-
June 9th, 2015, 06:12 AM
#1
[Inactive] HP Studio Laptop
first:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Sharon (administrator) on SHARON-PC on 08-06-2015 21:48:56
Running from F:\
Loaded Profiles: Sharon (Available Profiles: Sharon)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(http://simple-files.com/) C:\Program Files (x86)\SmileFilesUpdater\SmileFilesUpdater.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
(SoftThinks) C:\Windows\sminst\SftService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
() C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) F:\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\RunOnce: [MyWebSearch bar Uninstall] => rundll32 C:\PROGRA~2\UNINST~1.DLL,O -2
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\Run: [Easy Dock] => [X]
HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\MountPoints2: {057f2312-7c88-11de-8e7e-00038a000015} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\MountPoints2: {29aad533-2eaf-11df-ad3c-002219ee52ac} - G:\rcaeasyrip_setup.exe
HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\MountPoints2: {4fc44098-b149-11de-8596-002219ee52ac} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2719491577-406441165-2934950541-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2006-11-02] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-06-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll [2014-02-27] (Symantec Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
HKU\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ORJ-...-23&psv=&pt=tb
SearchScopes: HKLM-x32 -> DefaultScope {6560422E-A3FB-4B3A-9D6A-D2D48BAD0FA4} URL =
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxdm572YYUS&ptb=6JtRTm9Pd6rzwKmUYp2ASw&psa=&ind=2010080211&ptnrS=ZUxdm572YYUS&si=200020&st=sb&n=77cf63d3&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> URL http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN30889068267258263&UM=2&UP=SP066BDC8E-A9C9-4758-B17C-B1C7ABFC9C98&SSPV=
SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {5C99C337-A32D-42CF-8A34-AF2D05CF588C} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=&itbv=12.15.5.30&apn_uid=08FE773B-9F99-4EE4-9C0C-BEECA4C796BB&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16563&doi=2014-08-23&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL =
BHO: youtubeadblocker -> {21d682e2-9272-4ebe-af1d-e3372acce7b2} -> C:\Program Files (x86)\youtubeadblocker\mVokkEpmucmwuL.x64.dll [2015-04-02] ()
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File
BHO: ArcadeFrontier Addon -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -> C:\Users\Sharon\AppData\Local\ArcadeFrontier\ArcadeFrontier_x64.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-19] (Oracle Corporation)
BHO: PriiCeeLeesss -> {8b14e0b1-8cf0-4f6a-91b5-31f2da1043c8} -> C:\Program Files (x86)\PriiCeeLeesss\CZ23sTFe8PtSnj.x64.dll [2015-04-02] ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-19] (Oracle Corporation)
BHO: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3x64.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06] (McAfee, Inc.)
BHO-x32: IEOptimizer -> {10AD2C61-0898-4348-8600-14A342F22AC3} -> C:\Program Files (x86)\SavingsBull\IEOptimizer.dll [2014-02-18] ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: PDF Suite Helper -> {1AD61D5B-58A3-4592-9B34-DC84688FF805} -> C:\Program Files (x86)\PDF Suite 2010\PDFIEHelper.dll [2010-02-10] (Interactive Brands)
BHO-x32: youtubeadblocker -> {21d682e2-9272-4ebe-af1d-e3372acce7b2} -> C:\Program Files (x86)\youtubeadblocker\mVokkEpmucmwuL.dll [2015-04-02] ()
BHO-x32: RivalGaming Games -> {26D675AC-D925-4bbf-A720-62C2AA4A81EB} -> C:\Users\Sharon\AppData\Local\RivalGaming\RivalGaming.dll [2012-04-06] (RivalGaming)
BHO-x32: Idmsq Extension -> {3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} -> C:\Users\Sharon\AppData\Roaming\IDMSQ\idmsqext.dll [2013-10-24] (Or Interactive Ltd)
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
BHO-x32: CIEDownload Object -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll [2007-05-08] (SMART Technologies Inc.)
BHO-x32: No Name -> {6C8DB2EC-499B-4897-A784-0E3186C97E9D} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL [2014-07-23] (Symantec Corporation)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: PriiCeeLeesss -> {8b14e0b1-8cf0-4f6a-91b5-31f2da1043c8} -> C:\Program Files (x86)\PriiCeeLeesss\CZ23sTFe8PtSnj.dll [2015-04-02] ()
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
BHO-x32: No Name -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> C:\PROGRA~2\INBOXT~1\Inbox.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: XBTBPos00 Class -> {EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} -> C:\Program Files (x86)\Brand Thunder\IE\tbcore3.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Toolbar: HKLM-x32 - PDF Suite Toolbar - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files (x86)\PDF Suite 2010\PDFIEPlugin.dll [2010-02-10] (Interactive Brands)
Toolbar: HKLM-x32 - FingerSystem IE Memo - {8D13872E-6174-49C1-B8D2-793F90CCAFAC} - C:\Program Files (x86)\Finger System Inc\Fingersystem Ipen Driver\FGIeMemo.dll [2003-02-17] ()
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll [2014-07-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {7846AE31-BEA2-438A-8F5E-2D899361656C} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4153492D-4700-A76A-76A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-2719491577-406441165-2934950541-1000 -> No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab
DPF: HKLM-x32 {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab
DPF: HKLM-x32 {21BB8360-F943-447E-98F3-3C22345375A7} http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.13.cab
DPF: HKLM-x32 {2D168880-539F-4967-BA11-F7C2862B9E1D} http://aolsvc.aol.com/onlinegames/fr...eb.1.0.0.4.cab
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} http://archives.gametap.com/static/c...pWebPlayer.cab
DPF: HKLM-x32 {639658F3-B141-4D6B-B936-226F75A5EAC3} http://aolsvc.aol.com/onlinegames/tr...2.1.0.0.67.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://aolsvc.aol.com/onlinegames/fr...ouseplayer.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab
DPF: HKLM-x32 {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/fr...sPlayer_v4.cab
DPF: HKLM-x32 {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/fr...ylomplayer.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...nt/swflash.cab
DPF: HKLM-x32 {D40F5876-A494-4124-8161-82625BB28C06} http://aolsvc.aol.com/onlinegames/fr...b.1.0.0.14.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://aolsvc.aol.com/onlinegames/be...loader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} http://aolsvc.aol.com/onlinegames/fr...eb.1.0.0.6.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Winsock: Catalog9 11 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9 12 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9 13 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9 14 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9 15 C:\Windows\SysWOW64\Gambali.dll [340944 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9-x64 01 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9-x64 02 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9-x64 03 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9-x64 04 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
Winsock: Catalog9-x64 15 C:\Windows\system32\Gambali64.dll [408424 2015-04-02] (Gambali OEM Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2010-09-22] ()
FF Plugin-x32: @ei.Retrogamer_4w.com/Plugin -> C:\Program Files (x86)\Retrogamer_4wEI\Installr\2.bin\NP4wEISB.dll [2012-12-28] (Retrogamer)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll [2013-09-06] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2719491577-406441165-2934950541-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sharon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-14] (Unity Technologies ApS)
FF Extension: RivalGaming - C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-04-06]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [FFPDFConverter@ib.com] - C:\Program Files (x86)\PDF Suite 2010\firefoxextension
FF Extension: PDF Suite Converter For Firefox - C:\Program Files (x86)\PDF Suite 2010\firefoxextension [2010-02-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn [2015-06-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\IPSFF [2014-08-22]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll No File
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
CHR Plugin: (Retrogamer Installer Plugin Stub) - C:\Program Files (x86)\Retrogamer_4wEI\Installr\2.bin\NP4wEISB.dll (Retrogamer)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Sharon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AVG Do Not Track) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\epojjbofkhffmihobdncmbhdocjljhpi [2015-04-02]
CHR Extension: (Norton Identity Safe) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-23]
CHR Extension: (We-Care Reminder) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-02-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Norton Security Toolbar) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-23]
CHR Extension: (Google Wallet) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-29]
CHR Extension: (Internet Download Manager Squared) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-03-22]
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Sharon\AppData\Local\funmoods.crx [2012-09-10]
CHR HKU\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Sharon\AppData\Local\funmoods.crx [2012-09-10]
CHR HKU\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Sharon\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Sharon\AppData\Local\funmoods.crx [2012-09-10]
CHR HKLM-x32\...\Chrome\Extension: [hgiifhjbblnglipdbpdgagphlcbililb] - C:\Users\Sharon\AppData\Local\CRE\hgiifhjbblnglipdbpdgagphlcbililb.crx [2013-12-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-22]
CHR HKLM-x32\...\Chrome\Extension: [ohenffmfbnoidogjgebadealdkecjdal] - C:\Users\Sharon\AppData\Roaming\IDMSQ\IDMSQ.crx [2013-09-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [393216 2008-02-28] (Nalpeiron Ltd.) [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-09] (Just Develop It) <==== ATTENTION
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 lxcf_device; C:\Windows\system32\lxcfcoms.exe [451584 2005-07-25] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)
S2 PDF Suite 2010 Service; C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe [725768 2010-02-10] (Interactive Brands Inc.)
