 20:31 . 2014-06-14 20:31 174928 ----a-w- c:\program files\AssistantSvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-07-07 14:34 752960 ----a-w- c:\program files\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4}]
2014-08-04 18:01 449024 ----a-w- c:\programdata\ExsttraCoupon\UImA.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{331EAEFD-F548-7117-0994-F67A475E5D0F}]
2014-07-04 20:50 459776 ----a-w- c:\programdata\DIgICoupon\0K6jv8.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{332F6E83-CD5F-5348-CD19-C728E3A9D548}]
2014-09-07 21:01 616960 ----a-w- c:\programdata\ExstraCouPon\e9SK.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3AC379FB-E133-A5D0-0166-CA5941E4D295}]
2014-07-27 15:24 449024 ----a-w- c:\programdata\CooupaEixtension\FY2EeRU0D.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{781DB29A-907A-BA6A-7F32-0AFCF84C1F34}]
2013-06-09 14:23 118272 ----a-w- c:\programdata\cOOntiinuetoosave\51b48feec620c.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95BD91D0-75E2-6B28-27F4-DB7FD9205AF5}]
2014-06-01 03:27 371200 ----a-w- c:\programdata\DaigiSavEr\xf_Cr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{AFD37466-9164-8B5D-FA66-26709EE1CBBF}]
2014-04-03 22:36 425472 ----a-w- c:\programdata\ReGulearDeaLs\SSz.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0}]
2014-07-04 20:30 459776 ----a-w- c:\programdata\Funo2Save\GJf.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Connectify Hotspot"="c:\program files\Connectify\Connectify.exe" [2014-03-24 4170528]
"Connectify Dispatch"="c:\program files\Connectify\DispatchUI.exe" [2014-03-24 2217760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsldcf9dba8;MpKsldcf9dba8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{954644EF-27AD-4684-9D2B-80631B3C5460}\MpKsldcf9dba8.sys [x]
R2 671c50b0;Browser System Enahncer;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 916e5338;Install Supporter;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2014-07-07 2175264]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [2012-04-09 655712]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-04 315008]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files\globalUpdate\Update\GoogleUpdate.exe [2014-07-07 68608]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-03-07 95616]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-11-24 27520]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-03-07 195072]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 sonydcam;Generic 1394 Desktop Camera;c:\windows\system32\DRIVERS\sonydcam.sys [2009-07-13 26752]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-14 1343400]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys [2014-07-07 29672]
S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [2014-03-24 487936]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [2011-05-17 254464]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 26168]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-11-24 76544]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 23:20]
.
2014-10-07 c:\windows\Tasks\Uninstaller_SkipUac_Administrator.job
- c:\program files\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-07-07 13:56]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.goog%20la%20finca%20de%20mis%20abuelos/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2ADD26DB-EA13-43C8-B13E-92639E4031A5}: NameServer = 200.91.75.5 200.91.75.6
TCP: Interfaces\{76BC8F27-E806-4D79-AE08-C443582778BA}: NameServer = 200.91.75.5 200.91.75.6
TCP: Interfaces\{D8B26E8B-3BBB-4CF8-A45E-5A762FDAD1D6}: NameServer = 200.91.75.5 200.91.75.6
FF - ProfilePath - c:\users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.cr/
FF - prefs.js: keyword.URL -
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 6c1e7cec000000000000001e65d66545
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15883
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.518:56
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121562&tt=250613_gr3&tsp=4926
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extensions.irspeeddial.aflt - fxtb103
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 1949478564
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzutCzz0AzytDyDzz0B0BtA0DyEyB0C0E0CtN0D0Tzu0SzytCyBtN1L2XzutBtFtBtCtFtCtBtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyBtD0DtDyD0DzzzztG0BzytAtDtG0BzzyByEtG0D0C0CtBtGyD0BtB0B0CtD0F0E0ByC0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0CtA0FzzyC0FyDtGtAyDtCtCtG0EzytC0DtGtCyC0AzztGyC0A0AyDyByEtC0B0DtA0F0B2Q
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{97264c98-7e3b-4ad6-baff-f382350ad08b} - c:\programdata\GoSaVeo\2TWjeMmehObJ2r.dll
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{64A4ABCA-CF3D-C548-2DC4-72A55DC5882A} - c:\programdata\GoSaVeo\2TWjeMmehObJ2r.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\cOOntiinuetoosave\uninstall.exe
AddRemove-pyenchant-py3.4 - c:\python34\Removepyenchant.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Droid Explorer\SDK\tools\adb.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Connectify\ConnectifyD.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\DllHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2014-11-21 18:26:10 - machine was rebooted
ComboFix-quarantined-files.txt 2014-11-22 00:26
.
