Jump to content

Error messages & virus galore

pcemkr

By pcemkr
in Resolved Malware Removal Logs

 Share

Recommended Posts

pcemkr

pcemkr

Posted
Posted

Hello!

I am helping my mother with her computer as her current protection (not MBAM, updating to it once the computer is clean again) allowed many cooties to get through. I could use your help please.

Thanks!

Pcemkr

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by Celeste (administrator) on CELESTE-DESKTOP on 14-11-2014 12:14:09
Running from C:\Users\Celeste\Downloads
Loaded Profile: Celeste (Available profiles: Celeste)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [770672 2014-11-12] (Webroot)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1541584 2013-06-06] (APN)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-06-26] (Sendori, Inc.)
HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Run: [blaze] => C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.exe [835072 2014-01-22] (Blaze)
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = 
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}
SearchScopes: HKCU - {23E8B459-E5B7-4B98-AAD8-C19423899B97} URL = http://www.mysearchresults.com/search?&c=2631&t=03&q={searchTerms}
SearchScopes: HKCU - {540F27A1-D734-448E-84ED-791B6A68D982} URL = http://delicious.com/search?p={searchTerms}
SearchScopes: HKCU - {B3B83059-AFF8-4C05-9D6F-AA29688C0C2C} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Toolbar BHO -> {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -> C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3130736979-1909993698-1134593641-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Winsock: Catalog9-x64 01 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Sendori64.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{8BA0949D-6E58-403F-82C3-67261D136EA8}: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{B057D18F-602F-4608-9A11-ED558AB645F3}: [NameServer] 75.126.206.18,184.173.169.186
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-02]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR Profile: C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Webroot Password Manager) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-12-08]
CHR Extension: (Gmail) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Celeste\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-06] (APN LLC.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22816 2014-06-26] (sendori)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [770672 2014-11-12] (Webroot)
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [X]
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTION
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-11-12] (Webroot)
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 12:14 - 2014-11-14 12:14 - 00029603 _____ () C:\Users\Celeste\Downloads\FRST.txt
2014-11-14 12:13 - 2014-11-14 12:14 - 00000000 ____D () C:\FRST
2014-11-14 12:12 - 2014-11-14 12:13 - 02116608 _____ (Farbar) C:\Users\Celeste\Downloads\FRST64.exe
2014-11-12 10:57 - 2014-11-14 11:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 10:57 - 2014-11-12 10:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 10:57 - 2014-11-12 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 10:57 - 2014-11-12 10:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 10:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 10:57 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 10:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 10:56 - 2014-11-12 10:57 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025 (2).exe
2014-11-12 10:56 - 2014-11-12 10:56 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-25 13:45 - 2014-10-25 13:45 - 00065232 _____ (Malwarebytes) C:\Users\Celeste\Downloads\regassassin-setup-1.03.exe
2014-10-25 12:22 - 2014-10-25 12:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-25 12:21 - 2014-10-25 12:22 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-25 11:39 - 2014-10-25 11:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-25 11:39 - 2014-10-25 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-25 11:37 - 2014-10-25 11:37 - 00638888 _____ (Oracle Corporation) C:\Users\Celeste\Downloads\chromeinstall-8u25.exe
2014-10-25 11:36 - 2014-10-25 11:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-25 11:36 - 2014-10-25 11:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-25 11:36 - 2014-10-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-25 11:31 - 2014-10-25 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-25 11:31 - 2014-10-25 11:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-25 11:31 - 2014-10-25 11:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-25 11:04 - 2014-10-25 11:04 - 00003272 ____N () C:\bootsqm.dat
2014-10-24 15:55 - 2014-10-24 15:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfefccdb003b4a.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 11:40 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 11:40 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 11:39 - 2009-07-13 23:51 - 00050690 _____ () C:\Windows\setupact.log
2014-11-14 11:38 - 2012-02-28 14:35 - 02007433 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 11:35 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 11:32 - 2012-05-12 16:42 - 00000000 ____D () C:\ProgramData\WRData
2014-11-14 11:31 - 2012-02-28 15:27 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-14 11:31 - 2012-02-28 15:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-14 11:31 - 2012-02-28 15:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-14 11:31 - 2009-07-14 00:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-14 11:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 11:13 - 2010-11-20 22:47 - 00523552 _____ () C:\Windows\PFRO.log
2014-11-12 11:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-11-12 10:53 - 2012-05-12 16:42 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-11-12 10:53 - 2012-05-12 16:42 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-11-12 10:53 - 2012-05-12 16:42 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-11-12 10:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-29 08:51 - 2013-06-03 12:54 - 00000000 ____D () C:\ProgramData\ATTYToolbar
2014-10-27 14:55 - 2013-12-08 15:10 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 13:03 - 2013-11-10 18:54 - 00000000 ____D () C:\ProgramData\Big Fish
2014-10-25 13:03 - 2013-11-10 18:51 - 00000000 ____D () C:\BigFishCache
2014-10-25 11:39 - 2013-11-13 17:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-25 11:39 - 2012-05-12 16:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-25 11:37 - 2012-05-13 17:15 - 00000000 ____D () C:\Users\Celeste\AppData\Local\Adobe
2014-10-25 11:36 - 2012-02-28 15:14 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-25 11:21 - 2013-11-10 19:11 - 00000000 ____D () C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legacy Interactive
2014-10-25 11:21 - 2013-11-10 19:10 - 00000000 ____D () C:\Program Files (x86)\Legacy Interactive
2014-10-25 11:20 - 2013-11-10 19:20 - 00000000 ____D () C:\Program Files (x86)\VIVA MEDIA
2014-10-25 11:20 - 2012-05-12 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
2014-10-25 11:19 - 2013-11-10 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVA MEDIA
2014-10-25 09:54 - 2013-12-08 15:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
 
Some content of TEMP:
====================
C:\Users\Celeste\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Celeste\AppData\Local\Temp\contentDATs.exe
C:\Users\Celeste\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Celeste\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Celeste\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Celeste\AppData\Local\Temp\mssinstaller.exe
C:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Celeste\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Celeste\AppData\Local\Temp\SIntf16.dll
C:\Users\Celeste\AppData\Local\Temp\SIntf32.dll
C:\Users\Celeste\AppData\Local\Temp\SIntfNT.dll
C:\Users\Celeste\AppData\Local\Temp\SocPriv_adk9.exe
C:\Users\Celeste\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Celeste\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Celeste\AppData\Local\Temp\WRupdate326151.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 17:45
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02
Ran by Celeste at 2014-11-14 12:14:38
Running from C:\Users\Celeste\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0001}) (Version: 12.0.1.100 - Ask Partner Network) <==== ATTENTION
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0714.2131 - )
att.net Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - att.net)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Cole2k Media - Codec Pack (Advanced) 7.9.9 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version:  - Cole2k Media)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
eGames GameButler (HKLM-x32\...\eGames GameButler) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
GamingWonderland Toolbar (HKLM-x32\...\GamingWonderlandbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hoyle Card Games (HKLM-x32\...\Hoyle Card Games) (Version:  - )
Hoyle Casino 5 (HKLM-x32\...\Hoyle Casino 5) (Version:  - )
Hoyle Puzzle Games 2004 (HKLM-x32\...\InstallShield_{12362BED-DF87-40CD-97AB-A6DA564E8B8F}) (Version: 1.00.0000 - Sierra)
Hoyle Puzzle Games 2004 (x32 Version: 1.00.0000 - Sierra) Hidden
Hoyle Word Games (HKLM-x32\...\Hoyle Word Games) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest III (HKLM-x32\...\Jewel Quest III_is1) (Version:  - Break For Games)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office Suite X 3.3 (HKLM-x32\...\{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA}) (Version: 3.3.9567 - Office Suite X)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Penguin Puzzle (HKLM-x32\...\Penguin Puzzle) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5977 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scrabble Complete (HKLM-x32\...\{B36649A3-D0DD-4706-B042-F5B384529C7A}) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skins (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Social Privacy DNS (HKLM-x32\...\dnsshield) (Version:  - )
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIVA MEDIA GAME CENTER (HKLM-x32\...\VIVAGplayer) (Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.5.107 - Webroot)
Wheel Of Fortune (HKLM-x32\...\Wheel Of Fortune) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
24-06-2014 13:33:07 Windows Update
27-06-2014 14:38:54 Windows Update
01-07-2014 06:52:08 Windows Update
04-07-2014 14:46:55 Windows Update
08-07-2014 17:10:41 Windows Update
10-07-2014 07:00:21 Windows Update
15-07-2014 13:09:53 Windows Update
18-07-2014 22:04:53 Windows Update
24-07-2014 19:06:47 Windows Update
30-08-2014 14:11:35 Installed Java 7 Update 67
25-10-2014 16:17:37 Removed Adobe Reader XI.
25-10-2014 16:21:51 Removed Java 6 Update 22
25-10-2014 16:22:24 Removed Java 7 Update 1 (64-bit)
25-10-2014 16:23:00 Removed Java 7 Update 67
25-10-2014 16:23:37 Removed JavaFX 2.1.1
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {13C0A856-6A8E-4C20-99B1-677CF7A87541} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {2DD74D83-1116-4E5E-915F-592B5AF101F5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {321DAE9D-59A2-4FEA-B5D2-BE6EF4AF0743} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-25] (Adobe Systems Incorporated)
Task: {3A952DAB-10BC-434F-847C-90116BD72CFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {5B25D6E8-152E-4C5D-899F-589A520C0329} - \ArcadeFrontier No Task File <==== ATTENTION
Task: {A3D79E45-0CDF-4659-A4B4-42F546A1549F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {A3F832C7-AC12-4CB3-87C7-2D15A6CC2878} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BFA1B72C-3354-46C4-B6A5-1D51A480FF4F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C212FEDA-5AB3-4A18-B715-0B94CB0D2751} - System32\Tasks\4890 => Wscript.exe C:\Users\Celeste\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CF11388A-B263-4FDD-B240-834A83EA5F5E} - System32\Tasks\{7EFD0941-E0B2-4C83-927E-CF2E8C714F5E} => C:\Program Files\Webroot\WRSA.exe [2014-11-12] (Webroot)
Task: {D67F3581-A421-4B7C-B55D-87D82B405C22} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {FDF7AA18-51C2-43A6-9D03-20A73CBC0138} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfefccdb003b4a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-28 15:00 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2008-11-18 13:00 - 2008-11-18 13:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-02-28 14:55 - 2012-02-28 14:55 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-04-10 13:30 - 2014-04-10 13:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-27 14:55 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 14:55 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 14:55 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 14:55 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-27 14:55 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3130736979-1909993698-1134593641-500 - Administrator - Disabled)
Celeste (S-1-5-21-3130736979-1909993698-1134593641-1000 - Administrator - Enabled) => C:\Users\Celeste
Guest (S-1-5-21-3130736979-1909993698-1134593641-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3130736979-1909993698-1134593641-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2014 11:33:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 11:31:38 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/14/2014 11:31:20 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (11/14/2014 11:15:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 11:14:02 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/14/2014 11:13:40 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (11/12/2014 11:24:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 11:23:22 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/12/2014 11:23:10 AM) (Source: Schedule) (EventID: 0) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (11/12/2014 10:49:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/14/2014 00:14:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 00:13:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 00:13:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 00:09:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 00:06:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 00:01:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 11:59:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 11:54:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 11:52:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (11/14/2014 11:47:42 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Athlon II X2 250 Processor
Percentage of memory in use: 39%
Total physical RAM: 3838.98 MB
Available physical RAM: 2307.27 MB
Total Pagefile: 7676.13 MB
Available Pagefile: 5812.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:395.42 GB) NTFS
Drive d: (CROSSWORD) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B5871EE0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello pcemkr, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 
STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Ask Toolbar
    • att.net Toolbar
    • GamingWonderland Toolbar
    • Social Privacy DNS
    • Yahoo! Software Update
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exeHKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1541584 2013-06-06] (APN)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-06-26] (Sendori, Inc.)HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exeC:\Program Files (x86)\Social Privacy  DNSHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.live.c...ferrer:source?}SearchScopes: HKCU - DefaultScope {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo....p={searchTerms}SearchScopes: HKCU - {23E8B459-E5B7-4B98-AAD8-C19423899B97} URL = http://www.mysearchr...q={searchTerms}SearchScopes: HKCU - {540F27A1-D734-448E-84ED-791B6A68D982} URL = http://delicious.com...p={searchTerms}SearchScopes: HKCU - {92250D91-B6A4-4018-B595-83C9E7648517} URL = http://www.search.as...archTerms}&psv=SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}SearchScopes: HKCU - {B3B83059-AFF8-4C05-9D6F-AA29688C0C2C} URL = http://www.flickr.co...q={searchTerms}SearchScopes: HKCU - {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo....p={searchTerms}BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)BHO-x32: Toolbar BHO -> {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -> C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll No FileToolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)Winsock: Catalog9-x64 01 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: Catalog9-x64 02 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: Catalog9-x64 03 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: Catalog9-x64 04 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: Catalog9-x64 15 C:\Windows\system32\Sendori64.dll File Not found ()CHR HomePage: Default -> hxxp://www.yahoo.com/CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Celeste\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx [2014-01-30]R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-06] (APN LLC.)C:\Program Files (x86)\AskPartnerNetworkR2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22816 2014-06-26] (sendori)C:\Program Files (x86)\SendoriS2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [X]C:\PROGRA~2\MAPSGA~2S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTIONU0 SR; No ImagePathU2 srservice; No ImagePath2014-10-25 11:37 - 2014-10-25 11:37 - 00638888 _____ (Oracle Corporation) C:\Users\Celeste\Downloads\chromeinstall-8u25.exe2014-10-29 08:51 - 2013-06-03 12:54 - 00000000 ____D () C:\ProgramData\ATTYToolbarC:\Users\Celeste\AppData\Local\Temp\CmdLineExt02.dllC:\Users\Celeste\AppData\Local\Temp\contentDATs.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\mssinstaller.exeC:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exeC:\Users\Celeste\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Celeste\AppData\Local\Temp\SIntf16.dllC:\Users\Celeste\AppData\Local\Temp\SIntf32.dllC:\Users\Celeste\AppData\Local\Temp\SIntfNT.dllC:\Users\Celeste\AppData\Local\Temp\SocPriv_adk9.exeC:\Users\Celeste\AppData\Local\Temp\System.Data.SQLite.dllC:\Users\Celeste\AppData\Local\Temp\vcredist_x64.exeC:\Users\Celeste\AppData\Local\Temp\WRupdate326151.exeTask: {5B25D6E8-152E-4C5D-899F-589A520C0329} - \ArcadeFrontier No Task File <==== ATTENTIONTask: {C212FEDA-5AB3-4A18-B715-0B94CB0D2751} - System32\Tasks\4890 => Wscript.exe C:\Users\Celeste\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {FDF7AA18-51C2-43A6-9D03-20A73CBC0138} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTIONAlternateDataStreams: C:\ProgramData\Temp:2CB9631FHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 4
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 5
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.

