Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser re-directing possibly due to Optimzer Pro and/or desk365


  • This topic is locked This topic is locked
11 replies to this topic

#1 elizabeyta

elizabeyta

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 19 November 2013 - 03:10 PM

Hi,

I appreciate any help with this! My browsers have been taken over. The home page is now do-search dot com and the browser is basically unusable due to redirects. i ran malwarebytes and it found a ton of PUPs mostly related to Optimzer Pro and desk 365. Follow-up MB scans show no results, but still having problems with browser. When connected to the internet, MB stops several outgoing processes from chrome.

Here is my DDS file:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.25.2
Run by elizabeyta at 11:47:41 on 2013-11-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16359.13608 [GMT -8:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Users\elizabeyta\AppData\Roaming\cubby\cubby.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe
C:\Users\elizabeyta\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mcomm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mlauncher.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Users\elizabeyta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\System32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\taskeng.exe
C:\Users\elizabeyta\AppData\Local\GCC\Controller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
mStart Page = hxxp://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
mSearch Page = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
mDefault_Page_URL = hxxp://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
mDefault_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
mSearchAssistant = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
mCustomizeSearch = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
BHO: DictAddon: {F59C837E-D064-4AF4-9126-7F60D8B3218E} - C:\Users\elizabeyta\AppData\Roaming\DictAddon\temp.dat
uRun: [LogMeIn Cubby] "C:\Users\elizabeyta\AppData\Roaming\cubby\cubby.exe" -hidden
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\ELIZAB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\elizabeyta\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.caminova.net/en/downloads/getmodule.aspx?lang=en
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
TCP: Interfaces\{281C9388-F688-4C5C-B243-EC090BC60888} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E0F9434A-9A25-49C5-808D-454A974E282D} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E0F9434A-9A25-49C5-808D-454A974E282D}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
x64-mSearch Page = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
x64-mDefault_Page_URL = hxxp://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
x64-mDefault_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
x64-mSearchAssistant = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
x64-mCustomizeSearch = hxxp://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/05/10&hid=446392735&lg=EN&cc=US&l=1&q=
FF - prefs.js: browser.search.selectedEngine - do-search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/05/10&hid=446392735&lg=EN&cc=US&l=1&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\elizabeyta\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\elizabeyta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\programs\apple\Mozilla Plugins\npitunes.dll
FF - ExtSQL: 2013-09-29 20:11; {BAEBEF65-9289-47c5-8524-C345CC5D860D}; C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi
FF - ExtSQL: 2013-10-02 20:03; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-11-17 21:00; thomas.cummerata@retta.biz; C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default\extensions\thomas.cummerata@retta.biz
FF - ExtSQL: !HIDDEN! 2013-11-18 17:33; thomas.cummerata@retta.biz; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\thomas.cummerata@retta.biz
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2012-2-23 14464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-2-23 55280]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-24 283200]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-6-13 922240]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2012-2-23 586880]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-11-30 8704]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2012-4-9 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-19 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Pro Webcam C920(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-19 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2013-5-2 84720]
R3 SndTAudio;SndTAudio;C:\Windows\System32\drivers\SndTAudio.sys [2013-9-30 34528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\System32\drivers\i1display_x64.sys [2012-2-24 7808]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2013-9-30 505056]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-9-19 36680]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-7-3 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-24 1255736]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-11-19 01:33:35    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\GCC
2013-11-19 01:33:10    --------    d-----w-    C:\Users\elizabeyta\AppData\Roaming\DictAddon
2013-11-19 01:33:08    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\SwvUpdater
2013-11-19 01:32:12    --------    d-----w-    C:\Program Files (x86)\Common Files\337
2013-11-19 01:31:35    --------    d-----w-    C:\Users\elizabeyta\.config
2013-11-19 01:31:25    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\Oxy
2013-11-19 01:31:25    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\Chromium
2013-11-19 01:30:36    --------    d-----w-    C:\Users\elizabeyta\AppData\Roaming\Oxy
2013-11-18 11:31:30    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9528716-160B-4CAC-B266-67D300D059D1}\mpengine.dll
2013-11-17 11:31:03    10280728    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-14 11:02:30    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-14 02:25:58    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-10 05:58:16    --------    d-----w-    C:\Windows\A56C634859D0433BA48A75914858664E.TMP
2013-11-06 10:29:11    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82EEE341-0CC2-4EEC-A1CE-D53AC8B9D0EA}\gapaengine.dll
2013-10-24 22:11:52    121204    ----a-w-    C:\Windows\coachfx Uninstaller.exe
2013-10-24 22:11:50    --------    d-----w-    C:\Program Files (x86)\coachfx
2013-10-24 20:11:22    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\Unity
.
==================== Find3M  ====================
.
2013-11-17 17:30:43    83    ----a-w-    C:\Windows\SysWow64\gpupdate.bin
2013-10-26 04:08:38    35656    ----a-w-    C:\Windows\System32\LMIport.dll
2013-10-26 04:08:38    107368    ----a-w-    C:\Windows\System32\LMIRfsClientNP.dll
2013-10-26 04:08:37    92488    ----a-w-    C:\Windows\System32\LMIinit.dll
2013-10-12 08:45:20    2241536    ----a-w-    C:\Windows\System32\wininet.dll
2013-10-12 08:43:37    3959808    ----a-w-    C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33    2877952    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-10-12 05:44:38    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-27 17:53:06    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 17:53:06    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-23 13:55:20    675988    ----a-w-    C:\Users\elizabeyta\Minecraft (2).exe
2013-09-09 22:40:04    505056    ----a-w-    C:\Windows\SysWow64\GSService.exe
2013-09-08 02:30:37    1903552    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2013-08-29 15:21:30    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-29 15:21:29    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-08-29 15:21:29    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-08-29 02:17:48    5549504    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-08-29 02:16:14    859648    ----a-w-    C:\Windows\System32\tdh.dll
2013-08-29 02:13:28    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45    3969472    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-08-28 01:12:33    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
.
============= FINISH: 11:48:31.05 ===============
 