R2 SftService; C:\Windows\sminst\sftservice.EXE [632048 2009-02-23] (SoftThinks)
S2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [203776 2012-02-01] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 BTHelper.exe; C:\Program Files (x86)\Brand Thunder\Helper\bin\BTHelper.exe [X]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASCTRM; C:\Windows\SysWow64\Drivers\ASCTRM.sys [8552 2009-07-26] (Windows (R) 2000 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-08-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-08-23] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20140905.001\IDSvia64.sys [633560 2014-09-02] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20140907.003\ENG64.SYS [129752 2014-08-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20140907.003\EX64.SYS [2137304 2014-08-23] (Symantec Corporation)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213120 2008-05-09] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213120 2008-05-09] (Novatel Wireless Inc.)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [10496 2007-03-08] (SMART Technologies Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-07-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2014-07-23] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-23] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2014-07-23] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS [510168 2014-07-23] (Symantec Corporation)
R1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 hlnfd; system32\drivers\hlnfd.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308030.006\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308030.006\SYMNDISV.SYS [X]
S2 X4HSX32; \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys [X]
S2 X5XSEx; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 21:19 - 2010-07-22 08:52 - 00775696 _____ (MyWebSearch.com) C:\Program Files (x86)\Uninstall Fun Web Products.dll
2015-06-08 20:58 - 2015-06-08 20:58 - 00317952 _____ C:\Windows\Minidump\Mini060815-01.dmp
2015-06-07 22:08 - 2015-06-08 21:48 - 00000000 ____D C:\FRST
2015-05-16 23:23 - 2015-05-18 16:54 - 02154496 _____ C:\Users\Sharon\Desktop\JEOPARDY GEOMETRY SOL REVIEW 14-15.ppt
2015-05-13 23:09 - 2015-04-19 17:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-05-13 23:09 - 2015-04-19 17:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-05-13 23:09 - 2015-04-19 17:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-05-13 23:09 - 2015-04-19 17:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-05-13 23:09 - 2015-04-19 16:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-13 23:09 - 2015-04-19 16:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-05-13 23:09 - 2015-04-19 16:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-13 23:09 - 2015-04-19 16:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 23:09 - 2015-04-17 20:16 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 23:09 - 2015-04-17 20:16 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 23:09 - 2015-04-17 20:16 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 23:09 - 2015-04-17 20:16 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 23:09 - 2015-04-17 19:45 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 23:09 - 2015-04-17 19:44 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 23:09 - 2015-04-17 19:35 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 23:09 - 2015-04-17 19:33 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 23:09 - 2015-04-17 19:33 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 23:09 - 2015-04-17 19:30 - 02793472 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 21:44 - 2015-04-30 12:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 21:44 - 2015-04-30 11:41 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 21:15 - 2015-04-10 19:33 - 00384512 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 21:15 - 2015-04-10 19:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\services.exe
2015-05-13 21:12 - 2015-04-30 09:14 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:12 - 2015-04-30 09:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:59 - 2015-04-09 19:52 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:59 - 2015-04-09 19:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:59 - 2015-04-09 19:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:59 - 2015-04-09 19:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:59 - 2015-04-09 19:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:59 - 2015-04-09 19:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:59 - 2015-04-09 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:59 - 2015-04-09 19:14 - 12379136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:59 - 2015-04-09 19:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:59 - 2015-04-09 19:05 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:59 - 2015-04-09 19:04 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:59 - 2015-04-09 19:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 21:59 - 2015-04-09 19:03 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:59 - 2015-04-09 19:03 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 21:59 - 2015-04-09 19:03 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:59 - 2015-04-09 19:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 21:59 - 2015-04-09 19:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:58 - 2015-04-09 20:10 - 17881088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:58 - 2015-04-09 19:55 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:58 - 2015-04-09 19:53 - 10935808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:58 - 2015-04-09 19:48 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:58 - 2015-04-09 19:46 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:58 - 2015-04-09 19:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:58 - 2015-04-09 19:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:58 - 2015-04-09 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:58 - 2015-04-09 19:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:58 - 2015-04-09 19:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:58 - 2015-04-09 19:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-12 21:58 - 2015-04-09 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:58 - 2015-04-09 19:45 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-12 21:58 - 2015-04-09 19:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-12 21:58 - 2015-04-09 19:45 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-12 21:58 - 2015-04-09 19:08 - 09750528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:58 - 2015-04-09 19:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:58 - 2015-04-09 19:05 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:58 - 2015-04-09 19:04 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:58 - 2015-04-09 19:04 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:58 - 2015-04-09 19:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-12 21:58 - 2015-04-09 19:04 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 21:58 - 2015-04-09 19:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:58 - 2015-04-09 19:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 21:58 - 2015-04-09 19:03 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-12 21:58 - 2015-04-09 19:03 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-12 21:58 - 2015-04-09 19:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-08 21:43 - 2010-06-24 22:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-08 21:23 - 2015-04-02 22:07 - 00000000 ____D C:\Program Files (x86)\SmileFiles
2015-06-08 21:07 - 2011-08-23 10:24 - 00000000 ____D C:\Windows\pss
2015-06-08 21:05 - 2012-08-28 10:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 21:05 - 2009-06-12 03:27 - 01928276 _____ C:\Windows\WindowsUpdate.log
2015-06-08 21:04 - 2010-06-24 22:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 21:00 - 2014-03-11 17:42 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\IDMSQ
2015-06-08 20:59 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 20:59 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 20:59 - 2006-11-02 11:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 20:58 - 2009-12-18 00:55 - 00000000 ____D C:\Windows\Minidump
2015-06-08 20:58 - 2009-12-18 00:54 - 794868058 _____ C:\Windows\MEMORY.DMP
2015-06-07 22:49 - 2006-11-02 11:27 - 00261436 _____ C:\Windows\setupact.log
2015-06-07 22:01 - 2006-11-02 08:46 - 00812552 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-30 11:52 - 2006-11-02 11:42 - 00032532 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-25 19:07 - 2012-06-13 15:04 - 00000000 ____D C:\Program Files\Lx_cats
2015-05-25 12:53 - 2011-12-31 21:26 - 00000000 ____D C:\Users\Sharon\AppData\Local\CrashDumps
2015-05-16 08:52 - 2014-03-11 16:50 - 00000000 ____D C:\Program Files (x86)\IDMSQ
2015-05-15 22:18 - 2006-11-02 11:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-05-14 22:38 - 2010-06-24 22:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-14 22:38 - 2010-06-24 22:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-14 16:41 - 2006-11-02 11:21 - 00403096 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-14 16:39 - 2006-11-02 11:07 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 22:30 - 2009-10-04 21:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-13 22:18 - 2013-07-24 03:02 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 22:05 - 2015-04-02 22:13 - 00000000 ____D C:\Program Files (x86)\PriiCeeLeesss
2015-05-13 21:49 - 2006-11-02 08:35 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-13 21:14 - 2006-11-02 11:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-05-13 21:12 - 2010-06-05 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 21:10 - 2009-06-12 09:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-09 09:05 - 2011-10-22 11:58 - 00002015 _____ C:\lxcf.log