Pre-Run: 86.068.625.408 bytes free
Post-Run: 85.529.915.392 bytes free
.
- - End Of File - - AEB0F368F1A38AA2BB59B90957AD4ECD
A36C5E4F47E84449FF07ED3517B43A31 -
The Fixlog.txt:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-11-2014
Ran by Vic at 2014-11-21 14:12:56 Run:1
Running from C:\Users\Vic\Desktop
Loaded Profile: Vic (Available profiles: Vic)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
AppInit_DLLs: c:\progra~2\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4463616 2014-02-09] ()
AppInit_DLLs: c:\progra~1\assist~1.dll => c:\Program Files\Assistant.dll [4296192 2014-06-14] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\jmemjkhklaiadlnlhnkkaljenchcgoli
2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\GoSaVeo
Task: {19534C8B-7416-488A-98E7-7B28B7F817BC} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-11.exe [2014-07-07] () <==== ATTENTION
Task: {1A17E6C3-CAB8-44D6-A620-8C0FD6172B93} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe [2014-07-07] () <==== ATTENTION
Task: {2BB4E467-AE25-435B-AED2-31487EAECF27} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-07] () <==== ATTENTION
Task: {48668375-5247-42C8-96FD-80C9BD35E3FC} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-07-07] () <==== ATTENTION
Task: {50DAC9FF-A152-4DAA-B2D1-2D4C82DC3C36} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-3.exe [2014-07-07] () <==== ATTENTION
Task: {5FCABEFD-925E-40ED-9A4D-2AE493B6C9D4} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe [2014-07-07] () <==== ATTENTION
Task: {68356DC1-7704-4D75-A473-6FAD111C9039} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1 => C:\Program Files\HD-V1.8\HD-V1.8-codedownloader.exe <==== ATTENTION
Task: {A166BB6A-E49D-4809-8FDF-827BA73733B4} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-4.exe [2014-07-07] () <==== ATTENTION
Task: {A71F51E3-D613-4488-8925-C1F9D55DCEFD} - System32\Tasks\FoxTab => C:\Users\Vic\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {B8672E92-C41A-4421-B725-98E9976D6FD6} - System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10 => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-10.exe [2014-07-07] () <==== ATTENTION
Task: {B9DEEF22-EA2A-49EC-BF2F-053A6D8C5F0A} - System32\Tasks\AmiUpdXp => C:\Users\Vic\AppData\Local\1638\a28231.exe [2014-07-07] () <==== ATTENTION
Task: {CC4632C6-139A-4ED4-ACB4-BB9E95A73FD3} - System32\Tasks\Upd Inst-S-1291239527 => c:\programdata\mountainapp\upd inst\Upd Inst.exe [2013-06-14] () <==== ATTENTION
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Vic\AppData\Local\1638\a28231.exe <==== ATTENTION
Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1.job => C:\Program Files\HD-V1.8\HD-V1.8-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user.job => C:\Program Files\HD-V1.8\f6ed8765-2424-4188-aaac-803aabe60b65-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Vic\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Upd Inst-S-1291239527.job => c:\programdata\mountainapp\upd inst\Upd Inst.exe <==== ATTENTION
EmptyTemp:
*****************
"c:\progra~2\browse~1\browse~1.dll" => Value Data removed successfully.
" c:\progra~1\assist~1.dll" => Value Data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\ProgramData\jmemjkhklaiadlnlhnkkaljenchcgoli => Moved successfully.