 

Thanks so much!!

Liz

Attached Files



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:28 AM

Posted 19 November 2013 - 03:47 PM

Hi elizabeyta and Welcome to BleepingComputer!

I am currently looking though your logs and will advice you on what to do in my next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 elizabeyta

elizabeyta
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 19 November 2013 - 03:53 PM

Great! Thanks much!



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:28 AM

Posted 19 November 2013 - 04:35 PM

Hello elizabeyta

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

We need to stop some of your programs running as they are known to interfere with the tools we use.


Please download Defogger and save it to your Desktop.
 

  • Double click Defogger.exe to run the program.
    Note Windows Vista /7 should right click and Run As Administrator
  • Click on Disable and then Yes. The Scan may take a while to complete

When this has completed you will get a new window open with the Finished box, click Continue and Close Defogger Down

Please Disable WinPatrol

To disable it, right-click the system tray icon and select "Options".

Next, uncheck "Automatically run WinPatrol when computer starts".

Close the program, then right-click the the system tray icon and select "Exit Program".

Step 2

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 3

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Unzip the folder (Right Click > Extract all > Next > Next > Make sure Show Extracted Files is tick and Click Finish ).
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    autoclean;
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

Edited by seedy21, 19 November 2013 - 04:36 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 elizabeyta

elizabeyta
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 19 November 2013 - 05:51 PM

Here are the results:

ADWare Cleaner:

# AdwCleaner v3.012 - Report created 19/11/2013 at 13:54:56
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : elizabeyta - IGIST-MEDIA
# Running from : C:\Users\elizabeyta\Desktop\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\ciointinuetosave
Folder Deleted : C:\Program Files (x86)\continuetosave
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Users\elizabeyta\AppData\Local\Oxy
Folder Deleted : C:\Users\elizabeyta\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\ELIZAB~1\AppData\Local\Temp\Desk365
Folder Deleted : C:\Users\elizabeyta\AppData\LocalLow\ciointinuetosave
Folder Deleted : C:\Users\elizabeyta\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\elizabeyta\AppData\Roaming\Oxy
Folder Deleted : C:\Users\elizabeyta\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\elizabeyta\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default\searchplugins\EasyLife.xml
File Deleted : C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default\user.js
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_daemon-tools_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_vlc-media-player_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\V9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/05/10&hid=446392735&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("browser.search.order.1", "EasyLife");
Line Deleted : user_pref("browser.search.order.1,S", "EasyLife");
Line Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");
Line Deleted : user_pref("extensions.518d734061d92.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "9b342e0d-756e-436d-83be-c9007f225884");
Line Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/05/10&hid=446392735&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=34&src=ff1&r=2013/05/10&hid=446392735&lg=EN&cc=US");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/05/10&hid=446392735&lg=EN&cc=US&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\elizabeyta\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6428 octets] - [19/11/2013 13:50:35]
AdwCleaner[S0].txt - [6176 octets] - [19/11/2013 13:54:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6236 octets] ##########
 

 

 

zoek-results:

 

Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by elizabeyta on Tue 11/19/2013 at 14:04:20.32.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\elizabeyta\Desktop\zoek\zoek.exe [Script inserted]

==== System Restore Info ======================

11/19/2013 2:05:11 PM Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_20131119_0209.zip ======================
 
Process chrome.exe killed
Copied file C:\Users\elizabeyta\Minecraft (2).exe to sample\Minecraft (2).exe
sample\Minecraft (2).exe renamed to 3C166BAE84553D4CB27AF8ABDC61712D