==================== Files in the root of some directories =======
2015-06-08 21:19 - 2010-07-22 08:52 - 0775696 _____ (MyWebSearch.com) C:\Program Files (x86)\Uninstall Fun Web Products.dll
2009-10-19 20:19 - 2015-01-27 18:58 - 0002330 _____ () C:\Users\Sharon\AppData\Roaming\evpro32.prf
2015-01-01 00:17 - 2015-01-01 00:17 - 0000552 _____ () C:\Users\Sharon\AppData\Local\d3d8caps.dat
2014-01-01 09:45 - 2014-01-01 09:45 - 0000680 _____ () C:\Users\Sharon\AppData\Local\d3d9caps.dat
2013-11-14 12:49 - 2013-11-14 12:49 - 0007052 _____ () C:\Users\Sharon\AppData\Local\d3d9caps.tmp
2010-01-27 23:25 - 2014-09-06 15:00 - 0060928 _____ () C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-24 22:27 - 2010-06-24 22:28 - 0200065 _____ () C:\Users\Sharon\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2010-06-24 22:27 - 2010-06-24 22:27 - 0000002 _____ () C:\Users\Sharon\AppData\Local\dd_dotnetfx35error.txt
2010-06-24 22:27 - 2010-06-24 22:28 - 0109544 _____ () C:\Users\Sharon\AppData\Local\dd_dotnetfx35install.txt
2014-03-11 16:53 - 2014-03-11 16:58 - 0434964 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistMSI4A42.txt
2013-07-25 13:33 - 2013-07-25 13:33 - 0386256 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistMSI4C04.txt
2009-12-31 21:33 - 2009-12-31 21:33 - 0423272 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistMSI5A5C.txt
2014-03-11 16:53 - 2014-03-11 16:58 - 0016094 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistUI4A42.txt
2013-07-25 13:32 - 2013-07-25 13:33 - 0011378 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistUI4C04.txt
2009-12-31 21:33 - 2009-12-31 21:33 - 0011370 _____ () C:\Users\Sharon\AppData\Local\dd_vcredistUI5A5C.txt
2012-09-10 09:46 - 2012-09-10 09:46 - 0031465 _____ () C:\Users\Sharon\AppData\Local\funmoods.crx
2009-10-19 19:59 - 2014-04-17 16:57 - 0004096 ____H () C:\Users\Sharon\AppData\Local\keyfile3.drm
2010-06-24 22:27 - 2010-06-24 22:28 - 0003124 _____ () C:\Users\Sharon\AppData\Local\uxeventlog.txt
2011-12-15 22:25 - 2011-12-29 17:53 - 0001940 _____ () C:\Users\Sharon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2014-12-25 10:03 - 2014-12-25 10:03 - 0000000 _____ () C:\Users\Sharon\AppData\Local\{9F9A6295-AB11-47C0-86F2-0FF5D7FF0764}
2011-06-13 02:27 - 2011-06-13 02:27 - 0000000 _____ () C:\Users\Sharon\AppData\Local\{D63E6BA5-CCDD-4F2D-8196-7E0035FF344C}
2014-12-16 23:23 - 2014-12-16 23:23 - 0000000 _____ () C:\Users\Sharon\AppData\Local\{DCDD22A3-AEAD-42F7-B76D-5CFC34029865}
2012-09-23 17:18 - 2012-09-23 17:32 - 0000624 _____ () C:\ProgramData\hpzinstall.log
2009-10-09 16:23 - 2009-10-09 16:23 - 0001426 _____ () C:\ProgramData\productlist.xml
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.6040.dll
Some files in TEMP:
====================
C:\Users\Sharon\AppData\Local\Temp\eject.exe
C:\Users\Sharon\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Sharon\AppData\Local\Temp\msvcp71.dll
C:\Users\Sharon\AppData\Local\Temp\msvcr71.dll
C:\Users\Sharon\AppData\Local\Temp\ose00000.exe
C:\Users\Sharon\AppData\Local\Temp\tbGam0.dll
C:\Users\Sharon\AppData\Local\Temp\_is46C6.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-08 21:05
==================== End of log ============================
-
June 9th, 2015, 06:14 AM
#2
addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Sharon at 2015-06-07 22:10:39
Running from F:\
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2719491577-406441165-2934950541-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2719491577-406441165-2934950541-1002 - Limited - Enabled)
Guest (S-1-5-21-2719491577-406441165-2934950541-501 - Limited - Disabled)
Sharon (S-1-5-21-2719491577-406441165-2934950541-1000 - Administrator - Enabled) => C:\Users\Sharon
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton 360 (Enabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4 Elements II (HKLM-x32\...\985edda6b17a0e8241611d44673e451a) (Version: - )
ACECAD DigiMemo Manager (HKLM-x32\...\{50EF6812-7B51-4459-A52D-B4776DAAA415}) (Version: 1.0.0 - ACECAD)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: - )
Anti-phishing Domain Advisor (HKLM-x32\...\Anti-phishing Domain Advisor) (Version: 1.1.0.1 - Visicom Media Inc. (Powered by Panda Security))
Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{33EB1061-ABF1-4470-A540-32E97A610536}) (Version: 3.2.0.47 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArioForm Lite for ACECAD 1.1.0 (HKLM-x32\...\{5229C5BA-387D-4A65-95C9-CC3E2FDC375E}_is1) (Version: - Ariolis)
Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version: - PopCap Games)
Bonjour (HKLM\...\{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}) (Version: 2.0.3.0 - Apple Inc.)
Build It! Miami Beach Resort (HKLM-x32\...\amg-builditmiamibeachresort) (Version: - gamehouse)
Burger Shop (HKLM-x32\...\4536fc8d7c09d096a907b462f51fc84e) (Version: - )
Burger Shop 2™ (remove only) (HKLM-x32\...\Burger Shop 2™) (Version: - )
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CWA Reminder by We-Care.com v4.1.26.3 (HKLM-x32\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.3 - We-Care.com)
Deer Drive (HKLM-x32\...\111448437) (Version: - Oberon Media)
Delicious Deluxe (remove only) (HKLM-x32\...\Delicious Deluxe) (Version: - )
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.18 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: Dell DataSafe Local Backup 2.75 x64 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.08318 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.102.101.211 - Alps Electric)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: - )
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
Elementals - The Magic Key (HKLM-x32\...\16a3f7225f105619fa1519b4844d3743) (Version: - )
ExamView Pro (HKLM-x32\...\ExamView Pro) (Version: - )
Farming Simulator 2011 (HKLM-x32\...\FarmingSimulator2011_PLATINUMEN_is1) (Version: 1.0 - GIANTS Software)
Farmscapes (HKLM-x32\...\Farmscapes_is1) (Version: 1.0 - Media Contact LLC)
Fingersystem Ipen Driver (HKLM-x32\...\{69C77452-4D16-4182-B325-B2CEDABFA740}) (Version: - )
Fishdom H2O Hidden Odyssey (TM) (HKLM-x32\...\78f1b0f4810ded51b2421c2a80fbbdb9) (Version: - )
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Game Master 1.1 Toolbar (HKLM-x32\...\Game_Master_1.1 Toolbar) (Version: 6.2.7.3 - Game Master 1.1)
GameTap Web Player (HKLM-x32\...\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1) (Version: - Metaboli)
Gardenscapes - Mansion Makeover (HKLM-x32\...\46b9a12a24ec4746772406e7a1f487a2) (Version: - )
Gardenscapes (HKLM-x32\...\97aa6660c2eb5d7678ec45247eba5328) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version: - AOL Products)
Hospital Haste (HKLM-x32\...\bec1c9b3c1d035d30940bb4274f17e42) (Version: - )
Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 1.0.0 - Inbox.com, Inc.)
InteGrade Pro (HKLM-x32\...\InteGrade Pro) (Version: 9.4.0.0 - Pearson School Systems)
Integrated Webcam Driver (1.05.02.1227) (HKLM\...\Creative OA001) (Version: 1.05.02.1227 - Creative Technology Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Internet Download Manager Upgrade (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\d46796c124a73858) (Version: 1.0.0.1 - Internet Download Manager Upgrade)
Internet Download Manager² 1.0 (HKLM-x32\...\IDMSQ) (Version: 1.0 - OR Interactive Ltd)
ITECIR (HKLM-x32\...\{F6BB6248-C507-46FE-8A35-1B16F35E0441}) (Version: 1.9 - ITE)
iTunes (HKLM\...\{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}) (Version: 10.0.1.22 - Apple Inc.)
Jane's Hotel Mania (HKLM-x32\...\99d712d92aa2cdf2047016e39d61edf1) (Version: - )
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Jet Set Go (HKLM-x32\...\951e5b35edd28682e6c2193974c885f4) (Version: - )
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Kitchen Brigade (HKLM-x32\...\92c9031c29e9fbf4809091383e25294d) (Version: - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Lexmark 730 Series (HKLM\...\Lexmark 730 Series) (Version: - )
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer 97 (HKLM-x32\...\PPTView97) (Version: - )
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM-x32\...\{68CC54AC-EFE5-4CE4-81F8-BE0C834E2D86}) (Version: 2.02.07.002.14 - Novatel Wireless)
My Web Search (HKLM-x32\...\MyWebSearch bar Uninstall) (Version: - My Web Search) <==== ATTENTION
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
MyScript Notes for ACECAD (HKLM-x32\...\{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}) (Version: 2.2.0.1 - Vision Objects)
Mystery of Mortlake Mansion(TM) (HKLM-x32\...\f3c5b9886c3471dfe2a3f285b8874441) (Version: - )
Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation)
Oregon Trail(R) 5 (HKLM-x32\...\Oregon Trail(R) 5) (Version: - )
PDF Suite 2010 (HKLM-x32\...\{F0D70E89-E902-4B44-94E4-A668AA80E167}) (Version: 9.0.8 - Interactive Brands Inc.)
PH Mathematics Interactive Textbook - Algebra 1 (HKLM-x32\...\{FA4600DF-CC63-4813-9606-4C93469FAF36}) (Version: 1.00.0000 - Prentice Hall)
PH Mathematics Interactive Textbook - Geometry (HKLM-x32\...\{ACAC2BF5-B8A1-49B8-840E-865BEAF05B4C}) (Version: 1.00.0000 - Prentice Hall)
Plan It Green(C) (remove only) (HKLM-x32\...\Plan It Green(C)) (Version: - )
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
PriiCeeLeesss (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version: - ) <==== ATTENTION
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.8 - Dell Inc.)
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RealPlayer Basic (HKLM-x32\...\RealPlayer 6.0) (Version: - )
RivalGaming (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\RivalGaming) (Version: - RivalGaming)
Roads of Rome (HKLM-x32\...\da4a21f058e17ce70e21360d504769ff) (Version: - )
Roads of Rome 3 (HKLM-x32\...\d109e8f40a26046e672f997c4f75e9fe) (Version: - )
RocketTab (HKLM-x32\...\RocketTab) (Version: - RocketTab) <==== ATTENTION!