 
======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK?
  • Fixlog.txt
  • MBAM log
  • AdwCleaner[s0].txt
  • JRT.txt
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Hi Adam,

My name is Kara. Thank you for your quick response.

 

I hav followed the instructions you provided and am including all of the los & info in this response.

 

 

A few notes for your fyi:

~MBAM wouldn't allow me to Save to Clipboard, so I saved as a .txt file and was able to copy/paste the info requested.

~after the AdwCleaner reboot, on of the error messages that the computer shows (which I may have failed tomention previously) popped up upon restart (usually when the message appears: "The application was unable to start correctly (0xc0000022). Click ok to close the application."

Otherwise, all ran smoothly!

 

 

Thank you for your support!

~Kara

 

FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02

Ran by Celeste (administrator) on CELESTE-DESKTOP on 16-11-2014 07:47:13

Running from C:\Users\Celeste\Downloads

Loaded Profile: Celeste (Available profiles: Celeste)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Webroot) C:\Program Files\Webroot\WRSA.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Webroot) C:\Program Files\Webroot\WRSA.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor)

HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [770672 2014-11-12] (Webroot)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-06-26] (Sendori, Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoViewOnDrive] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

HKLM\...\Policies\Explorer: [NoShellSearchButton] 0

HKLM\...\Policies\Explorer: [NoFind] 0

HKLM\...\Policies\Explorer: [NoFile] 0

HKLM\...\Policies\Explorer: [HideClock] 0

HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0

HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKLM\...\Policies\Explorer: [NoSetFolders] 0

HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKLM\...\Policies\Explorer: [NoSetTaskbar] 0

HKLM\...\Policies\Explorer: [NoDeletePrinter] 0

HKLM\...\Policies\Explorer: [NoDFSTab] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKLM\...\Policies\Explorer: [NoLogoff] 0

HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0

HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0

HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKLM\...\Policies\Explorer: [NoResolveSearch] 0

HKLM\...\Policies\Explorer: [NoSaveSettings] 0

HKLM\...\Policies\Explorer: [NoHardwareTab] 0

HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKLM\...\Policies\Explorer: [NoDesktop] 0

HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Run: [blaze] => C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.exe [835072 2014-01-22] (Blaze)

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0

HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk

ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk

ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net

URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File

URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

SearchScopes: HKLM - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL =

SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

SearchScopes: HKCU - DefaultScope {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}

SearchScopes: HKCU - {23E8B459-E5B7-4B98-AAD8-C19423899B97} URL = http://www.mysearchresults.com/search?&c=2631&t=03&q={searchTerms}

SearchScopes: HKCU - {540F27A1-D734-448E-84ED-791B6A68D982} URL = http://delicious.com/search?p={searchTerms}

SearchScopes: HKCU - {92250D91-B6A4-4018-B595-83C9E7648517} URL = http://www.search.ask.com/web?p2=%5EADM%5EOSJ000%5EYY%5EUS&gct=&itbv=12.0.1.100&o=APN10614&tpid=ORJ-V7&apn_uid=C5905122-711E-4D56-80AB-73573300F3EE&apn_ptnrs=ADM&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_10.0.9200.16611&doi=2013-07-08&trgb=IE&q={searchTerms}&psv=

SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm247^YYA^us&si=CD9093&ptb=398CE191-9C36-4C58-920A-C9F66FCE4244&ind=2013091210&n=77fd558a&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKCU - {B3B83059-AFF8-4C05-9D6F-AA29688C0C2C} URL = http://www.flickr.com/search/?q={searchTerms}

SearchScopes: HKCU - {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=616163&p={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)

BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File

BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)

BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-3130736979-1909993698-1134593641-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

Winsock: Catalog9-x64 01 C:\Windows\system32\Sendori64.dll File Not found ()

Winsock: Catalog9-x64 02 C:\Windows\system32\Sendori64.dll File Not found ()

Winsock: Catalog9-x64 03 C:\Windows\system32\Sendori64.dll File Not found ()

Winsock: Catalog9-x64 04 C:\Windows\system32\Sendori64.dll File Not found ()

Winsock: Catalog9-x64 15 C:\Windows\system32\Sendori64.dll File Not found ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186

Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 75.126.206.18,184.173.169.186

Tcpip\..\Interfaces\{8BA0949D-6E58-403F-82C3-67261D136EA8}: [NameServer] 75.126.206.18,184.173.169.186

Tcpip\..\Interfaces\{B057D18F-602F-4608-9A11-ED558AB645F3}: [NameServer] 75.126.206.18,184.173.169.186

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-02]

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.yahoo.com/

CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"

CHR Profile: C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]

CHR Extension: (Google Drive) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]

CHR Extension: (Google Search) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]

CHR Extension: (Webroot Filtering Extension) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-02]

CHR Extension: (Google Wallet) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]

CHR Extension: (Webroot Password Manager) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-12-08]

CHR Extension: (Gmail) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]

CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]

CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Celeste\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx [2014-01-30]

CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22816 2014-06-26] (sendori)

R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [770672 2014-11-12] (Webroot)

S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [X]

S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTION

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)

R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-11-12] (Webroot)

U0 SR; No ImagePath

U2 srservice; No ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-16 07:45 - 2014-11-16 07:45 - 00005586 _____ () C:\Users\Celeste\Downloads\fixlist.txt

2014-11-16 07:41 - 2014-11-16 07:41 - 00005586 _____ () C:\Users\Celeste\Documents\fixlist.txt

2014-11-16 07:28 - 2014-11-16 07:28 - 00000000 ____D () C:\Users\Celeste\AppData\Local\VS Revo Group

2014-11-16 07:27 - 2014-11-16 07:27 - 00001039 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-11-16 07:27 - 2014-11-16 07:27 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-11-16 07:27 - 2014-11-16 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-11-16 07:27 - 2014-11-16 07:27 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-11-16 07:27 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2014-11-16 07:26 - 2014-11-16 07:27 - 10691640 _____ (VS Revo Group ) C:\Users\Celeste\Downloads\RevoUninProSetup.exe

2014-11-16 07:26 - 2014-11-16 07:27 - 10691640 _____ (VS Revo Group ) C:\Users\Celeste\Downloads\RevoUninProSetup (1).exe

2014-11-16 07:26 - 2014-11-16 07:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Celeste\Downloads\revosetup.exe

2014-11-14 12:14 - 2014-11-16 07:47 - 00028861 _____ () C:\Users\Celeste\Downloads\FRST.txt

2014-11-14 12:14 - 2014-11-14 12:14 - 00023280 _____ () C:\Users\Celeste\Downloads\Addition.txt

2014-11-14 12:13 - 2014-11-16 07:47 - 00000000 ____D () C:\FRST

2014-11-14 12:12 - 2014-11-14 12:13 - 02116608 _____ (Farbar) C:\Users\Celeste\Downloads\FRST64.exe

2014-11-12 10:57 - 2014-11-14 11:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-12 10:57 - 2014-11-12 10:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-12 10:57 - 2014-11-12 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-12 10:57 - 2014-11-12 10:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-12 10:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-12 10:57 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-12 10:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-12 10:56 - 2014-11-12 10:57 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025 (2).exe

2014-11-12 10:56 - 2014-11-12 10:56 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025 (1).exe

2014-10-25 13:45 - 2014-10-25 13:45 - 00065232 _____ (Malwarebytes) C:\Users\Celeste\Downloads\regassassin-setup-1.03.exe

2014-10-25 12:22 - 2014-10-25 12:22 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-25 12:21 - 2014-10-25 12:22 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-25 11:39 - 2014-10-25 11:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-10-25 11:39 - 2014-10-25 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-25 11:37 - 2014-10-25 11:37 - 00638888 _____ (Oracle Corporation) C:\Users\Celeste\Downloads\chromeinstall-8u25.exe

2014-10-25 11:36 - 2014-10-25 11:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-10-25 11:36 - 2014-10-25 11:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk

2014-10-25 11:36 - 2014-10-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-10-25 11:31 - 2014-10-25 11:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-25 11:31 - 2014-10-25 11:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-25 11:31 - 2014-10-25 11:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-25 11:04 - 2014-10-25 11:04 - 00003272 ____N () C:\bootsqm.dat

2014-10-24 15:55 - 2014-10-24 15:55 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfefccdb003b4a.job

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-16 07:38 - 2012-08-04 11:54 - 00000000 ____D () C:\ProgramData\Yahoo!

2014-11-16 07:38 - 2012-08-04 11:54 - 00000000 ____D () C:\Program Files (x86)\Yahoo!