C:\Users\Public\Desktop\sample_20131119_0209.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-235409771-2387133316-3538370774-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_USERS\S-1-5-21-235409771-2387133316-3538370774-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Users\elizabeyta\AppData\Roaming\cubby\cubby.exe
C:\Users\elizabeyta\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\elizabeyta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Users\elizabeyta\AppData\Local\GCC\Controller.exe
C:\Users\elizabeyta\Desktop\zoek\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default

user.js not found
---- Lines search.com removed from prefs.js ----
user_pref("browser.newtab.url", "http://do-search.com/newtab/?type=nt&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN");
---- FireFox user.js and prefs.js backups ----

prefs_20131119_0209_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Opera\shell\open\command]
@="C:\\Program Files (x86)\\Opera\\Opera.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Safari.exe\shell\open\command]
@="C:\\Program Files (x86)\\Safari\\Safari.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Amazon.com deleted
C:\Users\elizabeyta\AppData\Roaming\burnaware.ini deleted
C:\Users\elizabeyta\AppData\Roaming\Camdata.ini deleted
C:\Users\elizabeyta\AppData\Roaming\CamLayout.ini deleted
C:\Users\elizabeyta\AppData\Roaming\CamShapes.ini deleted
C:\ProgramData\InstallMate deleted
C:\Users\elizabeyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx deleted
C:\Users\elizabeyta\AppData\LocalLow\store-pp.jbs deleted
C:\Users\elizabeyta\AppData\LocalLow\SearchNewTab deleted
C:\windows\SysNative\tasks\RunAsStdUser Task deleted
C:\Users\Public\Desktop\Freemake Video Downloader.lnk deleted
C:\Users\Public\Desktop\Moyea Free Flash Downloader.lnk deleted
C:\Users\elizabeyta\Minecraft (2).exe deleted
"C:\PROGRA~2\Amazon\SendToKindle\stkContextMenu_192.dll" deleted
"C:\PROGRA~2\Amazon" not deleted
"C:\PROGRA~2\Amazon\SendToKindle" not deleted

==== System Specs ======================

Operating System: Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 64-bit
Manufacturer: System manufacturer - Model: System Product Name
Install Date: 2/22/2012 12:12:13 PM
Last Boot: 11/19/2013 1:56:14 PM
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Number of Processors: 8
Work Station
Bootmode: Normal boot
Total RAM: 16359 MB (free 13685 MB - 83)
Computername: IGIST-MEDIA
Domain: WORKGROUP
User: elizabeyta (Non-Administrator account)
Local Disk:        C:\ - NTFS - 111 GB (free 6 GB)
Local Disk:        D:\ - NTFS - 596 GB (free 280 GB)
CD \ DVD Drive:    E:\
Removable Disk:    F:\ -  -  GB (free  GB)
Removable Disk:    G:\ -  -  GB (free  GB)
CD \ DVD Drive:    H:\
CD \ DVD Drive:    I:\
Removable Disk:    J:\ -  -  GB (free  GB)
Removable Disk:    K:\ -  -  GB (free  GB)
Removable Disk:    L:\ -  -  GB (free  GB)
Removable Disk:    M:\ - FAT32 - 7 GB (free 1 GB)
Bootdevice: \Device\HarddiskVolume2
Windows update:
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Internet Explorer Version: 10.0.9200.16736
Mozilla Firefox version: 25.0.1 (x86 en-US)
Google Chrome version: 31.0.1650.57
Adobe Reader version: 11.0.03.37
Sun Java version: 1.7.0_25 (32-bit)
Flash Player version: 11.7.700.224