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C0F05}) (Version: 12.15.5.30 - APN, LLC) <==== ATTENTION
Shockwave (HKLM-x32\...\Shockwave) (Version: - )
shopperz 2.0.0.457 (HKLM\...\{5081D2D4-1637-404c-B74F-50526718257D}_is1) (Version: 2.0.0.457 - shopperz) <==== ATTENTION
SMART Board Software (HKLM-x32\...\{46486451-E60F-42C3-92D7-796D8594688A}) (Version: 9.7.44.0 - SMART Technologies Inc.)
SMART Essentials for Educators (HKLM-x32\...\{CF8B49B4-98C5-4F55-B743-7956B24567C0}) (Version: 1.1.9.0 - SMART Technologies Inc.)
SmileFiles (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\SmileFiles) (Version: 27.15.14 - http://www.realdown4load.com)
Spirits and Curses 3-in-1 Bundle (HKLM-x32\...\1a170e04091dbaf5b04f57372c74da29) (Version: - )
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Secret of Hildegards (HKLM-x32\...\eb5fbc9eac27ce3365399c5be04ece91) (Version: - )
Timez Attack Launcher (HKLM-x32\...\Timez Attack Launcher O) (Version: O - Big Brainz)
TI-SmartView™ for the TI-84 Plus Family (HKLM-x32\...\{DCFC65CB-97F5-4B9D-BFCD-BAEC7B053FAE}) (Version: 3.1 - Texas Instruments Incorporated.)
Unity Web Player (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
University of Mary Washington (HKLM-x32\...\{2808B1F2-4E55-4340-9601-07489B18A510}) (Version: 3.0.0 - Antech Systems, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Service SmileFiles (HKU\S-1-5-21-2719491577-406441165-2934950541-1000\...\Update Service SmileFiles) (Version: 27.15.14 - http://www.realdown4load.com)
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version: - )
VZAccess Manager for Novatel (HKLM-x32\...\{7BA20EF6-AE4E-4408-B083-7AE999E92D73}) (Version: 6.9.8 - Smith Micro Software Inc.)
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{2A6D18AD-E610-DCE1-B772-87F9110B8FFD}\localserver32 -> C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{8A1C607E-0A29-BB91-4F97-07C7C0A3394B}\localserver32 -> C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{C649303D-D33E-8E12-F1D6-961B1E498743}\localserver32 -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe (Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-2719491577-406441165-2934950541-1000_Classes\CLSID\{FBAA1843-D6E4-E1D1-F5F0-7FAFDB6FC0A0}\localserver32 -> "C:\Program Files (x86)\AOL 9.0\waol.exe" No File
==================== Restore Points =========================
22-05-2014 03:01:05 Windows Update
15-06-2014 03:12:55 Windows Update
16-06-2014 03:05:23 Windows Update
25-07-2014 03:00:35 Windows Update
17-08-2014 03:02:13 Windows Update
23-08-2014 19:03:09 Installed Java 7 Update 67
29-08-2014 03:00:19 Windows Update
10-09-2014 16:16:02 Windows Update
13-09-2014 03:00:21 Windows Update
21-10-2014 03:01:12 Windows Update
17-11-2014 04:01:10 Windows Update
25-11-2014 04:00:22 Windows Update
12-12-2014 18:52:48 Windows Update
14-01-2015 04:00:12 Windows Update
11-02-2015 22:31:01 Windows Update
15-02-2015 20:07:57 Windows Update
12-03-2015 03:00:58 Windows Update
14-03-2015 03:00:56 Windows Update
19-04-2015 18:54:40 Windows Update
13-05-2015 21:04:18 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 08:34 - 2014-03-11 17:42 - 00000804 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 d3oxij66pru1i3.cloudfront.net
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {047BC9CA-925C-4665-9C14-695326AFB9D7} - System32\Tasks\Microsoft\Windows\RestartManager\{3561D1ED-62B8-45df-BD07-EDC512DF8AD0} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {0967A724-38BB-481F-B5C8-3F96846E510D} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {1D5D74C0-5D42-407C-A339-511D7A6DA010} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {20E1C551-02AA-4AE6-903D-C0203D6179BF} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat [2015-03-25] ()
Task: {228F6F11-8F2A-4878-985D-01491532C40F} - System32\Tasks\Update Service SmileFiles => C:\Program Files (x86)\SmileFilesUpdater\SmileFilesUpdater.exe [2015-04-02] (http://simple-files.com/)
Task: {4F26B35F-1C44-4041-AFEC-70C2E2A01854} - System32\Tasks\{BEB2ADA5-4771-4730-A968-B7D70955466F} => pcalua.exe -a E:\installers\Netscape-FlashplayerInstall.exe -d E:\installers
Task: {53B1A808-C22C-4D8C-9081-742E13D189B6} - System32\Tasks\{D3B06E94-F191-4E5A-9591-B98D7B070FE8} => pcalua.exe -a "C:\Program Files (x86)\The Learning Company\Oregon Trail(R) 5\TLCRUN.EXE" -d "C:\Program Files (x86)\The Learning Company\Oregon Trail(R) 5" -c Main
Task: {55DBD4B3-81EC-40C9-882F-D6B45ACC3399} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {668452DF-F8D7-4C1B-8BE6-B6CBAF3F0789} - System32\Tasks\Microsoft\Windows\RestartManager\{3BFBE0B0-A4A1-4e73-802D-8AFD29B7F7C2} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {66E1DAC3-C5E9-4934-B696-544C87BFB84F} - System32\Tasks\{320AA01D-BF19-4DFF-B1C1-2FFB553F6735} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {6C06CFA1-307E-4745-8C9D-C2BD46F35027} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {6FF67D00-107B-4F30-84B0-980015A433F4} - System32\Tasks\{675D32C3-18FD-4D8A-8E46-2297121CC42B} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {82FDBCDC-E25F-4386-984F-FBEB836407E9} - System32\Tasks\4800 => Wscript.exe C:\Users\Sharon\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {8A098427-0FE1-4E60-B86A-202C5E329AE9} - System32\Tasks\{1B88003D-31E9-4326-9CB5-8E2040A38861} => pcalua.exe -a C:\Users\Sharon\Downloads\Install+InteGrade+Pro.exe -d "C:\Program Files (x86)\Verizon Wireless\VZAccess Manager"
Task: {8A7DFAEB-0AAB-4B21-A767-3AD56DE1A768} - System32\Tasks\Microsoft\Windows\RestartManager\{B996929D-C3A1-48f6-8FF4-82FB9820208F} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {929C5E84-87BC-4E64-857B-FFD8C1163BAD} - System32\Tasks\{B88DC021-9523-49D4-8FEB-B8D25A597735} => pcalua.exe -a C:\Users\Sharon\Desktop\Install+InteGrade+Pro.exe -d C:\Users\Sharon
Task: {9B98581A-EDC8-4D50-8608-98FE3BDD2EC3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {ABED0FE4-1EE2-401E-85D8-72615DECBA8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {C5BB8BF2-CC98-461F-9F01-5B1298539C21} - System32\Tasks\{538603FA-4BA4-4868-8B99-1D5631D4BD33} => pcalua.exe -a E:\installers\flashplayer6_winax.exe -d E:\installers
Task: {D1CE7DFD-6BDF-4A84-9CB2-F250E9AD8501} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D1D06055-CDA6-4E52-B617-1AF8202DC27F} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {E1C942AA-3D24-4B89-BD79-22E3FE26969F} - System32\Tasks\{E54D219F-E70B-4928-9EDE-357F0DD36659} => pcalua.exe -a E:\installers\QuickTimeInstaller.exe -d E:\installers
Task: {E5054436-69C0-4DA0-A8D4-438CD4B7770C} - System32\Tasks\Microsoft\Windows\RestartManager\{AA7EDFF4-7384-4477-AF3A-A1924C98002C} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {E723571C-E8E3-4410-B223-DFC4F8FE6389} - System32\Tasks\{8350FDCE-B14C-4ADC-941C-D2F1176003D7} => pcalua.exe -a c:\Users\Public\Downloads\Delicious.exe
Task: {EA290F2E-ECA6-4D9A-84C6-5C072C9B8E24} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation)
Task: {EB58133F-92DB-40C5-8DDF-3316F57D4996} - System32\Tasks\LuckyTab => C:\Program Files (x86)\LuckyTab\LuckyTab.exe [2015-04-02] (http://lucky-tab.com/) <==== ATTENTION
Task: {ED0FD591-5EED-45AE-AEC8-98C3DA7A6816} - System32\Tasks\{364D74D1-1D31-4EB5-AA26-03439C1372A3} => pcalua.exe -a "C:\IGPRO\Uninstall InteGrade Pro 9.4.exe"
Task: {F2440F18-E4DC-467F-9ECB-5193123E8615} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe <==== ATTENTION
Task: {F6D82A8A-1D77-4639-B205-7D58FED53EE0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {FF61C71C-120F-4EC8-934F-F852707F7D6D} - System32\Tasks\Microsoft\Windows\RestartManager\{345A4DBD-6A6A-40d4-A83C-ACE64CAE2F78} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-04-02 22:12 - 2015-03-25 16:43 - 00282488 _____ () C:\Program Files\shopperz\grunt.exe
2015-04-02 22:12 - 2015-03-25 16:43 - 01446264 _____ () C:\Program Files\shopperz\csrcc.exe
2013-10-30 02:21 - 2013-10-30 02:21 - 02561088 _____ () C:\Program Files (x86)\IDMSQ\idmsq.exe
2012-02-01 12:11 - 2012-02-01 12:11 - 00203776 _____ () C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe
2015-05-14 22:50 - 2015-05-14 22:50 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\90ca23bba6253753991d9353147ba6a9\VistaBridgeLibrary.ni.dll
2013-07-24 15:59 - 2010-03-30 10:37 - 00245248 _____ () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe
2014-02-18 09:32 - 2014-02-18 09:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:F2721624
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2719491577-406441165-2934950541-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board Tools.lnk => C:\Windows\pss\SMART Board Tools.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sharon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: 023c03038d1e8d0dd5b29cacacce04d0 => C:\Users\Public\DOWNLO~1\HOSPIT~1.EXE /r
MSCONFIG\startupreg: AOL Dialer => C:\Program Files (x86)\Common Files\AOL\ACS\AOlDial.exe
MSCONFIG\startupreg: AOLDialer => "C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: Easy Dock => C:\Users\Sharon\Documents\RCA easyRip\EZDock.exe
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
MSCONFIG\startupreg: Free Download Manager => "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LXCFCATS => rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll,_RunDLLEntry@16