C:\ProgramData\GoSaVeo => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19534C8B-7416-488A-98E7-7B28B7F817BC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19534C8B-7416-488A-98E7-7B28B7F817BC}" => Key deleted successfully.
C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1A17E6C3-CAB8-44D6-A620-8C0FD6172B93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A17E6C3-CAB8-44D6-A620-8C0FD6172B93}" => Key deleted successfully.
C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB4E467-AE25-435B-AED2-31487EAECF27}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB4E467-AE25-435B-AED2-31487EAECF27}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48668375-5247-42C8-96FD-80C9BD35E3FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48668375-5247-42C8-96FD-80C9BD35E3FC}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{50DAC9FF-A152-4DAA-B2D1-2D4C82DC3C36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50DAC9FF-A152-4DAA-B2D1-2D4C82DC3C36}" => Key deleted successfully.
C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FCABEFD-925E-40ED-9A4D-2AE493B6C9D4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FCABEFD-925E-40ED-9A4D-2AE493B6C9D4}" => Key deleted successfully.
C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68356DC1-7704-4D75-A473-6FAD111C9039}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68356DC1-7704-4D75-A473-6FAD111C9039}" => Key deleted successfully.
C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A166BB6A-E49D-4809-8FDF-827BA73733B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A166BB6A-E49D-4809-8FDF-827BA73733B4}" => Key deleted successfully.
C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A71F51E3-D613-4488-8925-C1F9D55DCEFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A71F51E3-D613-4488-8925-C1F9D55DCEFD}" => Key deleted successfully.
C:\Windows\System32\Tasks\FoxTab => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FoxTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8672E92-C41A-4421-B725-98E9976D6FD6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8672E92-C41A-4421-B725-98E9976D6FD6}" => Key deleted successfully.
C:\Windows\System32\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f6ed8765-2424-4188-aaac-803aabe60b65-10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9DEEF22-EA2A-49EC-BF2F-053A6D8C5F0A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9DEEF22-EA2A-49EC-BF2F-053A6D8C5F0A}" => Key deleted successfully.
C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC4632C6-139A-4ED4-ACB4-BB9E95A73FD3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC4632C6-139A-4ED4-ACB4-BB9E95A73FD3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Upd Inst-S-1291239527 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Upd Inst-S-1291239527" => Key deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job => Moved successfully.
C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1.job => Moved successfully.
C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10.job => Moved successfully.
C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11.job => Moved successfully.
C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3.job => Moved successfully.
C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4.job => Moved successfully.
C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5.job => Moved successfully.
C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user.job => Moved successfully.
C:\Windows\Tasks\FoxTab.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\Upd Inst-S-1291239527.job => Moved successfully.
EmptyTemp: => Removed 1.1 GB temporary data.
The system needed a reboot.
==== End of Fixlog ==== -
Ok ^-^
Addition.txt is Attached
FRST.txt is this:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
Ran by Vic (administrator) on VIC-PC on 21-11-2014 13:19:38
Running from C:\Users\Vic\Downloads
Loaded Profile: Vic (Available profiles: Vic)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Connectify) C:\Program Files\Connectify\Connectify.exe