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-10-24 22:11:52    5A1E1DB40A74FD140212A7CA1736B75D    121204    ----a-w-    C:\Windows\coachfx Uninstaller.exe
====== C:\Users\ELIZAB~1\AppData\Local\Temp ====
2013-11-19 22:09:26    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{E052F1CF-FF96-4AFF-A00C-FAFA54DD16A0}\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
2013-11-19 22:09:26    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{E052F1CF-FF96-4AFF-A00C-FAFA54DD16A0}\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
2013-11-19 22:09:26    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{73D6AC5C-2319-49A3-9272-946B4D64BE4D}\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
2013-11-19 22:09:26    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{73D6AC5C-2319-49A3-9272-946B4D64BE4D}\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
2013-11-19 22:09:26    8DEFF623811CBF594D0AB68705FE80C6    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{E052F1CF-FF96-4AFF-A00C-FAFA54DD16A0}\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2013-11-19 22:09:26    8DEFF623811CBF594D0AB68705FE80C6    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{73D6AC5C-2319-49A3-9272-946B4D64BE4D}\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2013-11-19 22:08:11    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{AF76A180-4F1E-43DA-82C6-14763CF8C467}\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
2013-11-19 22:08:11    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{AF76A180-4F1E-43DA-82C6-14763CF8C467}\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
2013-11-19 22:08:11    8DEFF623811CBF594D0AB68705FE80C6    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{AF76A180-4F1E-43DA-82C6-14763CF8C467}\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2013-11-19 22:08:01    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{184D85BE-507D-4B5B-B0AA-2F0153ED47E5}\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
2013-11-19 22:08:01    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{184D85BE-507D-4B5B-B0AA-2F0153ED47E5}\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
2013-11-19 22:08:01    8DEFF623811CBF594D0AB68705FE80C6    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{184D85BE-507D-4B5B-B0AA-2F0153ED47E5}\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2013-11-19 21:59:01    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{BD0B1BCE-2761-4D24-B2B0-54C80269B09A}\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
2013-11-19 21:59:01    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{BD0B1BCE-2761-4D24-B2B0-54C80269B09A}\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
2013-11-19 21:59:01    8DEFF623811CBF594D0AB68705FE80C6    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{BD0B1BCE-2761-4D24-B2B0-54C80269B09A}\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2013-11-19 21:58:53    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{D4287B47-19A0-43D9-8133-E4E532DA77E4}\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh\1.0.0_0\npFreemakeYoutubeDownloader.dll
2013-11-19 21:58:53    F3D19B2013B9B9F9F0A1D7456B0A23AF    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{D4287B47-19A0-43D9-8133-E4E532DA77E4}\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
2013-11-19 21:58:53    8DEFF623811CBF594D0AB68705FE80C6    57344    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\GC\Profiles\{D4287B47-19A0-43D9-8133-E4E532DA77E4}\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
2013-11-19 01:39:51    95563AD7AEE2143788ABB3FD75E8C9CB    45392536    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp14BA.exe
2013-11-19 01:39:18    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp927F.exe
2013-11-19 01:39:15    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp85B1.exe
2013-11-19 01:39:14    BA0DBFD0DC69A76E50A2AA65690449F8    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\ForceOpDownload_83EA\ForceOp_Downloader.exe
2013-11-19 01:39:13    BA0DBFD0DC69A76E50A2AA65690449F8    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\Download_7F87\ForceOp_Downloader.exe
2013-11-19 01:33:34    30760EBDAE69580193848DC2EA04CD26    469588    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp533C\gcsetup.exe
2013-11-19 01:33:31    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp47E5.exe
2013-11-19 01:33:22    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp25A4\Bundle.exe
2013-11-19 01:33:20    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp1ADA.exe
2013-11-19 01:33:16    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpEA8.exe
2013-11-19 01:33:02    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpD445\Bundle.exe
2013-11-19 01:32:58    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpC6AD.exe
2013-11-19 01:31:36    B5B6B59BE79EEE986F700DA490B670CF    561648    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp8835\mp3_do-search.exe
2013-11-19 01:31:19    95563AD7AEE2143788ABB3FD75E8C9CB    45392536    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp423F.exe
2013-11-19 01:30:42    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpB24E.exe
2013-11-19 01:30:38    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpA2A3.exe
2013-11-19 01:30:37    A1A654F7EB1EE9904354EC47348FCE03    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\ForceOP 1.6.2Download_A0DC\ForceOP_1.6.2_Downloader.exe