2014-11-16 07:31 - 2013-06-03 12:54 - 00000000 ____D () C:\ProgramData\ATTYToolbar

2014-11-16 07:14 - 2012-05-12 16:42 - 00000000 ____D () C:\ProgramData\WRData

2014-11-14 11:40 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-14 11:40 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-14 11:39 - 2009-07-13 23:51 - 00050690 _____ () C:\Windows\setupact.log

2014-11-14 11:38 - 2012-02-28 14:35 - 02007433 _____ () C:\Windows\WindowsUpdate.log

2014-11-14 11:35 - 2009-07-14 00:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-14 11:31 - 2012-02-28 15:27 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks

2014-11-14 11:31 - 2012-02-28 15:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks

2014-11-14 11:31 - 2012-02-28 15:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-11-14 11:31 - 2009-07-14 00:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-14 11:31 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-14 11:13 - 2010-11-20 22:47 - 00523552 _____ () C:\Windows\PFRO.log

2014-11-12 11:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech

2014-11-12 10:53 - 2012-05-12 16:42 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll

2014-11-12 10:53 - 2012-05-12 16:42 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys

2014-11-12 10:53 - 2012-05-12 16:42 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll

2014-11-12 10:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-27 14:55 - 2013-12-08 15:10 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-25 13:03 - 2013-11-10 18:54 - 00000000 ____D () C:\ProgramData\Big Fish

2014-10-25 13:03 - 2013-11-10 18:51 - 00000000 ____D () C:\BigFishCache

2014-10-25 11:39 - 2013-11-13 17:38 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-25 11:39 - 2012-05-12 16:21 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-25 11:37 - 2012-05-13 17:15 - 00000000 ____D () C:\Users\Celeste\AppData\Local\Adobe

2014-10-25 11:36 - 2012-02-28 15:14 - 00000000 ____D () C:\ProgramData\Adobe

2014-10-25 11:21 - 2013-11-10 19:11 - 00000000 ____D () C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legacy Interactive

2014-10-25 11:21 - 2013-11-10 19:10 - 00000000 ____D () C:\Program Files (x86)\Legacy Interactive

2014-10-25 11:20 - 2013-11-10 19:20 - 00000000 ____D () C:\Program Files (x86)\VIVA MEDIA

2014-10-25 11:20 - 2012-05-12 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames

2014-10-25 11:19 - 2013-11-10 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVA MEDIA

2014-10-25 09:54 - 2013-12-08 15:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

 

Some content of TEMP:

====================

C:\Users\Celeste\AppData\Local\Temp\CmdLineExt02.dll

C:\Users\Celeste\AppData\Local\Temp\contentDATs.exe

C:\Users\Celeste\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Celeste\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Celeste\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Celeste\AppData\Local\Temp\mssinstaller.exe

C:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exe

C:\Users\Celeste\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Celeste\AppData\Local\Temp\SIntf16.dll

C:\Users\Celeste\AppData\Local\Temp\SIntf32.dll

C:\Users\Celeste\AppData\Local\Temp\SIntfNT.dll

C:\Users\Celeste\AppData\Local\Temp\SocPriv_adk9.exe

C:\Users\Celeste\AppData\Local\Temp\System.Data.SQLite.dll

C:\Users\Celeste\AppData\Local\Temp\vcredist_x64.exe

C:\Users\Celeste\AppData\Local\Temp\WRupdate326151.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-18 17:45

 

==================== End Of Log ============================

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/16/2014

Scan Time: 7:55:02 AM

Logfile: MBAM scan log.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.16.02

Rootkit Database: v2014.11.12.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Celeste

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 339524

Time Elapsed: 20 min, 36 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

# AdwCleaner v4.101 - Report created 16/11/2014 at 08:46:54

# Updated 09/11/2014 by Xplode

# Database : 2014-11-07.1 [Local]

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Celeste - CELESTE-DESKTOP

# Running from : C:\Users\Celeste\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : MapsGalaxy_39Service

Service Deleted : Service Sendori

[#] Service Deleted : sndappv2

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\apn

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Sendori

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\Sendori

Folder Deleted : C:\Users\Celeste\AppData\Local\iac

Folder Deleted : C:\Users\Celeste\AppData\Local\visi_coupon

Folder Deleted : C:\Users\Celeste\AppData\Local\Temp\apn

Folder Deleted : C:\Users\Celeste\AppData\LocalLow\iac

Folder Deleted : C:\Users\Celeste\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Public\Documents\iWin

File Deleted : C:\Users\Public\Desktop\Facebook.lnk

File Deleted : C:\Users\Public\Desktop\Youtube.lnk

File Deleted : C:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exe

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122692212}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5637-006A-76A7-7A786E7484D7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5637-006A-76A7-7A786E7484D7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{92250D91-B6A4-4018-B595-83C9E7648517}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKLM\SOFTWARE\Babylon

Key Deleted : HKLM\SOFTWARE\DefaultTab

Key Deleted : HKLM\SOFTWARE\Freeze.com

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

 

-\\ Google Chrome v38.0.2125.111

 

 

*************************

 

AdwCleaner[R0].txt - [10457 octets] - [16/11/2014 08:42:22]

AdwCleaner[s0].txt - [9957 octets] - [16/11/2014 08:46:54]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10017 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.9 (11.15.2014:2)

OS: Windows 7 Home Premium x64

Ran by Celeste on Sun 11/16/2014 at  9:06:26.26

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.DynamicBarButton

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.DynamicBarButton.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.FeedManager.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLMenu.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.HTMLPanel.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.MultipleButton.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.PseudoTransparentPlugin.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.Radio.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.RadioSettings

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.RadioSettings.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ScriptButton.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SettingsPlugin.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.SkinLauncher.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ThirdPartyInstaller.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.UrlAlertButton

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.UrlAlertButton.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.XMLSessionPlugin

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.XMLSessionPlugin.1

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{23E8B459-E5B7-4B98-AAD8-C19423899B97}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\pcdr"

Successfully deleted: [Folder] "C:\Users\Celeste\AppData\Roaming\pcdr"

Successfully deleted: [Folder] "C:\Users\Celeste\appdata\local\installation assistant"

Successfully deleted: [Folder] "C:\Program Files (x86)\installation assistant"

Successfully deleted: [Empty Folder] C:\Users\Celeste\appdata\local\{ABA25397-81B7-4E52-9E9E-9FB65A2A67C9}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/16/2014 at  9:10:51.76

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Whoops! My apologies.  :blush:

 

Here is the orrect fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 02
Ran by Celeste at 2014-11-16 10:32:23 Run:1
Running from C:\Users\Celeste\Downloads
Loaded Profile: Celeste (Available profiles: Celeste)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe(sendori) 
C:\Program Files (x86)\Sendori\Sendori.Service.exe(APN) C:\Program Files 
(x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe(Sendori, Inc.) C:\Program 
Files (x86)\Sendori\SendoriTray.exeHKLM-x32\...\Run: [ApnTBMon] => C:\Program 
Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1541584 
2013-06-06] (APN)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [sendori Tray] => 
C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-06-26] (Sendori, 
Inc.)HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy  
DNS\dnswatch.exeC:\Program Files (x86)\Social Privacy  DNSHKCU\Software\Microsoft\Internet 
Explorer\Main,Start Page = http://search.yahoo....p={searchTerms}SearchScopes: '>http://search.yahoo....p={searchTerms}SearchScopes: 
HKCU - {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo....p={search
 Terms}BH
 O-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> 
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! 
Inc.)BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> 
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN 
LLC.)BHO-x32: Toolbar BHO -> {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -> 
C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll No FileToolbar: HKLM-x32 - Yahoo! 
Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files 
(x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)Toolbar: HKLM-x32 - Ask 
Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files 
(x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)Winsock: 
Catalog9-x64 01 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: 
Catalog9-x64 02 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: 
Catalog9-x64 03 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: 
Catalog9-x64 04 C:\Windows\system32\Se
 ndori64.
 dll File Not found ()Winsock: Catalog9-x64 15 C:\Windows\system32\Sendori64.dll 
File Not found ()CHR HomePage: Default -> hxxp://www.yahoo.com/CHR StartupUrls: 
Default -> "hxxp://www.yahoo.com/"CHR HKLM-x32\...\Chrome\Extension: 
[mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Celeste\AppData\Local\Installation 
Assistant\Chrome\Installation Assistant.crx [2014-01-30]R2 APNMCP; C:\Program 
Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-06] (APN 
LLC.)C:\Program Files (x86)\AskPartnerNetworkR2 Service Sendori; C:\Program 
Files (x86)\Sendori\Sendori.Service.exe [22816 2014-06-26] (sendori)C:\Program 
Files (x86)\SendoriS2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe 
[X]C:\PROGRA~2\MAPSGA~2S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe 
[X] <==== ATTENTIONU0 SR; No ImagePathU2 srservice; No ImagePath2014-10-25 11:37 
- 2014-10-25 11:37 - 00638888 _____ (Oracle Corporation) C:\Users\Celeste\Downloads\chromeinstall-8u25.exe2014-10-29 
08:51 
 - 2013-0
 6-03 12:54 - 00000000 ____D () C:\ProgramData\ATTYToolbarC:\Users\Celeste\AppData\Local\Temp\CmdLineExt02.dllC:\Users\Celeste\AppData\Local\Temp\contentDATs.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\mssinstaller.exeC:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exeC:\Users\Celeste\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Celeste\AppData\Local\Temp\SIntf16.dllC:\Users\Celeste\AppData\Local\Temp\SIntf32.dllC:\Users\Celeste\AppData\Local\Temp\SIntfNT.dllC:\Users\Celeste\AppData\Local\Temp\SocPriv_adk9.exeC:\Users\Celeste\AppData\Local\Temp\System.Data.SQLite.dllC:\Users\Celeste\AppData\Local\Temp\vcredist_x64.exeC:\Users\Celeste\AppData\Local\Temp\WRupdate326151.exeTask: 
{5B25D6E8-152E-4C5D-899F-589A520C0329} - \ArcadeFrontier No Task File <==== 
ATTENTIONTask: {C212FEDA-5AB
 3-4A18-B
 715-0B94CB0D2751} - System32\Tasks\4890 => Wscript.exe C:\Users\Celeste\AppData\Local\Temp\launchie.vbs 
//B <==== ATTENTIONTask: {FDF7AA18-51C2-43A6-9D03-20A73CBC0138} - 
System32\Tasks\0 => Iexplore.exe  <==== ATTENTIONAlternateDataStreams: 
C:\ProgramData\Temp:2CB9631FHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 
=> ""="service"CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int 
ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
*****************
 