(Connectify) C:\Program Files\Connectify\DispatchUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Ryan Conrad) C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
() C:\Program Files\Droid Explorer\SDK\tools\adb.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Windows\Temp\dgen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files\Connectify\Connectify.exe [4170528 2014-03-24] (Connectify)
HKLM\...\Run: [Connectify Dispatch] => C:\Program Files\Connectify\DispatchUI.exe [2217760 2014-03-24] (Connectify)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [XeroxEndeavorBackgroundTask] => rundll32.exe xrWCbgnd.dll,LaunchBgTask 1
HKU\S-1-5-21-212562329-142324042-622042923-1001\...\Run: [EPSON Stylus C92 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZL.EXE [139264 2006-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {2b489963-6339-11e2-a46e-00247eed01ae} - E:\AutoRun.exe
HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {2b489972-6339-11e2-a46e-00247eed01ae} - E:\AutoRun.exe
HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {5bf84c61-6706-11e2-a41e-00247eed01ae} - E:\AutoRun.exe
HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {5bf84c73-6706-11e2-a41e-18a9058bb3d4} - E:\AutoRun.exe
HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {5bf84cb3-6706-11e2-a41e-18a9058bb3d4} - E:\AutoRun.exe
HKU\S-1-5-21-212562329-142324042-622042923-1001\...\MountPoints2: {b55e0061-c096-11e2-9e16-00247eed01ae} - E:\AutoRun.exe
AppInit_DLLs: c:\progra~2\browse~1\browse~1.dll => c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncer.dll [4463616 2014-02-09] ()
AppInit_DLLs: c:\progra~1\assist~1.dll => c:\Program Files\Assistant.dll [4296192 2014-06-14] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.goog%20la%20finca%20de%20mis%20abuelos/
HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://kolbi.msn.com/?rd=1&ucc=CR&dcc=CR&opt=0&ocid=iehp&tc=5
HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x991E60A617FBCD01
HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-212562329-142324042-622042923-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20
SearchScopes: HKU\S-1-5-21-212562329-142324042-622042923-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-212562329-142324042-622042923-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-212562329-142324042-622042923-1001 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.homesearch-hub.info/?l=1&q={searchTerms}&pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: hosts -> {11111111-1111-1111-1111-110311531182} -> C:\Program Files\hosts\hosts-bho.dll ()
BHO: ExsttraCoupon -> {2D65BBF2-ABD3-9011-5CBF-D0035F68DAE4} -> C:\ProgramData\ExsttraCoupon\UImA.dll ()
BHO: DIgICoupon -> {331EAEFD-F548-7117-0994-F67A475E5D0F} -> C:\ProgramData\DIgICoupon\0K6jv8.dll ()
BHO: ExstraCouPon -> {332F6E83-CD5F-5348-CD19-C728E3A9D548} -> C:\ProgramData\ExstraCouPon\e9SK.dll ()
BHO: CooupaEixtension -> {3AC379FB-E133-A5D0-0166-CA5941E4D295} -> C:\ProgramData\CooupaEixtension\FY2EeRU0D.dll ()
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: cOOntiinuetoosave -> {781DB29A-907A-BA6A-7F32-0AFCF84C1F34} -> C:\ProgramData\cOOntiinuetoosave\51b48feec620c.dll ()
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DaigiSavEr -> {95BD91D0-75E2-6B28-27F4-DB7FD9205AF5} -> C:\ProgramData\DaigiSavEr\xf_Cr.dll ()
BHO: GoSaVeo -> {97264c98-7e3b-4ad6-baff-f382350ad08b} -> C:\ProgramData\GoSaVeo\2TWjeMmehObJ2r.dll ()
BHO: ReGulearDeaLs -> {AFD37466-9164-8B5D-FA66-26709EE1CBBF} -> C:\ProgramData\ReGulearDeaLs\SSz.dll ()
BHO: Funo2Save -> {BBE92B47-CE63-9B5E-7AD0-2A4D846A2FD0} -> C:\ProgramData\Funo2Save\GJf.dll ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2ADD26DB-EA13-43C8-B13E-92639E4031A5}: [NameServer] 200.91.75.5 200.91.75.6
Tcpip\..\Interfaces\{76BC8F27-E806-4D79-AE08-C443582778BA}: [NameServer] 200.91.75.5 200.91.75.6
Tcpip\..\Interfaces\{D8B26E8B-3BBB-4CF8-A45E-5A762FDAD1D6}: [NameServer] 200.91.75.5 200.91.75.6
FireFox:
========
FF ProfilePath: C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default