2013-11-19 01:30:35    A1A654F7EB1EE9904354EC47348FCE03    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\Download_975A\ForceOP_1.6.2_Downloader.exe
2013-11-19 01:30:35    7222F8144A764F45B21FBC89E007C4C9    947200    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\htmlayout.dll
2013-11-15 18:09:24    EE942AA13E463A1967F4550CFC144DFB    100352    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\fullpackage_temp1384824697\QQBrowserFrame.dll
2013-11-15 18:09:24    DE5F4849C496E6DA7EFC07148E1F5865    4494928    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\fullpackage_temp1384824697\tmp\desk365.exe
2013-11-15 18:09:24    2EEE15B1927EADFF45013E94B0CB0D94    131640    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\fullpackage_temp1384824697\QQBrowser.exe
2013-11-14 16:02:25    8D65244421B6A050DC3AA9639277C4D8    327553    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\is1615585457\16925071_stp.EXE
2013-11-10 05:58:14    2415F4B2BF77D164AE4C02B09C3A9CB6    65959936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\Snagit_Setup\Setup_Snagit_EVALUATION_ENU.msi
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2013-11-14 11:02:30    FED1803F2F9C4BDBA8267EA2DE47CFE2    2706432    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 11:02:29    FEB2F07A980A9844AD1B5E886C9B5338    391168    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2013-11-14 11:02:29    E841206E319069920C394A5E3842568F    61440    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2013-11-14 11:02:28    DA5374911037841F81072A4DCBB02D93    2049024    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2013-11-14 11:02:28    8D98D99DC6D4033591354156CEB25153    109056    ----a-w-    C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 11:02:28    8317DD8D4095FE4076E9F6EC3A747940    71680    ----a-w-    C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 11:02:28    70F131E94E1B4496469A563C85279192    33280    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2013-11-14 11:02:27    AD6639EF2BD655C7E630B6BCF7203463    493056    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 11:02:27    6AD683FF326836EB6AE63B1F144A4F9D    690688    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2013-11-14 11:02:26    D42525513055C0A65FD4BEFAFACEB134    2877952    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2013-11-14 11:02:26    A5897063A4B6796EFB7B34CEC5BC739F    1138176    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2013-11-14 11:02:25    98B05ADD60BAA432E708BAFEBE5B1D70    39424    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 11:02:25    5FD4335DCD343D0FEA9FA6B18ED408D9    1767936    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2013-11-14 11:02:24    1191434BB424F18C2609AB5C955DD14E    13761024    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2013-11-14 11:02:21    02A04841906A8892AD6CC7BDBCB5F61D    14355968    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2013-11-14 02:25:57    CC09E0C9A2D89C6E71D093DC8BD121B7    1168384    ----a-w-    C:\Windows\SysWOW64\crypt32.dll
2013-11-14 02:25:56    EE7CB55F77465CDAC4C80F587FF7C278    1796096    ----a-w-    C:\Windows\SysWOW64\authui.dll
2013-11-14 02:25:55    E9BB0CD09DA17C71FD1B9954D75AEEF7    168960    ----a-w-    C:\Windows\SysWOW64\credui.dll
2013-11-14 02:25:55    4BCC63ED1C3D15B2635A8AE2B854B3EB    152576    ----a-w-    C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 02:25:54    AA6F6457116B559B76BC6A012CB4C293    247808    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2013-11-14 02:25:53    AD7FB087A238883D1618F29F7BBBD584    220160    ----a-w-    C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 02:25:53    42B924C5F3924C1EB2539F22C10D7DF1    96768    ----a-w-    C:\Windows\SysWOW64\sspicli.dll
2013-11-14 02:25:53    372948BB5E41CE42341C4398DE572E56    22016    ----a-w-    C:\Windows\SysWOW64\secur32.dll
2013-11-14 02:25:52    F0D0E883EBBDC7615DC9EDEA0FFB2817    216576    ----a-w-    C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 02:25:52    CE2A48CD0D2B39FB77FA4797C6434E71    656896    ----a-w-    C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 02:25:52    56E3313690866F99CD17AA1342F64AE1    311808    ----a-w-    C:\Windows\SysWOW64\gdi32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-11-14 11:02:30    668653D2C9ED9E7529386DD8138FAAEB    2706432    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2013-11-14 11:02:29    8D0D46B480BB260FA2AEA1201F15E784    526336    ----a-w-    C:\Windows\Sysnative\ieui.dll
2013-11-14 11:02:28    F08BF4FC30F31350DCAB06F2B59ED1E9    136704    ----a-w-    C:\Windows\Sysnative\iesysprep.dll
2013-11-14 11:02:28    A96B3E9D360DE75B09EE77698A54412B    2648576    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2013-11-14 11:02:28    9F1D74E792DADA30809FCA64F705C042    89600    ----a-w-    C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-11-14 11:02:28    59AD440EFC7A653B55D5DC34E75960B2    39936    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2013-11-14 11:02:28    3E86B4126D4CD0D9CA5B78DBE9F8D7CB    51712    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2013-11-14 11:02:28    2CA49EB6296DBC1A5CEE141009A6F757    67072    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2013-11-14 11:02:27    EFB4937249C7E4D57F69CC4B1986BC4B    855552    ----a-w-    C:\Windows\Sysnative\jscript.dll