start(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe(sendori) => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Sendori\Sendori.Service.exe(APN) C:\Program Files" => File/Directory not found.
(x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe(Sendori, Inc.) C:\Program => Error: No automatic fix found for this entry.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Files (x86)\Sendori\SendoriTray.exeApnTBMon => Value not found.
Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1541584 => Error: No automatic fix found for this entry.
"2013-06-06] (APN)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [sendori Tray] =>" => File/Directory not found.
"C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-06-26] (Sendori," => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Inc.)dnsshield => Value not found.
DNS\dnswatch.exeC:\Program Files (x86)\Social Privacy  DNSHKCU\Software\Microsoft\Internet => Error: No automatic fix found for this entry.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\Explorer\Main,Start Page = http://search.yahoo....p={searchTerms}SearchScopes: => Error: No automatic fix found for this entry.
HKCU - {23E8B459-E5B7-4B98-AAD8-C19423899B97} URL = http://www.mysearchr...q={searchTerms}SearchScopes: => Error: No automatic fix found for this entry.
HKCU - {540F27A1-D734-448E-84ED-791B6A68D982} URL = http://delicious.com...p={searchTerms}SearchScopes: => Error: No automatic fix found for this entry.
HKCU - {92250D91-B6A4-4018-B595-83C9E7648517} URL = http://www.search.as...archTerms}&psv=SearchScopes: => Error: No automatic fix found for this entry.
HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}SearchScopes: => Error: No automatic fix found for this entry.
HKCU - {B3B83059-AFF8-4C05-9D6F-AA29688C0C2C} URL = http://www.flickr.co...q={searchTerms}SearchScopes: => Error: No automatic fix found for this entry.
HKCU - {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo....p={search => Error: No automatic fix found for this entry.
Terms}BH => Error: No automatic fix found for this entry.
O-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo!" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}" => Key not found.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}" => Key not found.
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}" => Key not found.
"HKCR\Wow6432Node\CLSID\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}" => Key not found.
"C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll No FileToolbar: HKLM-x32 - Yahoo!" => File/Directory not found.
Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\(x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)Toolbar: HKLM-x32 - Ask => Value not found.
"HKCR\Wow6432Node\CLSID\(x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)Toolbar: HKLM-x32 - Ask" => Key not found.
Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files => Error: No automatic fix found for this entry.
(x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)Winsock: => Error: No automatic fix found for this entry.
Catalog9-x64 01 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: => Error: No automatic fix found for this entry.
Catalog9-x64 02 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: => Error: No automatic fix found for this entry.
Catalog9-x64 03 C:\Windows\system32\Sendori64.dll File Not found ()Winsock: => Error: No automatic fix found for this entry.
Catalog9-x64 04 C:\Windows\system32\Se => Error: No automatic fix found for this entry.
ndori64. => Error: No automatic fix found for this entry.
Winsock: Catalog entry dll File Not found ()15 => Not found.
Chrome StartupUrls not detected.
Default -> "hxxp://www.yahoo.com/"CHR HKLM-x32\...\Chrome\Extension: => Error: No automatic fix found for this entry.
[mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Celeste\AppData\Local\Installation => Error: No automatic fix found for this entry.
Assistant\Chrome\Installation Assistant.crx [2014-01-30]R2 APNMCP; C:\Program => Error: No automatic fix found for this entry.
Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-06] (APN => Error: No automatic fix found for this entry.
LLC.)C:\Program Files (x86)\AskPartnerNetworkR2 Service Sendori; C:\Program => Error: No automatic fix found for this entry.
Files (x86)\Sendori\Sendori.Service.exe [22816 2014-06-26] (sendori)C:\Program => Error: No automatic fix found for this entry.
Files (x86)\SendoriS2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe => Error: No automatic fix found for this entry.
[X]C:\PROGRA~2\MAPSGA~2S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe => Error: No automatic fix found for this entry.
[X] <==== ATTENTIONU0 SR; No ImagePathU2 srservice; No ImagePath2014-10-25 11:37 => Error: No automatic fix found for this entry.
- 2014-10-25 11:37 - 00638888 _____ (Oracle Corporation) C:\Users\Celeste\Downloads\chromeinstall-8u25.exe2014-10-29 => Error: No automatic fix found for this entry.
08:51 => Error: No automatic fix found for this entry.
- 2013-0 => Error: No automatic fix found for this entry.
6-03 12:54 - 00000000 ____D () C:\ProgramData\ATTYToolbarC:\Users\Celeste\AppData\Local\Temp\CmdLineExt02.dllC:\Users\Celeste\AppData\Local\Temp\contentDATs.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Celeste\AppData\Local\Temp\mssinstaller.exeC:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exeC:\Users\Celeste\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Celeste\AppData\Local\Temp\SIntf16.dllC:\Users\Celeste\AppData\Local\Temp\SIntf32.dllC:\Users\Celeste\AppData\Local\Temp\SIntfNT.dllC:\Users\Celeste\AppData\Local\Temp\SocPriv_adk9.exeC:\Users\Celeste\AppData\Local\Temp\System.Data.SQLite.dllC:\Users\Celeste\AppData\Local\Temp\vcredist_x64.exeC:\Users\Celeste\AppData\Local\Temp\WRupdate326151.exeTask: => Error: No automatic fix found for this entry.
{5B25D6E8-152E-4C5D-899F-589A520C0329} - \ArcadeFrontier No Task File <==== => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\ATTENTIONTask: {C212FEDA-5AB" => Key not found.
3-4A18-B => Error: No automatic fix found for this entry.
715-0B94CB0D2751} - System32\Tasks\4890 => Wscript.exe C:\Users\Celeste\AppData\Local\Temp\launchie.vbs => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\//B <==== ATTENTIONTask: {FDF7AA18-51C2-43A6-9D03-20A73CBC0138} -" => Key not found.
System32\Tasks\0 => Iexplore.exe  <==== ATTENTIONAlternateDataStreams: => Error: No automatic fix found for this entry.
"C:\ProgramData\Temp:2CB9631FHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => File/Directory not found.
 
========= => ""="service" ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int =========
 
'"service"' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
========= ipv4 reset netsh int ipv6 resetEmptyTemp:end =========
 
'ipv4' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
==== End of Fixlog ====
 
Please let me know if there is anything you need from me.  :)
 
Thanks...Kara
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

*sigh* 

again my apologies.

 

I hope this is correct:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 02
Ran by Celeste at 2014-11-16 10:49:59 Run:2
Running from C:\Users\Celeste\Downloads
Loaded Profile: Celeste (Available profiles: Celeste)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1541584 2013-06-06] (APN)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sendori Tray] => C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2014-06-26] (Sendori, Inc.)
HKLM-x32\...\Run: [dnsshield] => C:\Program Files (x86)\Social Privacy  DNS\dnswatch.exe
C:\Program Files (x86)\Social Privacy  DNS
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {23E8B459-E5B7-4B98-AAD8-C19423899B97} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKCU - {540F27A1-D734-448E-84ED-791B6A68D982} URL = http://delicious.com...p={searchTerms}
SearchScopes: HKCU - {92250D91-B6A4-4018-B595-83C9E7648517} URL = http://www.search.as...archTerms}&psv=
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKCU - {B3B83059-AFF8-4C05-9D6F-AA29688C0C2C} URL = http://www.flickr.co...q={searchTerms}
SearchScopes: HKCU - {B4D27414-50CC-44FA-926C-2808E380E19B} URL = http://search.yahoo....p={searchTerms}
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
BHO-x32: Toolbar BHO -> {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} -> C:\PROGRA~2\GAMING~2\bar\1.bin\gtbar.dll No File
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.)
Winsock: Catalog9-x64 01 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Sendori64.dll File Not found ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Sendori64.dll File Not found ()
CHR HomePage: Default -> hxxp://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR HKLM-x32\...\Chrome\Extension: [mmddbcpechilpapallpbdpcekmgibofi] - C:\Users\Celeste\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx [2014-01-30]
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-06] (APN LLC.)
C:\Program Files (x86)\AskPartnerNetwork
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22816 2014-06-26] (sendori)
C:\Program Files (x86)\Sendori
S2 MapsGalaxy_39Service; C:\PROGRA~2\MAPSGA~2\bar\1.bin\39barsvc.exe [X]
C:\PROGRA~2\MAPSGA~2
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [X] <==== ATTENTION
U0 SR; No ImagePath
U2 srservice; No ImagePath
2014-10-25 11:37 - 2014-10-25 11:37 - 00638888 _____ (Oracle Corporation) C:\Users\Celeste\Downloads\chromeinstall-8u25.exe
2014-10-29 08:51 - 2013-06-03 12:54 - 00000000 ____D () C:\ProgramData\ATTYToolbar
C:\Users\Celeste\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Celeste\AppData\Local\Temp\contentDATs.exe
C:\Users\Celeste\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Celeste\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Celeste\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Celeste\AppData\Local\Temp\mssinstaller.exe
C:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Celeste\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Celeste\AppData\Local\Temp\SIntf16.dll
C:\Users\Celeste\AppData\Local\Temp\SIntf32.dll
C:\Users\Celeste\AppData\Local\Temp\SIntfNT.dll
C:\Users\Celeste\AppData\Local\Temp\SocPriv_adk9.exe
C:\Users\Celeste\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Celeste\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Celeste\AppData\Local\Temp\WRupdate326151.exe
Task: {5B25D6E8-152E-4C5D-899F-589A520C0329} - \ArcadeFrontier No Task File <==== ATTENTION
Task: {C212FEDA-5AB3-4A18-B715-0B94CB0D2751} - System32\Tasks\4890 => Wscript.exe C:\Users\Celeste\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {FDF7AA18-51C2-43A6-9D03-20A73CBC0138} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe => No running process found
C:\Program Files (x86)\Sendori\Sendori.Service.exe => No running process found
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe => No running process found
C:\Program Files (x86)\Sendori\SendoriTray.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Sendori Tray => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\dnsshield => Value not found.
"C:\Program Files (x86)\Social Privacy  DNS" => File/Directory not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key deleted successfully.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCR\Wow6432Node\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{23E8B459-E5B7-4B98-AAD8-C19423899B97}" => Key not found.
"HKCR\CLSID\{23E8B459-E5B7-4B98-AAD8-C19423899B97}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{540F27A1-D734-448E-84ED-791B6A68D982}" => Key deleted successfully.
"HKCR\CLSID\{540F27A1-D734-448E-84ED-791B6A68D982}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92250D91-B6A4-4018-B595-83C9E7648517}" => Key not found.
"HKCR\CLSID\{92250D91-B6A4-4018-B595-83C9E7648517}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCR\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3B83059-AFF8-4C05-9D6F-AA29688C0C2C}" => Key deleted successfully.
"HKCR\CLSID\{B3B83059-AFF8-4C05-9D6F-AA29688C0C2C}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B4D27414-50CC-44FA-926C-2808E380E19B}" => Key deleted successfully.
"HKCR\CLSID\{B4D27414-50CC-44FA-926C-2808E380E19B}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-006A-76A7-7A786E7484D7}" => Key not found.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}" => Key not found.
"HKCR\Wow6432Node\CLSID\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5637-006A-76A7-7A786E7484D7} => Value not found.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5637-006A-76A7-7A786E7484D7}" => Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mmddbcpechilpapallpbdpcekmgibofi" => Key deleted successfully.
"C:\Users\Celeste\AppData\Local\Installation Assistant\Chrome\Installation Assistant.crx" => File/Directory not found.
APNMCP => Service not found.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
Service Sendori => Service not found.
"C:\Program Files (x86)\Sendori" => File/Directory not found.
MapsGalaxy_39Service => Service not found.
"C:\PROGRA~2\MAPSGA~2" => File/Directory not found.
sndappv2 => Service not found.
SR => Service deleted successfully.
srservice => Service deleted successfully.
C:\Users\Celeste\Downloads\chromeinstall-8u25.exe => Moved successfully.
C:\ProgramData\ATTYToolbar => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\CmdLineExt02.dll => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\contentDATs.exe => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
"C:\Users\Celeste\AppData\Local\Temp\OptimizerPro.exe" => File/Directory not found.
C:\Users\Celeste\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\SIntf16.dll => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\SIntf32.dll => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\SIntfNT.dll => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\SocPriv_adk9.exe => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\System.Data.SQLite.dll => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Celeste\AppData\Local\Temp\WRupdate326151.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B25D6E8-152E-4C5D-899F-589A520C0329}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B25D6E8-152E-4C5D-899F-589A520C0329}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ArcadeFrontier" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C212FEDA-5AB3-4A18-B715-0B94CB0D2751}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C212FEDA-5AB3-4A18-B715-0B94CB0D2751}" => Key deleted successfully.
C:\Windows\System32\Tasks\4890 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4890" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDF7AA18-51C2-43A6-9D03-20A73CBC0138}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDF7AA18-51C2-43A6-9D03-20A73CBC0138}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sndappv2" => Key deleted successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 6.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

OK, good job. 

Can you tell me exactly what issues remain, and run the following scan below. 

 

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Thanks Adam!

 

I did a reboot before runing FRST again to see if the error message would pop up again. The reboot prompted an update to the computer (43 updates!-wow!). The updates ran and the following error box still pops up:

 

chrome.exe-application error:

"the application was unable to start correctly (0xc0000022). Click ok to close the appication."