FF DefaultSearchEngine:
FF DefaultSearchEngine,S:
FF DefaultSearchUrl: hxxp://websearch.homesearch-hub.info/?pid=658&r=2013/06/09&hid=2864793594&lg=EN&cc=CR&unqvl=20&l=1&q=
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SelectedSearchEngine:
FF SelectedSearchEngine,S:
FF Homepage: https://www.google.co.cr/
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll ()
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\user.js
FF Extension: DigiSaver - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\3WvnC@d.net [2014-11-19]
FF Extension: SaverExtension - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\Extensions\Pl@wwrPfj.edu [2014-11-19]
FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [Not Found]
FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\translator@zoli.bod.xpi [Not Found]
FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\netvideohunter@netvideohunter.com [Not Found]
FF Extension: No Name - C:\Users\Vic\AppData\Roaming\Mozilla\Firefox\Profiles\ajjnurov.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [Not Found]
FF Extension: No Name - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} [Not Found]
FF Extension: No Name - translator@zoli.bod [Not Found]
FF Extension: No Name - netvideohunter@netvideohunter.com [Not Found]
FF Extension: No Name - {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [Not Found]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\ailcjmkbchjpglniippdjaaamimdniko [2014-07-27]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhddglpocgogkbpkbkoieiplhgbjmiim [2014-09-02]
CHR Extension: (HD-V1.8) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi [2014-07-07]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmaefpkmcgmfndnfmdhillmdpilcbana [2014-04-03]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamlmgkgpkoacendnhjdlccbijpkflbf [2014-07-05]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\glieaboaghdnlglpkekghloldikefofo [2014-10-13]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmocjijcjbgddchpjelflkibmjjhaclo [2013-06-09]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdebdllgnemmnjjhjjndfiaamdhonjlk [2014-09-12]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcioajokdgfncdnnhajlofmphdobjhla [2014-07-04]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\necpbmbhhdiplmfhmjicabdeighkndkn [2014-06-14]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa [2013-07-11]
CHR Extension: (Remote Torrent Adder) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabphaconndgibllomdcjbfdghcmenci [2014-11-19]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\oonogefhmapoekojlmgdocegllngpehg [2014-05-21]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgemiaeoikobfdndbhbenpapipajcbh [2014-05-31]
CHR Extension: (No Name) - C:\Users\Vic\AppData\Local\Google\Chrome\User Data\Default\Extensions\pljlekgobmkopcjnljkinpmppkekangd [2014-06-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 671c50b0; c:\ProgramData\Browser System Enahncer\BrowserSystemEnahncerSvc.dll [174928 2014-02-09] () [File not signed]
S2 916e5338; c:\Program Files\AssistantSvc.dll [174928 2014-06-14] () [File not signed]
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [487936 2014-03-24] (Connectify) [File not signed]
R2 DroidExplorerService; C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [254464 2011-05-17] (Ryan Conrad) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE [102400 2006-04-18] (SEIKO EPSON CORPORATION)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-07] () [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-07-07] () [File not signed]
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [271712 2011-03-14] ()
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-07-07] (IObit)
S2 Mobile Partner. RunOuc; C:\Program Files\Mobile Partner\UpdateDog\ouc.exe [655712 2012-04-09] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 ProtectMonitor; C:\Program Files\PCDApp\StartHelp.exe [65846 2014-06-27] () [File not signed] <==== ATTENTION