2013-11-14 11:02:27    1E47964351EA38C20A8E28B413769C80    603136    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2013-11-14 11:02:26    90868BDD4047BF951E03620961945149    3959808    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2013-11-14 11:02:25    F13305A81317DDAEA3968D2D8EC0C0A4    1364992    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2013-11-14 11:02:25    B83DB27D36C697760E0D33AE0CF76AAD    53248    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2013-11-14 11:02:24    9706C99DAEBE3FEAC811B239617E98C4    2241536    ----a-w-    C:\Windows\Sysnative\wininet.dll
2013-11-14 11:02:23    9991ABD246ED906CF420B2CA08BF685A    15404544    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2013-11-14 11:02:22    25C356A79B7002E0A20AAF592ED59DE4    19269632    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2013-11-14 02:25:58    780F6ECC4F55D76C9730E6B6C9B31913    1474048    ----a-w-    C:\Windows\Sysnative\crypt32.dll
2013-11-14 02:25:56    34152997FB906895290E0199AC94B85F    1930752    ----a-w-    C:\Windows\Sysnative\authui.dll
2013-11-14 02:25:55    8563BA40DF4F1E93A61B70E2C8B60CF8    190464    ----a-w-    C:\Windows\Sysnative\SmartcardCredentialProvider.dll
2013-11-14 02:25:55    4403D5ECE7D8323CAF1207D1AA38FA01    197120    ----a-w-    C:\Windows\Sysnative\credui.dll
2013-11-14 02:25:54    31FFED18C7B836CEC1B559347E32E151    340992    ----a-w-    C:\Windows\Sysnative\schannel.dll
2013-11-14 02:25:53    B08EA91C774AA734E0B9881F85CD9F42    135680    ----a-w-    C:\Windows\Sysnative\sspicli.dll
2013-11-14 02:25:53    7C46EC9CCDE6E793713FA01DB2EB918E    28672    ----a-w-    C:\Windows\Sysnative\sspisrv.dll
2013-11-14 02:25:53    747B9BA5412422F27934CB21131F0A3E    307200    ----a-w-    C:\Windows\Sysnative\ncrypt.dll
2013-11-14 02:25:53    56325BB1FF19F2A5AC8713756AC41140    404480    ----a-w-    C:\Windows\Sysnative\gdi32.dll
2013-11-14 02:25:53    4D71227301DD8D09097B9E4CC6527E5A    30720    ----a-w-    C:\Windows\Sysnative\lsass.exe
2013-11-14 02:25:53    208EAAFF40DA400190AA0605C797BEA2    28160    ----a-w-    C:\Windows\Sysnative\secur32.dll
2013-11-14 02:25:53    086F906B1D30C0A5D35FE0F6362DAB21    1447936    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2013-11-14 02:25:52    D07EB640618F96490DB88C3CE58DB608    324096    ----a-w-    C:\Windows\Sysnative\FWPUCLNT.DLL
2013-11-14 02:25:52    660C06F663F27760F565FD567B57625C    830464    ----a-w-    C:\Windows\Sysnative\nshwfp.dll
2013-11-14 02:25:52    344789398EC3EE5A4E00C52B31847946    859648    ----a-w-    C:\Windows\Sysnative\IKEEXT.DLL
====== C:\Windows\Sysnative\drivers =====
2013-11-14 02:25:56    79059559E89D06E8B80CE2944BE20228    497152    ----a-w-    C:\Windows\Sysnative\drivers\afd.sys
2013-11-14 02:25:54    EBF28856F69CF094A902F884CF989706    458712    ----a-w-    C:\Windows\Sysnative\drivers\cng.sys
2013-11-14 02:25:54    8F489706472F7E9A06BAAA198703FA64    95680    ----a-w-    C:\Windows\Sysnative\drivers\ksecdd.sys
2013-11-14 02:25:54    868A2CAAB12EFC7A021682BCA0EEC54C    154560    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
2013-11-19 01:34:36    AA09DD8752943F53CE2A24E6EB5F32B9    3622    ----a-w-    C:\Windows\Sysnative\Tasks\Oxy
2013-11-19 01:33:36    8B9273AF82329797D1453053DEE16A5C    4542    ----a-w-    C:\Windows\Sysnative\Tasks\GC_Scheduler
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-10-24 22:11:50    --------    d-----w-    C:\PROGRA~2\coachfx
======= C: =====
====== C:\Users\elizabeyta\AppData\Roaming ======
2013-11-19 21:56:57    --------    d-----r-    C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-11-19 01:33:35    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\GCC
2013-11-19 01:33:12    --------    d-----w-    C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DictAddon
2013-11-19 01:33:10    --------    d-----w-    C:\Users\elizabeyta\AppData\Roaming\DictAddon
2013-11-19 01:31:25    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\Chromium
2013-11-14 14:04:20    --------    d-----w-    C:\Users\admin\AppData\Roaming\dll-files.com
2013-10-24 22:11:52    --------    d-----w-    C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coachfx
2013-10-24 20:11:22    --------    d-----w-    C:\Users\elizabeyta\AppData\Locallow\Unity
2013-10-24 20:11:22    --------    d-----w-    C:\Users\elizabeyta\AppData\Local\Unity
====== C:\Users\elizabeyta ======
2013-11-19 21:47:56    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\elizabeyta\defogger_reenable
2013-11-19 21:45:12    9812917FE2FCDEA2FD800573D7842E5D    1085542    ----a-w-    C:\Users\elizabeyta\Desktop\AdwCleaner (2).exe
2013-11-19 21:44:46    9146F21288AB749C4C729343F5F285A1    50477    ----a-w-    C:\Users\elizabeyta\Desktop\Defogger.exe
2013-11-19 19:46:41    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\elizabeyta\Desktop\dds.com
2013-11-19 01:39:02    BA0DBFD0DC69A76E50A2AA65690449F8    5332936    ----a-w-    C:\Users\elizabeyta\Downloads\ForceOp_Downloader.exe
2013-11-19 01:31:35    --------    d-----w-    C:\Users\elizabeyta\.config
2013-11-10 05:57:52    23375C4BD17B71D826DAEE2090066E9B    62083928    ----a-w-    C:\Users\elizabeyta\Downloads\snagitup.exe
2013-11-07 18:31:13    78ACED62524FEB8F119A696B79AB9FDB    51529400    ----a-w-    C:\Users\elizabeyta\Downloads\MC361Win7_ENU100.exe