 

I ran FRST as you instructed...the logs are included below:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 02
Ran by Celeste (administrator) on CELESTE-DESKTOP on 16-11-2014 11:58:58
Running from C:\Users\Celeste\Downloads
Loaded Profile: Celeste (Available profiles: Celeste)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8321568 2009-11-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [770672 2014-11-12] (Webroot)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Run: [blaze] => C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.exe [835072 2014-01-22] (Blaze)
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.net
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll (Webroot)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (Webroot)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-3130736979-1909993698-1134593641-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{8BA0949D-6E58-403F-82C3-67261D136EA8}: [NameServer] 75.126.206.18,184.173.169.186
Tcpip\..\Interfaces\{B057D18F-602F-4608-9A11-ED558AB645F3}: [NameServer] 75.126.206.18,184.173.169.186
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-10-02]
 
Chrome: 
=======
CHR Profile: C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Webroot Password Manager) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-12-08]
CHR Extension: (Gmail) - C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-30]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [770672 2014-11-12] (Webroot)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [115680 2014-11-12] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-16 11:25 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-11-16 11:25 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-11-16 11:23 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-11-16 11:23 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-11-16 11:23 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-16 11:23 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-16 11:23 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-11-16 11:23 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-11-16 11:23 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-11-16 11:23 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-11-16 10:46 - 2014-11-16 10:46 - 00005590 _____ () C:\Users\Celeste\Downloads\fixlist (1).txt
2014-11-16 10:31 - 2014-11-16 10:31 - 00000000 ____D () C:\Users\Celeste\Downloads\FRST-OlderVersion
2014-11-16 09:33 - 2014-11-16 09:34 - 00000000 ____D () C:\Users\Celeste\AppData\Roaming\PCDr
2014-11-16 09:32 - 2014-11-16 09:32 - 00000000 ____D () C:\ProgramData\PCDr
2014-11-16 09:12 - 2014-11-16 09:12 - 04918960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-16 09:06 - 2014-11-16 09:06 - 00000000 ____D () C:\Windows\ERUNT
2014-11-16 09:05 - 2014-11-16 09:05 - 01707532 _____ (Thisisu) C:\Users\Celeste\Downloads\JRT.exe
2014-11-16 09:04 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-16 09:04 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-16 09:04 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-16 09:04 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-16 09:04 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-16 09:04 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-16 09:04 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-16 09:04 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-16 09:04 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-16 09:04 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-16 09:04 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-16 09:04 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-16 09:04 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-11-16 09:04 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-11-16 09:04 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-11-16 09:04 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-11-16 09:04 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-16 09:04 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-16 09:04 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-16 09:04 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-16 09:04 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-16 09:04 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-16 09:03 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-16 09:03 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-16 09:03 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-16 09:03 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-16 09:03 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-16 09:03 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-16 09:03 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-16 09:03 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-16 09:03 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-16 09:03 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-16 09:03 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-16 09:03 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-16 09:03 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-16 09:03 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-16 09:03 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-16 09:03 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-16 09:03 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-16 09:03 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-16 09:03 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-16 09:03 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-16 09:03 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-16 09:03 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-16 09:03 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-16 09:03 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-16 09:03 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-16 09:03 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-16 09:03 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-16 09:03 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-16 09:03 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-16 09:03 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-16 09:03 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-16 09:03 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-16 09:03 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-16 09:03 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-16 09:03 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-16 09:03 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-16 09:03 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-16 09:03 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-16 09:03 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-16 09:03 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-16 09:03 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-16 09:03 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-16 09:03 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-16 09:03 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-16 09:03 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-16 09:03 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-16 09:03 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-16 09:03 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-16 09:03 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-16 09:03 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-16 09:03 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-16 09:03 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-16 09:03 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-16 09:03 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-16 09:03 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-16 09:03 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-16 09:03 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-16 09:03 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-16 09:03 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-16 09:03 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-16 09:02 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-16 09:02 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-16 09:02 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-16 09:02 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-16 09:02 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-16 09:02 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-16 09:02 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-16 09:02 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-16 09:02 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-16 09:02 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-16 09:02 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-16 09:02 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-16 09:02 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-16 09:02 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-16 09:02 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-16 09:02 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-16 09:02 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-16 09:02 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-16 09:02 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-16 09:02 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-16 09:02 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-16 09:02 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-16 09:02 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-16 09:02 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-16 09:02 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-16 09:02 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-16 09:02 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-16 09:02 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-16 09:02 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-16 09:02 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-16 09:02 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-16 09:02 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-16 09:02 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-16 09:02 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-16 09:02 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-16 09:02 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-16 09:02 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-16 09:02 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-16 09:02 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-16 09:02 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-16 09:02 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-11-16 09:02 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-16 09:02 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-16 09:02 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-16 09:02 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-16 09:02 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-11-16 09:01 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-16 09:01 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-16 09:01 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-16 09:01 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-16 09:01 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-16 09:01 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-11-16 09:01 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-11-16 09:01 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-11-16 09:01 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-16 09:01 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-16 09:01 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-16 09:01 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-16 09:01 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-16 09:01 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-16 08:48 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-16 08:48 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-16 08:48 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-16 08:48 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-16 08:48 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-16 08:48 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-16 08:48 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-16 08:48 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-16 08:48 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-16 08:48 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-16 08:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-16 08:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-16 08:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-16 08:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-16 08:36 - 2014-11-16 08:46 - 00000000 ____D () C:\AdwCleaner
2014-11-16 08:35 - 2014-11-16 08:36 - 02140160 _____ () C:\Users\Celeste\Desktop\AdwCleaner.exe
2014-11-16 08:06 - 2014-11-16 08:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0019e2185d347.job
2014-11-16 07:41 - 2014-11-16 07:41 - 00005586 _____ () C:\Users\Celeste\Documents\fixlist.txt
2014-11-16 07:28 - 2014-11-16 07:28 - 00000000 ____D () C:\Users\Celeste\AppData\Local\VS Revo Group
2014-11-16 07:27 - 2014-11-16 07:27 - 00001039 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-11-16 07:27 - 2014-11-16 07:27 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-11-16 07:27 - 2014-11-16 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-11-16 07:27 - 2014-11-16 07:27 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-11-16 07:27 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-11-16 07:26 - 2014-11-16 07:27 - 10691640 _____ (VS Revo Group ) C:\Users\Celeste\Downloads\RevoUninProSetup.exe
2014-11-16 07:26 - 2014-11-16 07:27 - 10691640 _____ (VS Revo Group ) C:\Users\Celeste\Downloads\RevoUninProSetup (1).exe
2014-11-16 07:26 - 2014-11-16 07:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Celeste\Downloads\revosetup.exe
2014-11-14 12:14 - 2014-11-16 11:59 - 00024806 _____ () C:\Users\Celeste\Downloads\FRST.txt
2014-11-14 12:14 - 2014-11-14 12:14 - 00023280 _____ () C:\Users\Celeste\Downloads\Addition.txt
2014-11-14 12:13 - 2014-11-16 11:59 - 00000000 ____D () C:\FRST
2014-11-14 12:12 - 2014-11-16 10:31 - 02117120 _____ (Farbar) C:\Users\Celeste\Downloads\FRST64.exe
2014-11-12 10:57 - 2014-11-16 09:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 10:57 - 2014-11-12 10:57 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 10:57 - 2014-11-12 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 10:57 - 2014-11-12 10:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 10:57 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 10:57 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 10:57 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-12 10:56 - 2014-11-12 10:57 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025 (2).exe
2014-11-12 10:56 - 2014-11-12 10:56 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-10-25 13:45 - 2014-10-25 13:45 - 00065232 _____ (Malwarebytes) C:\Users\Celeste\Downloads\regassassin-setup-1.03.exe
2014-10-25 12:22 - 2014-10-25 12:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-25 12:21 - 2014-10-25 12:22 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Celeste\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-25 11:39 - 2014-10-25 11:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-25 11:39 - 2014-10-25 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-25 11:36 - 2014-10-25 11:36 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-25 11:36 - 2014-10-25 11:36 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-25 11:36 - 2014-10-25 11:36 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-25 11:31 - 2014-11-16 11:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-25 11:31 - 2014-11-16 09:12 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-25 11:31 - 2014-11-16 09:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-24 15:55 - 2014-11-16 08:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfefccdb003b4a.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-16 11:56 - 2013-12-08 15:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-16 11:56 - 2012-02-28 15:27 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-16 11:56 - 2012-02-28 15:27 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-16 11:56 - 2012-02-28 15:00 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-16 11:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 11:56 - 2009-07-13 23:51 - 00050914 _____ () C:\Windows\setupact.log
2014-11-16 11:55 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 11:55 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 11:51 - 2009-07-13 23:45 - 00326000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 11:49 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-16 11:49 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-16 11:48 - 2012-02-28 14:35 - 01089537 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 11:46 - 2013-08-24 13:21 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-16 11:32 - 2011-02-10 11:10 - 00775546 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-16 11:31 - 2009-07-14 00:13 - 00775546 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 11:29 - 2013-08-05 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-16 11:19 - 2013-12-08 15:09 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-16 10:55 - 2013-08-24 16:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-11-16 10:55 - 2013-08-24 16:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-11-16 10:55 - 2010-11-20 22:47 - 00524748 _____ () C:\Windows\PFRO.log
2014-11-16 10:31 - 2012-05-12 16:42 - 00000000 ____D () C:\ProgramData\WRData
2014-11-16 10:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-11-16 09:40 - 2013-05-24 10:26 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-16 09:12 - 2012-08-11 15:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-16 08:49 - 2013-08-24 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-16 08:46 - 2013-06-14 15:05 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{127ADA07-097A-4FEE-B1BC-485B3BBAFB63}
2014-11-16 07:38 - 2012-08-04 11:54 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-11-16 07:38 - 2012-08-04 11:54 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-11-14 11:31 - 2009-07-14 00:08 - 00032580 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-12 11:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-11-12 10:53 - 2012-05-12 16:42 - 00154760 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-11-12 10:53 - 2012-05-12 16:42 - 00115680 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2014-11-12 10:53 - 2012-05-12 16:42 - 00105320 _____ (Webroot) C:\Windows\system32\WRusr.dll
2014-11-12 10:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-31 23:26 - 2012-05-19 21:33 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-27 14:55 - 2013-12-08 15:10 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 13:03 - 2013-11-10 18:54 - 00000000 ____D () C:\ProgramData\Big Fish
2014-10-25 13:03 - 2013-11-10 18:51 - 00000000 ____D () C:\BigFishCache
2014-10-25 11:39 - 2013-11-13 17:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-25 11:39 - 2012-05-12 16:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-25 11:37 - 2012-05-13 17:15 - 00000000 ____D () C:\Users\Celeste\AppData\Local\Adobe
2014-10-25 11:36 - 2012-02-28 15:14 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-25 11:21 - 2013-11-10 19:11 - 00000000 ____D () C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Legacy Interactive
2014-10-25 11:21 - 2013-11-10 19:10 - 00000000 ____D () C:\Program Files (x86)\Legacy Interactive
2014-10-25 11:20 - 2013-11-10 19:20 - 00000000 ____D () C:\Program Files (x86)\VIVA MEDIA
2014-10-25 11:20 - 2012-05-12 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
2014-10-25 11:19 - 2013-11-10 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIVA MEDIA
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-16 09:59
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2014 02
Ran by Celeste at 2014-11-16 11:59:49
Running from C:\Users\Celeste\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AIO_CDA_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0714.2131 - )
att.net Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - att.net)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - PopCap Games)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C6100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
c6100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Cole2k Media - Codec Pack (Advanced) 7.9.9 (HKLM-x32\...\Cole2k Media - Codec Pack) (Version:  - Cole2k Media)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
eGames GameButler (HKLM-x32\...\eGames GameButler) (Version:  - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hoyle Card Games (HKLM-x32\...\Hoyle Card Games) (Version:  - )
Hoyle Casino 5 (HKLM-x32\...\Hoyle Casino 5) (Version:  - )
Hoyle Puzzle Games 2004 (HKLM-x32\...\InstallShield_{12362BED-DF87-40CD-97AB-A6DA564E8B8F}) (Version: 1.00.0000 - Sierra)
Hoyle Puzzle Games 2004 (x32 Version: 1.00.0000 - Sierra) Hidden
Hoyle Word Games (HKLM-x32\...\Hoyle Word Games) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Quest III (HKLM-x32\...\Jewel Quest III_is1) (Version:  - Break For Games)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office Suite X 3.3 (HKLM-x32\...\{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA}) (Version: 3.3.9567 - Office Suite X)
Peggle Deluxe (HKLM-x32\...\Peggle Deluxe) (Version:  - PopCap Games)
Penguin Puzzle (HKLM-x32\...\Penguin Puzzle) (Version:  - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5977 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.1 - VS Revo Group, Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Scrabble Complete (HKLM-x32\...\{B36649A3-D0DD-4706-B042-F5B384529C7A}) (Version:  - )
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skins (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIVA MEDIA GAME CENTER (HKLM-x32\...\VIVAGplayer) (Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.5.107 - Webroot)
Wheel Of Fortune (HKLM-x32\...\Wheel Of Fortune) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
30-08-2014 14:11:35 Installed Java 7 Update 67
25-10-2014 16:17:37 Removed Adobe Reader XI.
25-10-2014 16:21:51 Removed Java 6 Update 22
25-10-2014 16:22:24 Removed Java 7 Update 1 (64-bit)
25-10-2014 16:23:00 Removed Java 7 Update 67
25-10-2014 16:23:37 Removed JavaFX 2.1.1
16-11-2014 12:31:16 Revo Uninstaller Pro's restore point - Ask Toolbar
16-11-2014 12:33:43 Revo Uninstaller Pro's restore point - GamingWonderland Toolbar
16-11-2014 12:37:49 Revo Uninstaller Pro's restore point - Social Privacy DNS
16-11-2014 12:38:39 Revo Uninstaller Pro's restore point - Yahoo! Software Update
16-11-2014 13:47:36 Windows Update
16-11-2014 16:22:56 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {13C0A856-6A8E-4C20-99B1-677CF7A87541} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {18876E84-138C-4327-B035-95B69CE54DEB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {2DD74D83-1116-4E5E-915F-592B5AF101F5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {321DAE9D-59A2-4FEA-B5D2-BE6EF4AF0743} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16] (Adobe Systems Incorporated)
Task: {3A952DAB-10BC-434F-847C-90116BD72CFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {A3D79E45-0CDF-4659-A4B4-42F546A1549F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {A3F832C7-AC12-4CB3-87C7-2D15A6CC2878} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BFA1B72C-3354-46C4-B6A5-1D51A480FF4F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {CF11388A-B263-4FDD-B240-834A83EA5F5E} - System32\Tasks\{7EFD0941-E0B2-4C83-927E-CF2E8C714F5E} => C:\Program Files\Webroot\WRSA.exe [2014-11-12] (Webroot)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfefccdb003b4a.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0019e2185d347.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-02-28 15:00 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2008-11-18 13:00 - 2008-11-18 13:00 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-02-28 14:55 - 2012-02-28 14:55 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3130736979-1909993698-1134593641-500 - Administrator - Disabled)
Celeste (S-1-5-21-3130736979-1909993698-1134593641-1000 - Administrator - Enabled) => C:\Users\Celeste
Guest (S-1-5-21-3130736979-1909993698-1134593641-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3130736979-1909993698-1134593641-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/16/2014 11:57:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 11:56:42 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/16/2014 11:52:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 11:52:04 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/16/2014 10:57:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/16/2014 10:55:57 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.
 