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [29672 2014-07-07] (Connectify)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-03-06] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27520 2011-11-24] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [195072 2012-03-06] (Huawei Technologies Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 sonydcam; C:\Windows\System32\DRIVERS\sonydcam.sys [26752 2009-07-13] (Microsoft Corporation)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 MpKsldcf9dba8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{954644EF-27AD-4684-9D2B-80631B3C5460}\MpKsldcf9dba8.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-21 13:19 - 2014-11-21 13:20 - 00017811 _____ () C:\Users\Vic\Downloads\FRST.txt
2014-11-21 13:18 - 2014-11-21 13:19 - 00000000 ____D () C:\FRST
2014-11-21 13:17 - 2014-11-21 13:17 - 01108992 _____ (Farbar) C:\Users\Vic\Desktop\FRST.exe
2014-11-19 21:01 - 2014-11-19 21:01 - 00000000 __RSH () C:\MSDOS.SYS
2014-11-19 21:01 - 2014-11-19 21:01 - 00000000 __RSH () C:\IO.SYS
2014-11-19 15:37 - 2014-11-19 19:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-19 15:37 - 2014-11-19 15:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-17 16:48 - 2014-11-17 17:24 - 02933655 _____ () C:\Users\Vic\Downloads\Filosofia unir.pptx
2014-11-16 12:36 - 2014-11-16 12:39 - 00000000 ____D () C:\Users\Vic\Desktop\NUEVAMEMORIA8
2014-11-16 12:24 - 2014-11-16 12:25 - 00000000 ____D () C:\Users\Vic\Downloads\The World Ends With You v1.0.1 apkmania.com
2014-11-15 08:29 - 2014-11-15 08:29 - 47833472 _____ () C:\Users\Vic\Downloads\Wii FFCC My Life as a Darklord.wad
2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ___RD () C:\Program Files\Skype
2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ____D () C:\Users\Vic\AppData\Local\Skype
2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-12 12:32 - 2014-11-12 12:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-11-12 12:17 - 2014-11-19 20:58 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\Skype
2014-11-12 12:17 - 2014-11-12 12:32 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-10 20:47 - 2014-11-10 20:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 16:07 - 2014-11-09 06:05 - 16545711 _____ () C:\Users\Vic\Desktop\video_nov_09_2014_0.mp4
2014-11-06 18:25 - 2014-11-03 15:49 - 00257371 _____ () C:\Users\Vic\Desktop\recording1757039512.3gp
2014-11-06 18:25 - 2014-11-03 15:40 - 00350061 _____ () C:\Users\Vic\Desktop\recording1984617104.3gp
2014-11-06 18:25 - 2014-11-03 15:31 - 00055195 _____ () C:\Users\Vic\Desktop\recording-1669787602.3gp
2014-11-06 18:25 - 2014-11-03 15:28 - 00468699 _____ () C:\Users\Vic\Desktop\recording-1399137794.3gp
2014-11-05 15:37 - 2014-11-05 15:37 - 00000000 ____D () C:\Program Files\Lexmark
2014-11-05 15:36 - 2014-11-05 15:36 - 00000000 ____D () C:\ProgramData\Xerox
2014-11-05 15:28 - 2002-07-22 09:36 - 00028112 _____ (Service & Quality Technology.) C:\Windows\system32\Drivers\sqcaptur.sys
2014-11-05 15:28 - 2002-07-22 09:36 - 00025193 _____ (Service & Quality Technology.) C:\Windows\system32\Drivers\SQCamD.sys
2014-11-04 16:47 - 2014-11-04 17:33 - 00009369 _____ () C:\Users\Vic\Documents\RPGSTATS.xlsx
2014-11-03 18:48 - 2014-11-03 18:48 - 00000000 ____D () C:\ProgramData\EPSON
2014-11-03 18:46 - 2014-11-03 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-03 18:46 - 2006-12-08 03:04 - 00076800 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FLBBZL.DLL
2014-11-03 18:46 - 2006-07-12 02:00 - 00005385 _____ () C:\Windows\EPBUYINK.HTM
2014-11-03 18:46 - 2006-04-19 03:00 - 00062976 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_FD4BBZL.DLL
2014-11-03 18:45 - 2014-11-03 18:45 - 00000000 ____D () C:\Program Files\EPSON
2014-11-02 19:25 - 2014-11-04 20:42 - 00732770 _____ () C:\Users\Vic\Downloads\Apps for your Healthcare.pptx
2014-10-30 17:46 - 2014-10-30 17:46 - 00000000 ____D () C:\Users\Vic\Desktop\USO DEL SUELO