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: RealTray => "C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: SMART Board Service => C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{C80768D3-8C2A-4473-8E99-9B6D791E0995}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{B45FDCDF-6573-4E5A-B10F-190DB239E24A}] => (Allow) C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
FirewallRules: [{7CD3BDE3-30E2-477A-A362-1C0315013352}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{FDAED6D0-A7F3-47DE-94B6-03537917DD61}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{87D751FE-2703-4D79-9410-31D88217327A}] => (Allow) svchost.exe
FirewallRules: [{8F73DF9B-5072-4CD9-932A-9B6881BDFDD9}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{505720E6-5158-4A4C-93BE-DA8C98CEDF05}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{F27585D3-6F5C-449B-BC9E-5A37715E183C}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{7D6786D5-D9BD-4199-B50D-67C7567481DD}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
FirewallRules: [{A3E33759-72D2-4E27-9942-37F6AC94DC5E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
FirewallRules: [{C8442DD9-C952-4261-B157-1B122BE8849E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
FirewallRules: [{061B659F-E4E1-4D0B-98C7-BB89C1F5195D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
FirewallRules: [{564FA226-DB5F-4C92-B413-0B2951B5C1C8}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
FirewallRules: [{8C7DF8C1-EEB4-421C-A266-5D54A4B3554E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
FirewallRules: [{1831478F-5C39-4C47-BDE5-555A908D345D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
FirewallRules: [{4145F0E4-7E2B-4FA4-9485-E5C548039C4F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
FirewallRules: [{CD056739-1E30-4FE9-9CDF-AEB826E18C5E}] => (Allow) C:\Program Files (x86)\AOL\RC\regclient.exe
FirewallRules: [{86836D87-42B8-4CAA-A2B3-7D2B0BA5AEF5}] => (Allow) C:\Program Files (x86)\AOL\RC\regclient.exe
FirewallRules: [{11B1DA10-6608-43B4-8562-194DBC6E6BC0}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
FirewallRules: [{01490CA1-4E78-4ADC-ACA2-BF4F2FF1304C}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe
FirewallRules: [{2A7C505A-F638-4132-B694-B2C5F71A8444}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
FirewallRules: [{3E307648-4115-4E99-A8AC-AB6DBAC7EB0E}] => (Allow) C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe
FirewallRules: [{09E2E17B-764D-4F8D-8853-006E705EE3D3}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1248711395\ee\aolsoftware.exe
FirewallRules: [{5871F8EC-8899-467E-A8A3-FE4D8687ED5B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1248711395\ee\aolsoftware.exe
FirewallRules: [{33836889-7EB3-48E1-A89A-40D07F7B0E6D}] => (Allow) C:\Program Files (x86)\AOL 9.0\waol.exe
FirewallRules: [{534CC5BD-A273-4ADC-9911-6776635932E3}] => (Allow) C:\Program Files (x86)\AOL 9.0\waol.exe
FirewallRules: [{45A4BA32-3771-4A41-94E3-A7DF845E0003}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{B404E563-856C-4602-834F-85AF59F4DC72}] => (Allow) C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{A20C28A2-A2ED-4454-A3AB-D504005EC9E1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{BD8B7354-4A54-4EE9-89D2-8098A085291B}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{40710B0A-E2AA-45C5-82B5-7CE5AA634EE4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{E8ABE5BE-2E47-4A1A-BA08-4EDFBFA6F338}] => (Allow) C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe
FirewallRules: [{DBDC2C5B-528A-45FA-91B7-BF8AD770AD3F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
FirewallRules: [{0FBA3A53-6778-4AA2-9556-9335183F77D9}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
FirewallRules: [{22C75BBF-E03C-4B35-8052-02B557D4CD07}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\asp.exe
FirewallRules: [{0D915D35-A04F-48EA-8736-49129B25E29D}] => (Allow) C:\Program Files (x86)\Common Files\AOL\AOL Spyware Protection\asp.exe
FirewallRules: [{30D23461-EEE1-4CD8-A568-E56E5D23DBA4}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{3E808881-FA60-4DDA-848C-96B4ED52331F}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{C524B983-BCC2-4811-B31A-7841F91EF52C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B7618D51-CA96-441C-B04A-C3179CC6053E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{301B41E7-0EF2-412C-A49D-38202575D1D5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{CB27BA2A-288D-4B9E-8F00-E3D9B1F272D5}] => (Allow) LPort=80
FirewallRules: [{67CDF4AB-7FD1-4FE2-8093-0C1C232ED996}] => (Allow) LPort=80
FirewallRules: [{CAD0A9E3-D32E-4DC4-B07F-2FF13655577E}] => (Allow) LPort=80
FirewallRules: [{3055FC9F-9E08-4D3F-A395-913D5BB9E64A}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\FarmingSimulator2011.exe
FirewallRules: [{F2C87E43-623A-4352-9DE9-83707E641026}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\FarmingSimulator2011.exe
FirewallRules: [{AD399591-E989-4087-A494-E902A2869799}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\game.exe
FirewallRules: [{87B32AA9-0D09-4B50-9BF1-965239F4EA85}] => (Allow) C:\Program Files (x86)\Farming Simulator 2011\game.exe
FirewallRules: [{E1AB8E18-FA31-41FB-8EAD-3CBFA7E4082B}] => (Allow) LPort=135
FirewallRules: [{1FC8C2EA-D21F-48EE-B4B6-1D94ACAC4A16}] => (Allow) LPort=5000
FirewallRules: [{820F01B8-04D3-4AAF-A748-EC760EC8C83B}] => (Allow) LPort=5001
FirewallRules: [{6C36A468-4C8F-4104-84B6-85A52A1E3762}] => (Allow) LPort=5002
FirewallRules: [{7A16EB2C-32E6-40BC-BC53-6B67CC4CFF19}] => (Allow) LPort=5003
FirewallRules: [{0263A0BD-1F8A-452C-9CE8-E0DED8AD9C67}] => (Allow) LPort=5004
FirewallRules: [{FA764A1A-67B9-46D3-9852-4B8523FDAB48}] => (Allow) LPort=5005
FirewallRules: [{96D402F7-7E35-4897-8CF0-6785D6F5ED81}] => (Allow) LPort=5006
FirewallRules: [{BFCD3F31-071A-473D-8746-72D375B08C68}] => (Allow) LPort=5007
FirewallRules: [{1903D871-8E35-4F7B-ABDA-A2B3558040C3}] => (Allow) LPort=5008
FirewallRules: [{40ADD263-CBEA-4CF8-A05C-91CD4F358ED0}] => (Allow) LPort=5009
FirewallRules: [{885F41FA-7EB7-40AE-AB18-B6B241093287}] => (Allow) LPort=5010
FirewallRules: [{967CEEB3-C08C-4DB5-9249-9EC34895867E}] => (Allow) LPort=5011
FirewallRules: [{A547315E-2472-4CDC-A648-7868CF466974}] => (Allow) LPort=5012
FirewallRules: [{36CECDBB-87EF-4C9D-BF31-938A3759F681}] => (Allow) LPort=5013
FirewallRules: [{C74295ED-427E-4E0E-BE72-EC5E4281592D}] => (Allow) LPort=5014
FirewallRules: [{EBB77895-2186-4DE8-87DA-02A1CAF41E84}] => (Allow) LPort=5015
FirewallRules: [{BA6202D4-59E0-4922-B897-8739F6023F39}] => (Allow) LPort=5016
FirewallRules: [{1C6D36DA-B843-4974-B3CD-F003E36E8901}] => (Allow) LPort=5017
FirewallRules: [{833B570E-7566-483A-82FA-5FE55A7C0C86}] => (Allow) LPort=5018
FirewallRules: [{2EE92E7C-1DE0-426C-AF4D-E9AC04D4361F}] => (Allow) LPort=5019
FirewallRules: [{1A9F27C6-1DDE-4650-9B17-BDC6FB2163D3}] => (Allow) LPort=5020
FirewallRules: [{29F3971B-0E95-4729-BBA6-4174BF407BFD}] => (Allow) C:\Windows\System32\lxcfcoms.exe
FirewallRules: [{DAD3454C-06EB-4EA8-8ADF-8B989EABDC7A}] => (Allow) C:\Windows\System32\lxcfcoms.exe
FirewallRules: [{9B4BAFFE-99B0-4B56-B681-D818C641F0BF}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{4912D6FE-AA40-4880-BE54-596F8834601A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4FC83800-F0E0-4085-9250-76B83D8D7014}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1F673248-AD11-4D94-BB2E-892D0A5CC38B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{322E2F16-08B0-43FC-A64B-1619140977CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Farming Simulator 2013\FarmingSimulator2013Game.exe
FirewallRules: [{B3977BC1-0E24-40AA-A3EB-B97A7D0D0A23}] => (Allow) C:\Users\Sharon\AppData\Local\Temp\Temp1_Tessellation-worksheets-printable.zip\Tessellation-worksheets-printable.exe
FirewallRules: [{BE6D7893-CED8-4D60-BE46-3276E8D201B8}] => (Allow) C:\Users\Sharon\AppData\Local\Temp\Temp1_Tessellation-worksheets-printable.zip\Tessellation-worksheets-printable.exe
FirewallRules: [{35924B7B-D9E3-4BFF-8E3B-F3C17F1E6B91}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
FirewallRules: [{47A38765-23AD-405D-832C-D71D1C487A8E}] => (Allow) C:\Program Files (x86)\SmileFiles\SmileFiles.exe
FirewallRules: [{F4FFC19E-B9B9-4526-8935-FE04530043BF}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
FirewallRules: [{7AB0B1A9-258C-4139-B043-EE6CC4C5D428}] => (Allow) C:\Program Files (x86)\SmileFiles\downloader.exe
FirewallRules: [{73FC0D4F-5D9D-4D78-98F7-373C0DA1CF79}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
-
June 9th, 2015, 06:14 AM
#3
==================== Faulty Device Manager Devices =============
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft 6to4 Adapter #4
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{1FCB182A-12FA-4842-808B-3A07261C76AA}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Microsoft ISATAP Adapter #5
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{1FCB182A-12FA-4842-808B-3A07261C76AA}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{4F4DADB4-1297-48E9-85DD-02287C3B56C8}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{0117A9A3-1105-43CB-9A3F-7E8A0251FE52}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{7F5041D8-4744-4955-864E-D9F50CC62899}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{D18DF46B-E1F9-4524-833C-499EDC96B500}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{FB0445DD-ADF1-4BC8-BD18-761A264128E1}