Error: (11/16/2014 10:01:18 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/16/2014 11:58:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (11/16/2014 11:54:16 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (11/16/2014 11:53:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (11/16/2014 10:57:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (11/16/2014 10:57:19 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Client Virtualization Handler service hung on starting.
 
Error: (11/16/2014 10:26:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD Athlon II X2 250 Processor
Percentage of memory in use: 30%
Total physical RAM: 3838.98 MB
Available physical RAM: 2665.69 MB
Total Pagefile: 7676.13 MB
Available Pagefile: 6303.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:401.84 GB) NTFS
Drive d: (CROSSWORD) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B5871EE0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Kara,
 
Is that the only error you're receiving? 
 
Please do the following. 
 
STEP 1
MgeHyNE.png Internet Flush

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo off(ipconfig /releaseipconfig /renewipconfig /flushdnsnetsh winsock reset allnetsh int ipv4 resetnetsh int ipv6 reset) 1> "%userprofile%\desktop\log.txt" 2>&1shutdown -r -t 1del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file flush.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate flush.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Your computer will reboot. If not, please manually reboot. 
  • A log (log.txt) will be saved to your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
EtQetiM.png Uninstall/Reinstall Chrome

  • Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
  • Download and install U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Google Chrome.
     

STEP 3
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click Finish.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • log.txt
  • Did Chrome uninstall/reinstall OK?
  • ESET Online Scan log
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Hi Adam,

 

Yes, that appears to be the only message.

 

After following all of the instructions, I did a reboot and still receive that message.

 

It appears Chrome did uninstall and reinstall ok.

 

Here are the latest logs:

 

 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::405e:667b:4b23:10ed%11
   Default Gateway . . . . . . . . . : 
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:20fa:3638:b339:d733
   Link-local IPv6 Address . . . . . : fe80::20fa:3638:b339:d733%15
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Windows IP Configuration
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Link-local IPv6 Address . . . . . : fe80::405e:667b:4b23:10ed%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.70
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.254
 
Tunnel adapter isatap.gateway.2wire.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 9:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Tunnel adapter Local Area Connection* 11:
 
   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:20fa:3638:b339:d733
   Link-local IPv6 Address . . . . . : fe80::20fa:3638:b339:d733%15
   Default Gateway . . . . . . . . . : ::
 
Tunnel adapter isatap.{B057D18F-602F-4608-9A11-ED558AB645F3}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
 
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sendori\DynLib.dll.vir a variant of Win32/AdWare.Sendori.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sendori\Interop.PCProxyLib.dll.vir a variant of Win32/AdWare.Sendori.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sendori\Sendori.Service.exe.vir a variant of Win32/AdWare.Sendori.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sendori\SendoriTray.exe.vir a variant of Win32/AdWare.Sendori.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Sendori\SendoriUp.exe.vir a variant of Win32/AdWare.Sendori.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows\Installer\MSIB54D.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\C2MP\Set_Defaults.exe Win32/Spy.Zbot.ZR trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\C2MP\Set_Defaults.exe Win32/Spy.Zbot.ZR trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
 
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

OK Kara, we'll get to the error next. 
For now, please do the following. 
 
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\Windows\System32\C2MP\Set_Defaults.exe
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

OK, looks like that detection by ESET is a false-positive. 
 
After running the FRST Script below, please take a screenshot of the error you're experiencing at startup.

  • Instructions on how to take a screenshot can be found in this article.
  • Upload the image to Imgur.com and paste the URL in your next reply. 
     

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.

    startC:\Windows\Installer\MSIB54D.tmpC:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll EmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Screenshot image: http://imgur.com/MiQfsUL

 

FRST fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 02
Ran by Celeste at 2014-11-16 15:33:42 Run:3
Running from C:\Users\Celeste\Downloads
Loaded Profile: Celeste (Available profiles: Celeste)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Windows\Installer\MSIB54D.tmp
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll 
EmptyTemp:
end
*****************
 
C:\Windows\Installer\MSIB54D.tmp => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll" => File/Directory not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll => Moved successfully.
EmptyTemp: => Removed 90.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

No, there have been no issues opening Chrome normally...this message just pops up every time the computer boots up.

 

The Revo-uninstall just had a whole mess of chrome & such in bold to remove/delete.

Rebooted & Got the same message when I rebooted after uninstall & cleanup.

 

One additional note: When I went to open/run Revo, I actually went to the original file (i forgot there was a shortcut on my desktop-doh)...when it went to setup, the antivirus had a Malware threat box popup with the following information:

 

Group: Pua.defaulttab

 

Location: c:\first\quarantine\c\wind...\npdefaulttabsearch.dll.xbad

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Kara, 

 

Please do the following. 

 

YjhLJro.png SystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind*chrome*:folderfind*chrome*:regfindchrome
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Attach the log in your next reply. 
  • Click the OCFv7xc.png button. 
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Hi Adam,

 