2014-10-30 16:19 - 2014-10-30 16:19 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-30 16:19 - 2014-10-30 16:18 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-30 16:18 - 2014-10-30 16:18 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-30 16:18 - 2014-10-30 16:18 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-30 16:18 - 2014-10-30 16:18 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-30 16:18 - 2014-10-30 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\jmemjkhklaiadlnlhnkkaljenchcgoli
2014-10-26 07:51 - 2014-11-19 20:58 - 00000000 ____D () C:\ProgramData\GoSaVeo
2014-10-25 16:28 - 2014-10-25 16:31 - 104291207 _____ () C:\Users\Vic\Downloads\Rooster Teeth · RWBY Volume 2, Chapter 11.mp4
2014-10-25 11:59 - 2014-10-25 11:59 - 00000000 ____D () C:\ProgramData\AVAST Software
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-07-04 19:15 - 2013-01-24 09:00 - 134217728 _____ () C:\Users\Vic\Documents\pokemn dungeon.nds
2014-11-21 13:20 - 2010-11-20 15:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 13:18 - 2013-01-14 13:48 - 01316216 _____ () C:\Windows\WindowsUpdate.log
2014-11-21 13:15 - 2014-07-07 07:49 - 00000000 ____D () C:\Program Files\PCDApp
2014-11-21 13:14 - 2014-07-07 07:51 - 00001360 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5_user.job
2014-11-21 13:14 - 2014-07-07 07:51 - 00001340 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-5.job
2014-11-21 13:14 - 2014-07-07 07:51 - 00001184 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-10.job
2014-11-21 13:14 - 2014-07-07 07:50 - 00003430 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-11.job
2014-11-21 13:14 - 2014-07-07 07:50 - 00002748 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-3.job
2014-11-21 13:14 - 2014-07-07 07:50 - 00002106 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-4.job
2014-11-21 13:14 - 2014-07-07 07:50 - 00001434 _____ () C:\Windows\Tasks\f6ed8765-2424-4188-aaac-803aabe60b65-1.job
2014-11-21 13:14 - 2014-07-07 07:50 - 00000918 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-11-21 13:14 - 2014-07-07 07:45 - 00000334 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-11-21 13:14 - 2014-06-14 14:31 - 00000436 ____H () C:\Windows\Tasks\Upd Inst-S-1291239527.job
2014-11-21 13:13 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-21 13:13 - 2009-07-13 22:39 - 00109319 _____ () C:\Windows\setupact.log
2014-11-20 21:31 - 2014-07-05 16:31 - 00000280 _____ () C:\Windows\Tasks\FoxTab.job
2014-11-20 21:12 - 2013-01-14 15:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 19:55 - 2014-07-07 07:50 - 00000922 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-20 18:31 - 2014-08-17 14:18 - 00017920 ___SH () C:\Users\Vic\Downloads\Thumbs.db
2014-11-20 18:16 - 2009-07-13 22:34 - 00022208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 18:16 - 2009-07-13 22:34 - 00022208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 14:05 - 2013-06-23 06:42 - 00000000 ____D () C:\Users\Vic\AppData\Local\Paint.NET
2014-11-19 21:01 - 2013-01-14 13:48 - 00000000 ____D () C:\Users\Vic
2014-11-19 20:59 - 2014-07-07 07:50 - 00000000 ____D () C:\Program Files\HD-V1.8
2014-11-19 20:59 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-19 20:58 - 2014-09-02 09:54 - 00000000 ____D () C:\ProgramData\ExstraCouPon
2014-11-19 20:58 - 2014-08-04 12:01 - 00000000 ____D () C:\ProgramData\ExsttraCoupon
2014-11-19 20:58 - 2014-07-27 09:24 - 00000000 ____D () C:\ProgramData\CooupaEixtension
2014-11-19 20:58 - 2014-07-07 08:35 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\ProductData
2014-11-19 20:58 - 2014-07-07 07:50 - 00000000 ____D () C:\Program Files\globalUpdate
2014-11-19 20:58 - 2014-07-07 07:45 - 00000000 ____D () C:\Users\Vic\AppData\Local\1638
2014-11-19 20:58 - 2014-07-05 16:31 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\FoxTab
2014-11-19 20:58 - 2014-07-04 14:50 - 00000000 ____D () C:\ProgramData\DIgICoupon
2014-11-19 20:58 - 2014-07-04 14:30 - 00000000 ____D () C:\ProgramData\Funo2Save
2014-11-19 20:58 - 2014-05-31 21:27 - 00000000 ____D () C:\ProgramData\DaigiSavEr
2014-11-19 20:58 - 2014-04-03 16:36 - 00000000 ____D () C:\ProgramData\ReGulearDeaLs