====== C: exe-files ==
2013-11-19 21:45:12    9812917FE2FCDEA2FD800573D7842E5D    1085542    ----a-w-    C:\Users\elizabeyta\Desktop\AdwCleaner (2).exe
2013-11-19 21:44:46    9146F21288AB749C4C729343F5F285A1    50477    ----a-w-    C:\Users\elizabeyta\Desktop\Defogger.exe
2013-11-19 01:42:59    71767DBBD42534D517AEA9085C25D4A5    544    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-235409771-2387133316-3538370774-1001\$I5RSWV8.exe
2013-11-19 01:39:51    95563AD7AEE2143788ABB3FD75E8C9CB    45392536    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp14BA.exe
2013-11-19 01:39:18    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp927F.exe
2013-11-19 01:39:15    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp85B1.exe
2013-11-19 01:39:14    BA0DBFD0DC69A76E50A2AA65690449F8    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\ForceOpDownload_83EA\ForceOp_Downloader.exe
2013-11-19 01:39:13    BA0DBFD0DC69A76E50A2AA65690449F8    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\Download_7F87\ForceOp_Downloader.exe
2013-11-19 01:39:02    BA0DBFD0DC69A76E50A2AA65690449F8    5332936    ----a-w-    C:\Users\elizabeyta\Downloads\ForceOp_Downloader.exe
2013-11-19 01:33:36    0E7D34915088AFDC2A8FA0BAD8CE407C    47794    ----a-w-    C:\Users\elizabeyta\AppData\Local\GCC\uninstall.exe
2013-11-19 01:33:34    30760EBDAE69580193848DC2EA04CD26    469588    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp533C\gcsetup.exe
2013-11-19 01:33:31    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp47E5.exe
2013-11-19 01:33:22    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp25A4\Bundle.exe
2013-11-19 01:33:20    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp1ADA.exe
2013-11-19 01:33:16    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpEA8.exe
2013-11-19 01:33:12    B67E8C925EC9D8B8AFA04CC1B02F8D6D    548864    ----a-w-    C:\Users\elizabeyta\AppData\Roaming\DictAddon\uninst.exe
2013-11-19 01:33:02    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpD445\Bundle.exe
2013-11-19 01:32:58    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpC6AD.exe
2013-11-19 01:31:36    B5B6B59BE79EEE986F700DA490B670CF    561648    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp8835\mp3_do-search.exe
2013-11-19 01:31:19    95563AD7AEE2143788ABB3FD75E8C9CB    45392536    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmp423F.exe
2013-11-19 01:30:42    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpB24E.exe
2013-11-19 01:30:38    0FD3755D0D91AA20AB7FCE1EFD7882BE    71208    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\tmpA2A3.exe
2013-11-19 01:30:37    A1A654F7EB1EE9904354EC47348FCE03    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\ForceOP 1.6.2Download_A0DC\ForceOP_1.6.2_Downloader.exe
2013-11-19 01:30:35    A1A654F7EB1EE9904354EC47348FCE03    5332936    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\Download_975A\ForceOP_1.6.2_Downloader.exe
2013-11-19 01:30:23    A1A654F7EB1EE9904354EC47348FCE03    5332936    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-235409771-2387133316-3538370774-1001\$R5RSWV8.exe
2013-11-15 18:09:24    DE5F4849C496E6DA7EFC07148E1F5865    4494928    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\fullpackage_temp1384824697\tmp\desk365.exe
2013-11-15 18:09:24    2EEE15B1927EADFF45013E94B0CB0D94    131640    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\fullpackage_temp1384824697\QQBrowser.exe
2013-11-14 21:45:24    F06EE764FF00B7A049862C8D50D4215D    730976    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\31.0.1650.57\31.0.1650.57_31.0.1650.48_chrome_updater.exe
2013-11-14 16:02:25    8D65244421B6A050DC3AA9639277C4D8    327553    ----a-w-    C:\Users\elizabeyta\AppData\Local\Temp\is1615585457\16925071_stp.EXE
2013-11-14 14:05:17    4EC91CB3798B27AFD3250A8D256D861C    33506264    ----a-w-    C:\Users\elizabeyta\AppData\Local\Amazon Cloud Player\Updater\MorphoUpdater.exe
2013-11-14 11:02:28    9F1D74E792DADA30809FCA64F705C042    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-14 11:02:28    8317DD8D4095FE4076E9F6EC3A747940    71680    ----a-w-    C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 11:02:28    3E86B4126D4CD0D9CA5B78DBE9F8D7CB    51712    ----a-w-    C:\Windows\System32\ie4uinit.exe
2013-11-14 11:02:27    D7D5768B8A697FCBAEE2CFE137070F02    770736    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-11-14 11:02:27    39D0074C59F6D1A62731942C7FA8B60B    775344    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2013-11-14 02:25:53    4D71227301DD8D09097B9E4CC6527E5A    30720    ----a-w-    C:\Windows\System32\lsass.exe
=== C: other files ==
2013-11-19 22:09:15    242EFDCC9F6B76EC25ED0E2FF910639B    351783    ----a-w-    C:\Users\Public\Desktop\sample_20131119_0209.zip
2013-11-19 19:53:05    D31B1788329EC414B191802B0B3A5BD0    5716    ----a-w-    C:\Users\elizabeyta\Desktop\attach.zip
2013-11-19 19:46:41    8B968045D75783A09592C3105F2865DA    688992    ------r-    C:\Users\elizabeyta\Desktop\dds.com
2013-11-19 01:41:40    2876ACEDCE9F030F9601AE7D51C59FAB    3685218    ----a-w-    C:\Users\elizabeyta\Downloads\Minecraft Force Op 1.6.4.zip
2013-11-19 01:36:19    8472D5AC467301A8F677E0043610B552    75    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-235409771-2387133316-3538370774-1001\$R28WPW7\Update Check.bat
2013-11-19 01:36:19    834225D75F0A78DE5BCE03108E02534B    94    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-235409771-2387133316-3538370774-1001\$R28WPW7\Start.bat
2013-11-19 01:36:18    EE67D9085C62F1601F12D2C1C3755B3A    847    ----a-w-    C:\$RECYCLE.BIN\S-1-5-21-235409771-2387133316-3538370774-1001\$R28WPW7\Debug.bat
2013-11-14 02:25:56    79059559E89D06E8B80CE2944BE20228    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-11-14 02:25:54    EBF28856F69CF094A902F884CF989706    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-11-14 02:25:54    8F489706472F7E9A06BAAA198703FA64    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-11-14 02:25:54    868A2CAAB12EFC7A021682BCA0EEC54C    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-235409771-2387133316-3538370774-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Cubby"="C:\Users\elizabeyta\AppData\Roaming\cubby\cubby.exe -hidden"
"GoToMeeting"="C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe /Trigger RunAtLogon"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LWS"="C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide"
"ASUS ShellProcess Execute"="C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe"
"ASUS AiChargerPlus Execute"="C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe"
"PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Cubby"="C:\Users\elizabeyta\AppData\Roaming\cubby\cubby.exe -hidden"
"GoToMeeting"="C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe /Trigger RunAtLogon"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"LogMeIn GUI"="C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"AtherosBtStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