Here's the latest:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:57 on 17/11/2014 by Celeste
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*chrome*"
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RH5X9DA\Google Chrome.lnk --a---- 2296 bytes [17:47 16/11/2014] [17:47 16/11/2014] 493834EDB12DD78466DB4CF4254820F0
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RX9EZDO\Application\chrome.exe --a---- 854344 bytes [17:47 16/11/2014] [23:57 05/11/2014] 966FE904599B9A0F80EA498851180829
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RX9EZDO\Application\38.0.2125.122\chrome.dll --a---- 31892808 bytes [17:47 16/11/2014] [23:56 05/11/2014] 523853B47C3BC1EDC57CE0DB76DADAA6
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RX9EZDO\Application\38.0.2125.122\chrome_100_percent.pak --a---- 1035723 bytes [17:47 16/11/2014] [23:34 05/11/2014] DE317C17D56A79CFCD63C53D26F5B97E
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RX9EZDO\Application\38.0.2125.122\chrome_200_percent.pak --a---- 1549198 bytes [17:47 16/11/2014] [23:34 05/11/2014] CD32C813722D8C4A8DE9A147D2157A19
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RX9EZDO\Application\38.0.2125.122\chrome_child.dll --a---- 34137416 bytes [17:47 16/11/2014] [23:56 05/11/2014] CBF7724F517D22DB0FE73688FB24AB4D
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RX9EZDO\Application\38.0.2125.122\chrome_elf.dll --a---- 133448 bytes [17:47 16/11/2014] [23:56 05/11/2014] 6F7C96F30FA67F22649174F049217244
C:\$Recycle.Bin\S-1-5-21-3130736979-1909993698-1134593641-1000\$RX9EZDO\Application\38.0.2125.122\Installer\chrome.7z --a---- 159718944 bytes [17:47 16/11/2014] [23:57 05/11/2014] CF4D74624BE80F76426A2394B3DA69AD
C:\FRST\Quarantine\C\Users\Celeste\Downloads\chromeinstall-8u25.exe.xBAD --a---- 638888 bytes [16:37 25/10/2014] [16:37 25/10/2014] 3A582BF6FD39DC6A52AAF316126B40BA
C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\38.0.2125.122\38.0.2125.122_chrome_installer.exe --a---- 41093712 bytes [17:47 16/11/2014] [17:36 11/11/2014] D804A4D7DF4228FC0C6105933EEAD715
C:\Program Files (x86)\Google\Update\Install\{771E695C-EAE2-452F-BCE6-BD51A10D81A0}\38.0.2125.122_chrome_installer.exe --a---- 41093712 bytes [17:47 16/11/2014] [17:36 11/11/2014] D804A4D7DF4228FC0C6105933EEAD715
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3\chrome.manifest --a---- 2420 bytes [16:15 20/09/2009] [16:15 20/09/2009] 1FDF107786AB015024F1591D52770D1B
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3\xre\components\chrome.xpt --a---- 344 bytes [16:15 20/09/2009] [16:15 20/09/2009] 5C4C1EEE3E531BF931D1A3E24B0BAAEC
C:\ProgramData\WRData\PKG\lpchrome.crx --a---- 3257417 bytes [15:05 15/11/2012] [15:00 11/12/2013] B5FD68E17DD271F46D6591A94ACEEFF6
C:\ProgramData\WRData\PKG\Chrome\CHROME_1.0.0.14.crx --a---- 158574 bytes [23:07 05/12/2013] [23:07 05/12/2013] EFF39F4E752580C979A7FC3996C2CE11
C:\ProgramData\WRData\PKG\Chrome\CHROME_1.0.0.21.crx --a---- 160124 bytes [14:21 14/12/2013] [14:21 14/12/2013] 12DAF258EDAC44C14E7ED367BDA2216E
C:\ProgramData\WRData\PKG\Chrome\CHROME_1.0.0.23.crx --a---- 158285 bytes [15:08 15/01/2014] [15:08 15/01/2014] 7C62CF286B137B16628D8BD758646F60
C:\ProgramData\WRData\PKG\Chrome\CHROME_1.0.0.26.crx --a---- 158541 bytes [23:41 30/01/2014] [23:41 30/01/2014] C1FC4AE11D38404A2A53F3CC6557FE1A
C:\ProgramData\WRData\PKG\Chrome\CHROME_1.0.0.32.crx --a---- 158661 bytes [14:38 07/03/2014] [14:38 07/03/2014] CA5960530691F7A9CABB9B3719DAFC3C
C:\ProgramData\WRData\PKG\Chrome\CHROME_1.0.0.40.crx --a---- 163897 bytes [13:05 08/08/2014] [13:05 08/08/2014] D59955C224A9660B3B5B4479C76A5836
C:\ProgramData\WRData\PKG\Chrome\CHROME_1.0.2.42.crx --a---- 160422 bytes [13:54 24/10/2014] [13:54 24/10/2014] 0522FA8A42D15510933369FA0EAAA319
C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome.manifest --a---- 1093 bytes [23:07 05/12/2013] [13:54 24/10/2014] 0842A96612427F455400F2EFBAEA6C4E
C:\Users\All Users\WRData\PKG\lpchrome.crx --a---- 3257417 bytes [15:05 15/11/2012] [15:00 11/12/2013] B5FD68E17DD271F46D6591A94ACEEFF6
C:\Users\All Users\WRData\PKG\Chrome\CHROME_1.0.0.14.crx --a---- 158574 bytes [23:07 05/12/2013] [23:07 05/12/2013] EFF39F4E752580C979A7FC3996C2CE11
C:\Users\All Users\WRData\PKG\Chrome\CHROME_1.0.0.21.crx --a---- 160124 bytes [14:21 14/12/2013] [14:21 14/12/2013] 12DAF258EDAC44C14E7ED367BDA2216E
C:\Users\All Users\WRData\PKG\Chrome\CHROME_1.0.0.23.crx --a---- 158285 bytes [15:08 15/01/2014] [15:08 15/01/2014] 7C62CF286B137B16628D8BD758646F60
C:\Users\All Users\WRData\PKG\Chrome\CHROME_1.0.0.26.crx --a---- 158541 bytes [23:41 30/01/2014] [23:41 30/01/2014] C1FC4AE11D38404A2A53F3CC6557FE1A
C:\Users\All Users\WRData\PKG\Chrome\CHROME_1.0.0.32.crx --a---- 158661 bytes [14:38 07/03/2014] [14:38 07/03/2014] CA5960530691F7A9CABB9B3719DAFC3C
C:\Users\All Users\WRData\PKG\Chrome\CHROME_1.0.0.40.crx --a---- 163897 bytes [13:05 08/08/2014] [13:05 08/08/2014] D59955C224A9660B3B5B4479C76A5836
C:\Users\All Users\WRData\PKG\Chrome\CHROME_1.0.2.42.crx --a---- 160422 bytes [13:54 24/10/2014] [13:54 24/10/2014] 0522FA8A42D15510933369FA0EAAA319
C:\Users\All Users\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome.manifest --a---- 1093 bytes [23:07 05/12/2013] [13:54 24/10/2014] 0842A96612427F455400F2EFBAEA6C4E
C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.dll --a---- 31175168 bytes [20:55 28/01/2014] [19:41 22/01/2014] 8C6E8722B7B0317382AB77A8B6ACDF3C
C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.exe --a---- 835072 bytes [20:55 28/01/2014] [19:41 22/01/2014] 211CE0904C103A2DDA597E4BABAB0514
C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.exe.manifest --a---- 1234 bytes [20:55 28/01/2014] [13:55 15/01/2014] 06572E43A4FA5D077D9E4C42F0C92D0E
C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.pak --a---- 5639 bytes [20:55 28/01/2014] [22:51 14/01/2014] 0E6E7E4DB56E2507056720B04D5838B6
C:\Users\Celeste\AppData\Local\Blaze\Application\chrome_100_percent.pak --a---- 1085727 bytes [20:55 28/01/2014] [22:51 14/01/2014] 8BBECB93F168816E6D0F77207049BFA1
C:\Users\Celeste\AppData\Local\Blaze\Application\chrome_elf.dll --a---- 6656 bytes [20:55 28/01/2014] [22:52 14/01/2014] 4226B7C82C53D70640A3375FC83951AF
C:\Users\Celeste\AppData\Local\Blaze\Application\chrome_touch_100_percent.pak --a---- 993422 bytes [20:55 28/01/2014] [22:51 14/01/2014] 45F700901FDF459DD469EDD2C0959551
C:\Users\Celeste\AppData\Local\Blaze\Application\ppGoogleNaClPluginChrome.dll --a---- 387072 bytes [20:55 28/01/2014] [22:41 21/01/2014] ADDF5155D0A923A114A0BA4BB21524AB
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\css\ATX.chrome.browserAction.css --a---- 15612 bytes [20:55 28/01/2014] [22:05 09/12/2013] 9B300FF30FCF209A49F2FCC2DD7AE685
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\css\ATX.chrome.options.css --a---- 10929 bytes [20:55 28/01/2014] [22:05 09/12/2013] 719A5293FE734F9E6F91B918AFEE62A4
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\html\ATX.chrome.background.html --a---- 1899 bytes [20:55 28/01/2014] [22:05 09/12/2013] 813C93A9BBBD63F1EB296A433BF01905
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\html\ATX.chrome.browserAction.html --a---- 3416 bytes [20:55 28/01/2014] [22:05 09/12/2013] CC23237BA5781441E12FDF8EE94485BC
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\html\ATX.chrome.options.html --a---- 5634 bytes [20:55 28/01/2014] [22:05 09/12/2013] 6C9097174A68CA5E19412AFB78DF8237
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\html\ATX.chrome.servicesNotification.html --a---- 344 bytes [20:55 28/01/2014] [22:05 09/12/2013] BFD14697A4A5692E97C8B26183B7E43C
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.browserAction.js --a---- 13106 bytes [20:55 28/01/2014] [22:05 09/12/2013] 1B4D74D0F5916938612CFFBB410C9AB6
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.browserActionScripts.js --a---- 681 bytes [20:55 28/01/2014] [22:05 09/12/2013] DD300BE7F9C77DE60A9809047C073199
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.constants.js --a---- 1287 bytes [20:55 28/01/2014] [22:05 09/12/2013] 59F55FCDE79505E079E1BF84C10626CF
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.content.general.js --a---- 1140 bytes [20:55 28/01/2014] [22:05 09/12/2013] 6A3F852E7032CB98246B438C009AFDFE
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.content.image.js --a---- 740 bytes [20:55 28/01/2014] [22:05 09/12/2013] 36B111CE63A3E5F218752012FF0A34F8
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.content.intercept.js --a---- 811 bytes [20:55 28/01/2014] [22:05 09/12/2013] A5744E773043BD4E611D87757B39D39A
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.content.meta.js --a---- 802 bytes [20:55 28/01/2014] [22:05 09/12/2013] 988CA6A0EEAD30D4EDE2143C53A13F28
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.content.page.js --a---- 887 bytes [20:55 28/01/2014] [22:05 09/12/2013] 08A1F0740DC2DFE6671D5DD4296F9266
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.content.pinterest.js --a---- 777 bytes [20:55 28/01/2014] [22:05 09/12/2013] 47E606196F4552DE6B96EF0C0A700314
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.contextMenu.js --a---- 3053 bytes [20:55 28/01/2014] [22:05 09/12/2013] AAEA6356BF902D07CDEA97BDC2975D95
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.environment.js --a---- 46 bytes [20:55 28/01/2014] [22:05 09/12/2013] 629D2AEB9DC4D9F3846D4D610905A303
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.facebookHandler.js --a---- 2871 bytes [20:55 28/01/2014] [22:05 09/12/2013] FADA8417C54815BC85848D4753406451
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.init.js --a---- 3786 bytes [20:55 28/01/2014] [22:05 09/12/2013] ED02356C237AE3C086E83B171D230508
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.installation.js --a---- 579 bytes [20:55 28/01/2014] [22:05 09/12/2013] 3C6C8A89A5336CCFF162EF2B43E98C35
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.main.js --a---- 191 bytes [20:55 28/01/2014] [22:05 09/12/2013] 588F701D7BF3241DE8D4E99E8FCD2FAF
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.messenger.js --a---- 573 bytes [20:55 28/01/2014] [22:05 09/12/2013] 96A77AF928BB7D42E7CAE91ABB9E73F7
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.options.js --a---- 12537 bytes [20:55 28/01/2014] [22:05 09/12/2013] 02F0D891F3EA10C121D4D30DF5EEAABB
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.optionScripts.js --a---- 2832 bytes [20:55 28/01/2014] [22:05 09/12/2013] B98640EB4326A17DBB342711A60FA2DF
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.preferences.js --a---- 4515 bytes [20:55 28/01/2014] [22:05 09/12/2013] 6B634413AF8F8DC372B9B5E1BAB4B213
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.search.js --a---- 572 bytes [20:55 28/01/2014] [22:05 09/12/2013] 0073A6490088FC3A41CB8FA173F29455
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.serviceNotification.js --a---- 1278 bytes [20:55 28/01/2014] [22:05 09/12/2013] B898218A5EE9FB99591FA2995705D4AA
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.services.js --a---- 1329 bytes [20:55 28/01/2014] [22:05 09/12/2013] 425D2DEADAFB8DB6B559A1D24256DCFA
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.share.js --a---- 2881 bytes [20:55 28/01/2014] [22:05 09/12/2013] 85CA33A197155D08EDC8630A40635209
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.track.js --a---- 298 bytes [20:55 28/01/2014] [22:05 09/12/2013] 3509309A2E23F01798AB3A06843E4EB4
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.twitterHandler.js --a---- 5822 bytes [20:55 28/01/2014] [22:05 09/12/2013] 0D014366B18D934BA8EB96AADC0C74F8
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.3_0\js\ATX.chrome.util.js --a---- 2171 bytes [20:55 28/01/2014] [22:05 09/12/2013] 32AB645384A0D93BC39B7245F3FB13D4
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm\0.8.884_0\chrome.tabs.executeScriptInFrame.js --a---- 9915 bytes [20:55 28/01/2014] [14:04 20/01/2014] 8315C31D3D18041991A52A27AC1740AD
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage --a---- 3072 bytes [20:55 28/01/2014] [16:16 12/12/2013] FAB9724E7C2B3F4CD2285947E7C4B631
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage-journal --a---- 3608 bytes [20:55 28/01/2014] [16:16 12/12/2013] A49966CAA79EC81DD16A6B108ACDF222
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_cgbogdmdefihhljhfeiklfiedefalcde_0.localstorage --a---- 30720 bytes [20:55 28/01/2014] [18:40 12/12/2013] 19CCFD1DEFD005BCE9621890D0A903BA
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_cgbogdmdefihhljhfeiklfiedefalcde_0.localstorage-journal --a---- 6704 bytes [20:55 28/01/2014] [18:40 12/12/2013] D4F3D373D5A245E9F021A37C104B5097
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_ggmannhmodmjhbeopklpiaekchfgfchf_0.localstorage --a---- 3072 bytes [20:55 28/01/2014] [15:27 10/12/2013] 0C95A755A8961ADDE1DFB9901D628EDC
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_ggmannhmodmjhbeopklpiaekchfgfchf_0.localstorage-journal --a---- 3608 bytes [20:55 28/01/2014] [22:05 09/12/2013] ADCC959A832016CF3D8186A641F28923
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_hhbehgjhofhcbeaclnpdlcghekbmhaaj_0.localstorage --a---- 9216 bytes [20:55 28/01/2014] [18:40 12/12/2013] F11F4012807566E4C4E1D3E9DC1DECEF
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_hhbehgjhofhcbeaclnpdlcghekbmhaaj_0.localstorage-journal --a---- 6704 bytes [20:55 28/01/2014] [18:40 12/12/2013] 4A563EDBBB127F1F55D02D768BABE296
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage --a---- 3072 bytes [20:55 28/01/2014] [22:00 09/12/2013] A55611DCE83E1D8891A03776748C2757
C:\Users\Celeste\AppData\Local\Blaze\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal --a---- 3608 bytes [20:55 28/01/2014] [22:00 09/12/2013] C4F7615FFD91F6EE33BBC3F51483B9E2
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt --a---- 4 bytes [21:11 16/11/2014] [21:11 16/11/2014] 8C1D45C0B4D710D65F91E466242C4B3C
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-devtools_devtools_0.localstorage --a---- 5120 bytes [23:19 18/12/2013] [14:03 15/08/2014] 347EF1D2267F2889051BB5BDAC2C788A
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bepbmhgboaologfdajaanbcjmnhjmhfn_0.localstorage --a---- 3072 bytes [16:36 04/08/2014] [16:36 04/08/2014] A15C335B6DCDC9D827F77C4B1882DECB
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage --a---- 3072 bytes [02:22 29/01/2014] [17:41 16/11/2014] AD9C4EC28AA41E43B01956CB85A7E476
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage --a---- 3072 bytes [03:30 27/03/2014] [18:24 10/04/2014] D252D5884C464307B593E89BA25E2905
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_peglehonblabfemopkgmfcpofbchegcl_0.localstorage --a---- 3072 bytes [03:20 27/01/2014] [01:48 29/01/2014] 14B15786CFB33568721D472CE702395C
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_chrome.google.com_0.localstorage --a---- 3072 bytes [21:29 13/12/2013] [21:29 13/12/2013] 9759E9CAB979C32ACF01DBA7E8879C1B
C:\Users\Celeste\AppData\Local\Temp\chrome_installer.log --a---- 2339 bytes [21:10 16/11/2014] [21:10 16/11/2014] A4E156C31F4D211A59DBC60E6F5E4789
C:\Users\Celeste\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk --a---- 2296 bytes [17:47 16/11/2014] [17:47 16/11/2014] 493834EDB12DD78466DB4CF4254820F0
C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\chrome script.lnk --a---- 478 bytes [13:57 17/11/2014] [13:57 17/11/2014] D76BC0FA0BC3808BB833DE74068B3E23
C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\chrome.lnk --a---- 465 bytes [21:13 16/11/2014] [21:13 16/11/2014] 31F0A56F4B2E524670C665311E4B45EB
C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\Chrome2.lnk --a---- 566 bytes [21:14 16/11/2014] [21:14 16/11/2014] 76EFE8A25C02305A7AF709290F8ACE48
C:\Users\Celeste\Desktop\chrome.PNG --a---- 277959 bytes [21:13 16/11/2014] [21:13 16/11/2014] 37C5144DB9BD4B3E09D3221E970C5D8E
C:\Users\Celeste\Desktop\Chrome2.PNG --a---- 291421 bytes [21:14 16/11/2014] [21:14 16/11/2014] 6BA39275B0FAF1C3A204B3F4CBB33090
C:\Users\Celeste\Downloads\chromeinstall-7u51.exe --a---- 921000 bytes [23:39 30/01/2014] [23:39 30/01/2014] 5C68A2107DBD9B08CACE3130FE55B062
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser --a---- 2107 bytes [00:29 19/03/2013] [00:29 19/03/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\chrome.browser --a---- 2107 bytes [22:24 21/03/2013] [22:24 21/03/2013] 8C54E6C4F9E0CC3274EA6D04AAE9436B
C:\Windows\Prefetch\CHROME.EXE-5349D2D7.pf --a---- 199784 bytes [20:05 18/12/2013] [21:10 16/11/2014] 32D6831647123FC78B136A3E349724D5
C:\Windows\System32\oobe\info\backgrounds\Win7-Chrome-1920x1200.jpg --a---- 187157 bytes [20:53 28/02/2012] [18:46 22/04/2009] A01E3E5CC11EC7D60D5B4C1F2760621F
C:\Windows\Web\Wallpaper\Dell\Win7 Chrome 1920x1200.jpg --a---- 598722 bytes [20:53 28/02/2012] [20:38 20/04/2009] E94D9D67C70C6A50BADC6CACB1A2D3CF
 