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/07/2015 09:56:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2015 04:45:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2015 06:56:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2015 00:54:33 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Search App by Ask -- Error 1606. Could not access network location %APPDATA%\.
Error: (05/25/2015 00:54:33 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Search App by Ask -- Error 1606. Could not access network location %APPDATA%\.
Error: (05/25/2015 00:53:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549bb52, faulting module ntdll.dll, version 6.0.6002.19346, time stamp 0x55023e3e, exception code 0xc0000005, fault offset 0x00000000000253ba,
process id 0x1394, application start time 0xrundll32.exe0.
Error: (05/25/2015 08:48:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2015 08:53:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2015 11:53:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/23/2015 09:06:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/07/2015 09:57:32 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/07/2015 09:57:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: hlnfd
Error: (06/07/2015 09:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: X5XSEx%%3
Error: (06/07/2015 09:57:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: X4HSX32%%1275
Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: PDF Suite 2010 Service%%2147500037
Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: OutfoxTvService%%2
Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BTHelper.exe%%2
Error: (06/07/2015 09:56:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: ASCTRM%%1275
Error: (06/07/2015 09:55:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASCTRM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (05/30/2015 11:51:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: PDF Suite 2010 Service%%2147500037
Microsoft Office:
=========================
-
June 9th, 2015, 06:40 PM
#4
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==========================
Please move FRST to correct location - Desktop.
Uninstall following unwanted programs:
Download Updater
My Web Search
MyPC Backup
PriiCeeLeesss
RocketTab
SavingsBull
Search App by Ask
shopperz
youtubeadblocker
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
- Close all the running programs
- Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- Wait until the Status box shows Scan Finished
- Click on Delete.
- Wait until the Status box shows Deleting Finished.
- Click on Report and copy/paste the content of the Notepad into your next reply.
- RKreport.txt could also be found on your desktop.
- If more than one log is produced post all logs.
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
- Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
- Click Finish.
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
- On the Dashboard, click the 'Update Now >>' link
- After the update completes, click the 'Scan Now >>' button.
- Or, on the Dashboard, click the Scan Now >> button.
- If an update is available, click the Update Now button.
- A Threat Scan will begin.
- When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
- In most cases, a restart will be required.
- Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Export'.
- Click 'Text file (*.txt)'
- In the Save File dialog box which appears, click on Desktop.
- In the File name: box type a name for your scan log.
- A message box named 'File Saved' should appear stating "Your file has been successfully exported".
- Click Ok
- Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
- After the restart once you are back at your desktop, open MBAM once more.
- Click on the History tab > Application Logs.
- Double click on the Scan Log which shows the Date and time of the scan just performed.
- Click 'Copy to Clipboard'
- Paste the contents of the clipboard into your reply.
Please download AdwCleaner by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Scan button.
- When the scan has finished click on Clean button.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
-
June 9th, 2015, 11:55 PM
#5
rkreport.txt
RogueKiller V10.8.1.0 [Jun 3 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Sharon [Administrator]
Started from : C:\Users\Sharon\Desktop\RogueKiller.exe
Mode : Delete -- Date : 06/09/2015 20:43:00
¤¤¤ Processes : 1 ¤¤¤
[PUP] (SVC) Updater Service for AMZN -- C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe[-] -> Stopped
¤¤¤ Registry : 51 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D} (C:\Program Files\shopperz\mseff64.dll) -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA4FC9D-FB51-44a2-B09F-0457857CA7C2} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D} (C:\Program Files\shopperz\mseff64.dll) -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {D7E97865-918F-41E4-9CD0-25AB1C574CE8} : -> Not selected
[PUP] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} : Funmoods Toolbar -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D7E97865-918F-41E4-9CD0-25AB1C574CE8} : -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4B3803EA-5230-4DC3-A7FC-33638F3D3542} : -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {30F9B915-B755-4826-820B-08FBA6BD249D} : -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4F524A2D-5350-4500-76A7-7A786E7484D7} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D7E97865-918F-41E4-9CD0-25AB1C574CE8} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {D4027C7F-154A-4066-A1AD-4243D8127440} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4B3803EA-5230-4DC3-A7FC-33638F3D3542} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {30F9B915-B755-4826-820B-08FBA6BD249D} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {4F524A2D-5350-4500-76A7-7A786E7484D7} : -> Not selected
[PUP] (X64) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
[PUP] (X86) HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
[PUP] (X86) HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} : -> Not selected
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_C2BB\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_C2BB\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hlnfd (system32\drivers\hlnfd.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Updater Service for AMZN (C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hlnfd (system32\drivers\hlnfd.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Updater Service for AMZN (C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BackupStack (C:\Program Files (x86)\MyPC Backup\BackupStack.exe) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cherimoya (system32\drivers\cherimoya.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hlnfd (system32\drivers\hlnfd.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Not selected
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Updater Service for AMZN (C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe) -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16563&apn_uid=08FE773B-9F99-4EE4-9C0C-BEECA4C796BB&itbv=12.15.5.30&doi=2014-08-23&psv=&pt=tb -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_9.0.8112.16563&apn_uid=08FE773B-9F99-4EE4-9C0C-BEECA4C796BB&itbv=12.15.5.30&doi=2014-08-23&psv=&pt=tb -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Page : -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2719491577-406441165-2934950541-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1DF40FBB-8956-468D-B165-4666D3CD41E3} | DhcpNameServer : 10.13.1.3 205.174.118.35 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FB0445DD-ADF1-4BC8-BD18-761A264128E1} | DhcpNameServer : 198.224.190.135 198.224.191.135 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1DF40FBB-8956-468D-B165-4666D3CD41E3} | DhcpNameServer : 10.13.1.3 205.174.118.35 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FB0445DD-ADF1-4BC8-BD18-761A264128E1} | DhcpNameServer : 198.224.190.135 198.224.191.135 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{1DF40FBB-8956-468D-B165-4666D3CD41E3} | DhcpNameServer : 10.13.1.3 205.174.118.35 [X][X] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{FB0445DD-ADF1-4BC8-BD18-761A264128E1} | DhcpNameServer : 198.224.190.135 198.224.191.135 [X][X] -> Not selected
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\4800 -- wscript.exe (C:\Users\Sharon\AppData\Local\Temp\launchie.vbs //B) -> Not selected
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 d3oxij66pru1i3.cloudfront.net
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 86d382effffc19d235afa543bf73762c
[BSP] 162060bb474056eae6dde76395768ebf : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 161792 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31619072 | Size: 461500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_06092015_195403.log
-
June 9th, 2015, 11:57 PM
#6
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6/9/2015
Scan Time: 8:56:18 PM
Logfile: mbam application history.txt
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.06.09.06
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Sharon
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387803
Time Elapsed: 57 min, 45 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
June 9th, 2015, 11:59 PM
#7