2014-11-19 20:58 - 2014-02-09 16:50 - 00000000 ____D () C:\ProgramData\Browser System Enahncer
2014-11-19 20:58 - 2013-07-11 22:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-19 20:58 - 2013-06-26 18:49 - 00000000 ____D () C:\Users\Vic\AppData\Roaming\OpenCandy
2014-11-19 20:58 - 2013-06-09 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cOOntiinuetoosave
2014-11-19 20:58 - 2013-06-09 08:22 - 00000000 ____D () C:\ProgramData\cOOntiinuetoosave
2014-11-19 20:58 - 2013-06-08 19:51 - 00000000 ____D () C:\Windows\system32\Adobe
2014-11-19 20:58 - 2013-01-14 15:21 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-19 20:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-19 20:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-11-19 20:58 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\ias
2014-11-19 20:57 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\spool
2014-11-19 20:57 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\registration
2014-11-15 08:31 - 2014-07-05 17:31 - 00000111 _____ () C:\Users\Vic\AppData\Roaming\WB.CFG
2014-11-13 17:20 - 2013-07-16 17:26 - 00000000 ____D () C:\Users\Vic\AppData\Local\Adobe
2014-11-13 17:20 - 2013-01-14 15:22 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-13 17:20 - 2013-01-14 15:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-12 12:32 - 2014-01-01 21:08 - 00000000 ____D () C:\ProgramData\Skype
2014-11-11 13:18 - 2013-03-02 21:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-10 07:08 - 2014-07-07 08:34 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-05 15:56 - 2014-06-14 14:14 - 00000000 ____D () C:\Users\Vic\AppData\Local\Windows Live
2014-11-05 15:38 - 2013-01-14 14:00 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-05 15:38 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\twain_32
2014-11-04 20:34 - 2014-08-07 20:42 - 00110592 ___SH () C:\Users\Vic\Documents\Thumbs.db
2014-10-30 18:13 - 2014-10-04 07:22 - 00000000 ___HD () C:\Python27
2014-10-30 16:26 - 2014-09-12 19:47 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-30 16:18 - 2013-06-08 08:19 - 00000000 ____D () C:\Program Files\Java
2014-10-30 05:24 - 2013-01-14 14:14 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 19:33 - 2014-10-04 07:25 - 00000000 ____D () C:\Users\Vic\Downloads\DRE
2014-10-26 07:51 - 2014-04-03 16:36 - 00000000 ____D () C:\ProgramData\c12e3f83e4cc17db
Some content of TEMP:
====================
C:\Users\Vic\AppData\Local\Temp\app_d.exe
C:\Users\Vic\AppData\Local\Temp\app_e.exe
C:\Users\Vic\AppData\Local\Temp\crpt.exe
C:\Users\Vic\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Vic\AppData\Local\Temp\dgen.exe
C:\Users\Vic\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Vic\AppData\Local\Temp\FreemakeVideoConverter_4.0.2.3.exe
C:\Users\Vic\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Vic\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Vic\AppData\Local\Temp\libcurl.dll
C:\Users\Vic\AppData\Local\Temp\ose00000.exe
C:\Users\Vic\AppData\Local\Temp\pthreadGC2.dll
C:\Users\Vic\AppData\Local\Temp\ResetDevice.exe
C:\Users\Vic\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Vic\AppData\Local\Temp\starter.exe
C:\Users\Vic\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-05 18:50
==================== End Of Log ============================ -
Um... Hello.
I'm having a problem with several boxes with the title of... For example:
"Insertsomethinghere.exe- Bad Image
c:/progra~2/browse~1/browse~1.dll is either not designed to run on
Windows or it contains an error. Try installing the program again using
the original installation media or contact your system administrator or
the software vendor for support.
This happens when I turn up the PC and when I try to open almost all applications.
The problem started after I use Malwarebytes to delete some disturbing malwares.
Everything appears to work fine but those boxes are so annoying.
Salutations.
Several boxes with " - Bad Image"
in Resolved Malware Removal Logs
Posted
Oh.... No... Wait...
I have some threats in Quarantine MBAM.
Should I delete those threats with MBAM?