========== folderfind ==========
 
Searching for "*chrome*"
C:\FRST\Quarantine\C\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome d------ [20:33 16/11/2014]
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3\chrome d------ [22:24 02/10/2013]
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\MozillaAddOn3\xre\chrome d------ [22:24 02/10/2013]
C:\ProgramData\WRData\PKG\Chrome d------ [23:07 05/12/2013]
C:\ProgramData\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome d------ [23:07 05/12/2013]
C:\Users\All Users\WRData\PKG\Chrome d------ [23:07 05/12/2013]
C:\Users\All Users\WRData\PKG\Firefox\WebrootSecure_SocketServer\chrome d------ [23:07 05/12/2013]
C:\Users\Celeste\AppData\Local\Google\Chrome d------ [19:41 28/07/2012]
C:\Users\Celeste\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mmddbcpechilpapallpbdpcekmgibofi_0 d------ [19:29 15/10/2012]
C:\Users\Celeste\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Google Chrome-16112014-161932 d------ [21:19 16/11/2014]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome d------ [22:48 04/10/2013]
 
========== regfind ==========
 
Searching for "chrome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d634c142_0]
@="{0.0.0.00000000}.{bad4b104-ae9b-4ca5-a9a5-04f59d43c1c5}|\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f231f46d_0]
@="{0.0.0.00000000}.{e839f151-cb22-4b4d-ae81-6221c8ec0538}|\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"d"="chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"b"="chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]
"a"="chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"blaze"="C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33D2FCABEAB118846A739B1D05FCD2B6]
"548536CD3D64B404CB1BCFA41990A1AF"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\chrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C1990F3A47897A14CA069A558FF937E1]
"548536CD3D64B404CB1BCFA41990A1AF"="C?\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\xre\chrome\classic.jar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update]
"LastInstallerSuccessLaunchCmdLine"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"name"="Google Chrome binaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\query-eula-acceptance]
"CommandLine"=""C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\setup.exe" --query-eula-acceptance --system-level --verbose-logging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\Commands\quick-enable-application-host]
"CommandLine"=""C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\setup.exe" --multi-install --verbose-logging --app-launcher --ensure-google-update-present"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"name"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\install-extension]
"CommandLine"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --limited-install-from-webstore=%1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine"=""C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\setup.exe" --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"name"="Google Chrome App Launcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallString"="C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"InstallerSuccessLaunchCmdLine"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString"="C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments"=" --uninstall --multi-install --chrome --system-level --verbose-logging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\JavaSoft\Java Update\Policy]
"Method"="jchrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"=""C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.122\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared\HTML]
"KnownIDs"="htmlfile;ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WRData\Status]
"LatestThreat"="c:\frst\quarantine\c\windows\syswow64\config\systemprofile\appdata\local\google\chrome\user data\default\extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npdefaulttabsearch.dll.xbad|Pua.Defaulttab|54690A28"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WRData\Threats\History]
"2"="c:\users\celeste\appdata\local\google\chrome\user data\default\extensions\adhmhclafdhfabmmglbcngpddpdeijgd\nprivalgaminggc.dll|W32.Adware.Gamevance.Rg|50C50B17"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\WRData\Threats\History]
"166"="c:\frst\quarantine\c\windows\syswow64\config\systemprofile\appdata\local\google\chrome\user data\default\extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npdefaulttabsearch.dll.xbad|Pua.Defaulttab|54690A28"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML\DefaultIcon]
@="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d634c142_0]
@="{0.0.0.00000000}.{bad4b104-ae9b-4ca5-a9a5-04f59d43c1c5}|\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\f231f46d_0]
@="{0.0.0.00000000}.{e839f151-cb22-4b4d-ae81-6221c8ec0538}|\Device\HarddiskVolume3\Program Files (x86)\Google\Chrome\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"d"="chrome.exe"
[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"blaze"="C:\Users\Celeste\AppData\Local\Blaze\Application\chrome.exe"
 
-= EOF =-
 
 
Thanks!  :)
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Kara, 
 
We're going to remove everything associated with Chrome from your machine. 
Please let me know if you still experience the error afterwards. 
 
STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Creating System Restore Point (W7/Vista)

  • Click the Windows Start Button 29Fou9c.jpg. Right-click Computer and click Properties.
  • Click System protection in the panel on the left. 
  • Click the System Protection tab, followed by Create.
  • In the System Protection dialog box, type a description, and click Create.
  • Upon completion, close the window.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCloseProcesses:C:\Program Files (x86)\GoogleC:\Users\Celeste\AppData\Local\BlazeC:\Users\Celeste\AppData\Local\GoogleD211A59DBC60E6F5E4C:\Users\Celeste\AppData\Local\GoogleC:\Users\Celeste\AppData\Local\Temp\chrome_installer.logC:\Users\Celeste\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\chrome script.lnk C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\chrome.lnk C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\Chrome2.lnkC:\Users\Celeste\Downloads\chromeinstall-7u51.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\chrome.browser C:\Windows\Prefetch\CHROME.EXE-5349D2D7.pfC:\Users\Celeste\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Google Chrome-16112014-161932 C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Googleend
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Remove the checkmark next to the following items:
    • Remove disinfection tools
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 4
GIRjHjL.png Reg Fix 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    Windows Registry Editor Version 5.00​[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]"d"=-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]"b"=-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]"a"=-[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"blaze"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\ShimInclusionList\chrome.exe][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML][HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]"d"=-[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]"b"=-[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]"a"=-[HKEY_USERS\S-1-5-21-3130736979-1909993698-1134593641-1000\Software\Microsoft\Windows\CurrentVersion\Run]"blaze"=-
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file regfix.reg.
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate regfix.reg GIRjHjL.png on your Desktop. Right-click the file and click Merge with the Registry
  • Accept any prompts. 
  • Reboot your computer for the changes to take effect.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the regfix merge successfully?
  • After the reboot, do you still receive the error?
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Hello again Adam,

 

Here is the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 02
Ran by Celeste at 2014-11-17 11:41:47 Run:4
Running from C:\Users\Celeste\Downloads
Loaded Profile: Celeste (Available profiles: Celeste)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files (x86)\Google
C:\Users\Celeste\AppData\Local\Blaze
C:\Users\Celeste\AppData\Local\GoogleD211A59DBC60E6F5E4
C:\Users\Celeste\AppData\Local\Google
C:\Users\Celeste\AppData\Local\Temp\chrome_installer.log
C:\Users\Celeste\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk 
C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\chrome script.lnk 
C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\chrome.lnk 
C:\Users\Celeste\AppData\Roaming\Microsoft\Windows\Recent\Chrome2.lnk
C:\Users\Celeste\Downloads\chromeinstall-7u51.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\chrome.browser 
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\chrome.browser 
C:\Windows\Prefetch\CHROME.EXE-5349D2D7.pf
C:\Users\Celeste\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Google Chrome-16112014-161932 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google
end
*****************
 
It looks like the regfix merge was successful!
Also, no error on reboot...woohoo!
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Excellent. :)

We need to update your vulnerable software to reduce the risk of reinfection. 

 

Please let me know how your PC is performing after completing the steps below. 

 

STEP 1
CXrghb6.png Update Outdated Software
Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Shockwave Player 11.6 
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the 29Fou9c.jpg Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Here is the checkup.txt log:

 

 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Google Chrome (38.0.2125.122) 
 Google Chrome (chrome.exe..) 
 Google Chrome (master_preferences...) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 
The computer is running so much better & no more error messages!!!
 
Thank you Adam!
 
*I would like to add MBAM to this computer. Would you recommend I remove or uninstall the current antivirus or just turn it off?
Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Kara, 
 

*I would like to add MBAM to this computer. Would you recommend I remove or uninstall the current antivirus or just turn it off?

Do you mean MBAM Premium? This can be run in conjunction with your Anti-Virus, so you do not need to uninstall or turn Webroot off. 
 
There's a link to MBAM Premium in my list of recommended programmes below. 
 
----------------
 
Now for the good news. 
 
All Clean!
Congratulations, your computer appears clean!  :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), preventing your files from being encrypted.
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)    
Adam

Link to post
Share on other sites
pcemkr

pcemkr

Posted
  • Author
Posted

Hi Adam,

 

Yes, MBAM Premium. I didn't realize it was an appropriate companion piece to Webroot. Well make that happen to prevent as much as possible in the future!

 

Hooray for a clean machine! Everything appeared to remove successfully and the computer is running oh so smoothly..thanks!

 

I shared the good news about the clean computer with my mother...she is quite pleased! She (& especially I) is (am) grateful for your fabulous support through this process and you can expect a donation to use however best suits you.  ;) (I now need to spend a few minutes with PP for proper conversion & transaction bits) lol Am I able to access the link (if I save it) to complete this at any time?

 

I am most grateful for the articles & security suggestions. One question, from the list of recommended security programmes, is it beneficial to add more than one to a computer? I'm sure thee are folks who get over anxious and want to install them all, however, I would like to ensure that I avoid being too over-protecty and cause other issues. lol

 

I appreciate your support, patience and dedication in keeping our systems clean and well protected. It's nice having technology warriors like you on our side.  :)

 

~Peace...Kara  :D

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.