# AdwCleaner v4.206 - Logfile created 09/06/2015 at 22:10:36
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : Sharon - SHARON-PC
# Running from : C:\Users\Sharon\Desktop\3adwcleaner_4.206.exe
# Option : Cleaning
***** [ Services ] *****
[#] Service Deleted : cherimoya
[#] Service Deleted : hlnfd
[#] Service Deleted : Updater Service for AMZN
[#] Service Deleted : swdumon
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\Conduit
[!] Folder Deleted : C:\ProgramData\GameTap Web Player
[!] Folder Deleted : C:\ProgramData\Systweak
[!] Folder Deleted : C:\ProgramData\Tarma Installer
[!] Folder Deleted : C:\ProgramData\Trymedia
[!] Folder Deleted : C:\ProgramData\Viewpoint
[!] Folder Deleted : C:\ProgramData\Fighters
[!] Folder Deleted : C:\ProgramData\FlashBeat
[!] Folder Deleted : C:\ProgramData\{baa2739f-b6ce-a6c3-baa2-2739fb6cce7e}
[!] Folder Deleted : C:\Program Files (x86)\AOL Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Ask.com
[!] Folder Deleted : C:\Program Files (x86)\Conduit
[!] Folder Deleted : C:\Program Files (x86)\FunWebProducts
[!] Folder Deleted : C:\Program Files (x86)\IDMSQ
[!] Folder Deleted : C:\Program Files (x86)\MyWebSearch
[!] Folder Deleted : C:\Program Files (x86)\SavingsBull
[!] Folder Deleted : C:\Program Files (x86)\Viewpoint
[!] Folder Deleted : C:\Program Files (x86)\LuckyTab
[!] Folder Deleted : C:\Program Files (x86)\SmileFilesUpdater
[!] Folder Deleted : C:\Program Files (x86)\SmileFiles
[!] Folder Deleted : C:\Program Files (x86)\MyWebSearch
[!] Folder Deleted : C:\Program Files (x86)\Retrogamer_4wEI
[!] Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
[!] Folder Deleted : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
[!] Folder Deleted : C:\Program Files\AOL Toolbar
[!] Folder Deleted : C:\Users\Sharon\AppData\Local\Conduit
[!] Folder Deleted : C:\Users\Sharon\AppData\Local\NativeMessaging
[!] Folder Deleted : C:\Users\Sharon\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\Sharon\AppData\Local\TBHostSupport
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\AskToolbar
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Funmoods
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\FunWebProducts
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Inbox Toolbar
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\MyWebSearch
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\MyWebSearch
[!] Folder Deleted : C:\Users\Sharon\AppData\LocalLow\Retrogamer_4wEI
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Babylon
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\IDMSQ
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Inbox Toolbar
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\iWin
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\OpenCandy
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\SmileFiles
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
[!] Folder Deleted : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IDMSQ
[!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
[!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohenffmfbnoidogjgebadealdkecjdal
[!] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage-journal
File Deleted : C:\END
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Windows\System32\Gambali64.dll
File Deleted : C:\Windows\System32\drivers\swdumon.sys
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_photo.conduitapps.com_0.localstorage
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_photo.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps4u2.conduitapps.com_0.localstorage
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps4u2.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myfriendsvideo5.conduitapps.com_0.localstorage
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_myfriendsvideo5.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage-journal
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_photo.conduitapps.com_0.localstorage
File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_photo.conduitapps.com_0.localstorage-journal
***** [ Scheduled tasks ] *****
Task Deleted : Update Service SmileFiles
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ohenffmfbnoidogjgebadealdkecjdal
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.XBTBPos00.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CF50C82-4C4B-43E9-B1B2-15CB1BD0C193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FCE74B5F-13A9-47C3-B69E-5210C1EECBEF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AA4FC9D-FB51-44A2-B09F-0457857CA7C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\SmileFiles
Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Retrogamer_4wEI
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\FocusInteractive
Key Deleted : HKLM\SOFTWARE\Fun Web Products
Key Deleted : HKLM\SOFTWARE\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\MyWebSearch
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : HKLM\SOFTWARE\Retrogamer_4wEI
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Update Service SmileFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BrowserSafeGuard
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Update Service SmileFiles
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16644
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
-\\ Google Chrome v42.0.2311.135
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : hgiifhjbblnglipdbpdgagphlcbililb
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ippkomaaonokjnfjoikaemidanojkfmm
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : ohenffmfbnoidogjgebadealdkecjdal
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lccekmodgklaepjeofjdjpbminllajkg
*************************
AdwCleaner[R0].txt - [24479 bytes] - [09/06/2015 22:04:58]
AdwCleaner[S0].txt - [22259 bytes] - [09/06/2015 22:10:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22319 bytes] ##########
-
June 9th, 2015, 11:59 PM
#8
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.1 (06.08.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Sharon on Tue 06/09/2015 at 22:19:42.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4153492D-4700-A76A-76A7-7A786E7484D7}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7846AE31-BEA2-438A-8F5E-2D899361656C}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{261F6A8B-7AAF-4BF5-8552-6610F4D67819}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AD61D5B-58A3-4592-9B34-DC84688FF805}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{261F6A8B-7AAF-4BF5-8552-6610F4D67819}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1AD61D5B-58A3-4592-9B34-DC84688FF805}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{26D675AC-D925-4bbf-A720-62C2AA4A81EB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8}
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATERSERVICE.EXE-76B3C3DE.pf
Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxp_www.superfish.com_0.localstorage-journal
Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage
Successfully deleted: [File] C:\Users\Sharon\appdata\local\google\chrome\user data\default\local storage\hxxps_www.superfish.com_0.localstorage-journal
~~~ Folders
Successfully deleted: [Folder] C:\Program Files (x86)\driverupdate
Successfully deleted: [Folder] C:\ProgramData\pcdr
Successfully deleted: [Folder] C:\Users\Sharon\appdata\local\rivalgaming
Successfully deleted: [Folder] C:\Users\Sharon\appdata\locallow\company
Successfully deleted: [Folder] C:\Users\Sharon\AppData\Roaming\alot
Successfully deleted: [Folder] C:\Users\Sharon\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming
Successfully deleted: [Folder] C:\Users\Sharon\AppData\Roaming\pcdr
Successfully deleted: [Folder] C:\ProgramData\10512698717041424079
Successfully deleted: [Folder] C:\ProgramData\5251e4d5c03e4b429e9ec62791b7921b
Successfully deleted: [Folder] C:\ProgramData\890cb5f003d1430780c8d0c74565cd1e
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
mkfokfffehpeedafpekjeddnmnjhmcmk
[C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Sharon\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
mkfokfffehpeedafpekjeddnmnjhmcmk
]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/09/2015 at 22:25:07.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
June 10th, 2015, 12:06 AM
#9
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
-
June 10th, 2015, 10:33 PM
#10
ComboFix 15-06-09.01 - Sharon 06/10/2015 21:26:35.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1555 [GMT -4:00]
Running from: C:\Users\Sharon\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Users\Public\AlexaNSISPlugin.6040.dll
C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\~$C Pythagorean Theorem WARMUP.doc
C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\PLC Pythagorean Theorem WARMUP.doc
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
C:\Windows\Downloaded Program Files\popcaploader.dll
C:\Windows\SysWow64\images
C:\Windows\SysWow64\images\FGWinNT_ToolBar_eng.gif
C:\Windows\SysWow64\images\FGWinNT_ToolBar_kor.gif
C:\Windows\SysWow64\images\FGWinNT_Tray_eng.bmp
C:\Windows\SysWow64\images\FGWinNT_Tray_kor.gif
C:\Windows\SysWow64\images\FGWinNT_View_eng.jpg
C:\Windows\SysWow64\images\FGWinNT_View_kor.jpg
C:\Windows\SysWow64\images\RUN_ENG.JPG
C:\Windows\SysWow64\images\RUN_KOR.JPG
C:\Windows\SysWow64\images\toolbar_eng.jpg
C:\Windows\SysWow64\images\toolbar_kor.jpg
C:\Windows\SysWow64\jgaw400.dll
D:\AUTORUN.INF
((((((((((((((((((((((((( Files Created from 2015-05-11 to 2015-06-11 )))))))))))))))))))))))))))))))
2015-06-10 02:19:49 . 2015-06-10 02:19:49 -------- d-----w- C:\RegBackup
2015-06-10 02:02:26 . 2015-06-10 02:11:09 -------- d-----w- C:\AdwCleaner
2015-06-10 00:54:50 . 2015-06-10 00:55:43 136408 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 00:51:58 . 2015-06-10 00:52:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-10 00:51:58 . 2015-06-10 00:51:58 -------- d-----w- C:\ProgramData\Malwarebytes
2015-06-10 00:51:58 . 2015-04-14 13:37:52 64216 ----a-w- C:\Windows\system32\drivers\mwac.sys
2015-06-10 00:51:58 . 2015-04-14 13:37:46 107736 ----a-w- C:\Windows\system32\drivers\mbamchameleon.sys
2015-06-10 00:51:58 . 2015-04-14 13:37:42 25816 ----a-w- C:\Windows\system32\drivers\mbam.sys
2015-06-09 23:47:31 . 2015-06-09 23:47:31 35064 ----a-w- C:\Windows\system32\drivers\TrueSight.sys
2015-06-09 23:47:30 . 2015-06-10 00:50:05 -------- d-----w- C:\ProgramData\RogueKiller
2015-06-08 02:08:53 . 2015-06-09 01:49:36 -------- d-----w- C:\FRST
2015-05-14 01:46:01 . 2015-04-08 00:47:08 1505792 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2015-05-14 01:46:00 . 2015-04-08 01:11:05 939008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-05-14 01:45:59 . 2015-04-08 00:47:28 1822208 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2015-05-14 01:45:59 . 2015-04-08 00:47:08 1482240 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2015-05-14 01:45:59 . 2015-04-08 00:47:08 1454080 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2015-05-14 01:45:59 . 2015-04-07 23:48:54 2294784 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2015-05-14 01:44:44 . 2015-04-30 16:03:33 279040 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-05-14 01:44:43 . 2015-04-30 15:41:49 347648 ----a-w- C:\Windows\system32\schannel.dll
2015-05-14 01:15:01 . 2015-04-10 23:33:28 384512 ----a-w- C:\Windows\system32\services.exe
2015-05-14 01:15:01 . 2015-04-10 23:22:42 279552 ----a-w- C:\Windows\SysWow64\services.exe
2015-05-14 01:12:50 . 2015-04-30 13:14:01 124112 ----a-w- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:12:50 . 2015-04-30 13:14:01 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:58:57 . 2015-04-09 23:46:01 282112 ----a-w- C:\Windows\system32\dxtrans.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2015-06-11 01:05:41 . 2012-08-28 14:54:05 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-06-11 01:05:41 . 2011-06-27 21:41:42 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-14 01:49:49 . 2006-11-02 12:35:00 140425016 ----a-w- C:\Windows\system32\mrt.exe
2015-03-14 02:22:49 . 2015-04-19 23:31:44 1585248 ----a-w- C:\Windows\system32\ntdll.dll
2015-03-14 02:22:49 . 2015-04-19 23:31:44 1168080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-03-13 01:44:46 . 2015-04-19 23:31:45 4691384 ----a-w- C:\Windows\system32\ntoskrnl.exe
2015-03-13 01:44:34 . 2015-04-19 23:31:46 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
-
June 10th, 2015, 10:59 PM
#11
The above log is incomplete.
-
June 11th, 2015, 08:26 PM
#12
ComboFix 15-06-09.01 - Sharon 06/11/2015 20:05:37.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.1941 [GMT -4:00]
Running from: c:\users\Sharon\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Public\AlexaNSISPlugin.6040.dll
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\~$C Pythagorean Theorem WARMUP.doc
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Recent\PLC Pythagorean Theorem WARMUP.doc
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\SysWow64\images
c:\windows\SysWow64\images\FGWinNT_ToolBar_eng.gif
c:\windows\SysWow64\images\FGWinNT_ToolBar_kor.gif
c:\windows\SysWow64\images\FGWinNT_Tray_eng.bmp
c:\windows\SysWow64\images\FGWinNT_Tray_kor.gif
c:\windows\SysWow64\images\FGWinNT_View_eng.jpg
c:\windows\SysWow64\images\FGWinNT_View_kor.jpg
c:\windows\SysWow64\images\RUN_ENG.JPG
c:\windows\SysWow64\images\RUN_KOR.JPG
c:\windows\SysWow64\images\toolbar_eng.jpg
c:\windows\SysWow64\images\toolbar_kor.jpg
c:\windows\SysWow64\jgaw400.dll
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2015-05-12 to 2015-06-12 )))))))))))))))))))))))))))))))
.
.
2015-06-12 00:21 . 2015-06-12 00:21 -------- d-----w- c:\users\Sharon\AppData\Local\temp
2015-06-12 00:21 . 2015-06-12 00:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-10 02:19 . 2015-06-10 02:19 -------- d-----w- C:\RegBackup
2015-06-10 02:02 . 2015-06-10 02:11 -------- d-----w- C:\AdwCleaner
2015-06-10 00:54 . 2015-06-10 00:55 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-10 00:51 . 2015-06-10 00:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-06-10 00:51 . 2015-06-10 00:51 -------- d-----w- c:\programdata\Malwarebytes
2015-06-10 00:51 . 2015-04-14 13:37 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-10 00:51 . 2015-04-14 13:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-10 00:51 . 2015-04-14 13:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-09 23:47 . 2015-06-09 23:47 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-09 23:47 . 2015-06-10 00:50 -------- d-----w- c:\programdata\RogueKiller
2015-06-08 02:08 . 2015-06-09 01:49 -------- d-----w- C:\FRST
2015-05-14 01:46 . 2015-04-08 00:47 1505792 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2015-05-14 01:46 . 2015-04-08 01:11 939008 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2015-05-14 01:45 . 2015-04-08 00:47 1822208 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2015-05-14 01:45 . 2015-04-08 00:47 1482240 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2015-05-14 01:45 . 2015-04-08 00:47 1454080 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-05-14 01:45 . 2015-04-07 23:48 2294784 ----a-w- c:\program files\Windows Journal\Journal.exe
2015-05-14 01:44 . 2015-04-30 16:03 279040 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-14 01:44 . 2015-04-30 15:41 347648 ----a-w- c:\windows\system32\schannel.dll
2015-05-14 01:15 . 2015-04-10 23:33 384512 ----a-w- c:\windows\system32\services.exe
2015-05-14 01:15 . 2015-04-10 23:22 279552 ----a-w- c:\windows\SysWow64\services.exe
2015-05-14 01:12 . 2015-04-30 13:14 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:12 . 2015-04-30 13:14 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 01:58 . 2015-04-09 23:46 282112 ----a-w- c:\windows\system32\dxtrans.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-11 01:05 . 2012-08-28 14:54 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-06-11 01:05 . 2011-06-27 21:41 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-14 01:49 . 2006-11-02 12:35 140425016 ----a-w- c:\windows\system32\mrt.exe
2015-03-14 02:22 . 2015-04-19 23:31 1585248 ----a-w- c:\windows\system32\ntdll.dll
2015-03-14 02:22 . 2015-04-19 23:31 1168080 ----a-w- c:\windows\SysWow64\ntdll.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-30 20:42 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 01:05]
.
2015-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 22:18]
.
2015-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 22:18]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant =
mCustomizeSearch = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier/ChocolatierWeb.1.0.0.13.cab
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-diaper-dash/DiaperDashWeb.1.0.0.4.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-big-island-blends/gamehouseplayer.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-winter-edition/zylomplayer.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://aolsvc.aol.com/onlinegames/free-trial-decadence-by-design/Chocolatier3Web.1.0.0.6.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Easy Dock - (no file)
Wow6432Node-HKLM-Run-Easy Dock - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
BHO-{EDBBE0D0-A76A-4FE4-AE6B-13BCEFFD75C8} - c:\program files (x86)\Brand Thunder\IE\tbcore3x64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Burger Shop 2™ - c:\program files (x86)\GoBit
AddRemove-IDMSQ - c:\program files (x86)\IDMSQ\uninst.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.5.0.19\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.5.0.19\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1505000.013\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.5.0.19;c:\program files (x86)\Norton 360\Engine64\21.5.0.19"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_188.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-06-11 20:25:05
ComboFix-quarantined-files.txt 2015-06-12 00:25
.
Pre-Run: 337,003,888,640 bytes free
Post-Run: 336,822,943,744 bytes free
.
- - End Of File - - 90069CA9982D34B37FFF02079332914C
5C616939100B85E558DA92B899A0FC36
-
June 11th, 2015, 11:54 PM
#13
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Make sure you checkmark Addition.txt box.
- Press Scan button.
- Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
-
June 15th, 2015, 08:07 AM
#14
i cant seem to get this last part to complete. it just seems to want to run and run ... scanning office something 3 thousand and something ....
for hours.
ill try again tonight, maybe in safe more.
thanks
-
June 15th, 2015, 06:37 PM
#15
Try to delete current FRST copy and download fresh one.
Thread Information
Users Browsing this Thread
There are currently 4 users browsing this thread. (0 members and 4 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|