==== Startup Folders ======================

2013-05-08 16:47:19    1057    ----a-w-    C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:6C:\Program Files (x86)\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/19/2012 11:57 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-IGIST-Media-elizabeyta" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\Amazon Music Helper" [C:\Users\elizabeyta\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GC_Scheduler" ["%LOCALAPPDATA%\GCC\Controller.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\MyDefrag v4.3.1 Daily" ["C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD"]
"C:\Windows\SysNative\tasks\MyDefrag v4.3.1 Monthly" ["C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD"]
"C:\Windows\SysNative\tasks\Oxy" [C:\Users\elizabeyta\AppData\Roaming\Oxy\Updater.exe]
"C:\Windows\SysNative\tasks\RDReminder" [C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe]
"C:\Windows\SysNative\tasks\{A9F4AFFE-876D-441F-B917-AC0FDE54A4F7}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\ASUS\ASUS AI Suite II Execute" [C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS DigiVRM Help" [C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Mobilink Execute" [C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\ASUS Mobilink.exe]
"C:\Windows\SysNative\tasks\ASUS\USB 3.0 Boost Service" [C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"fmconverter@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox" [12/01/2012 09:56 AM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{b74e7f24-2829-4ba2-9c21-138d0968cd50}"="C:\Program Files (x86)\Re-markit\135.xpi" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default
- LogMeIn Inc. Remote Access Plugin - %ProfilePath%\extensions\LogMeInClient@logmein.com
- DictAddon - %ProfilePath%\extensions\thomas.cummerata@retta.biz
- Dr.Web Anti-Virus Link Checker - %ProfilePath%\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
- Exif Viewer - %ProfilePath%\extensions\exif_viewer@mozilla.doslash.org.xpi
- FireFTP - %ProfilePath%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
- Sothink Flash Downloader for Firefox - %ProfilePath%\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- DictAddon - %AppDir%\browser\extensions\thomas.cummerata@retta.biz
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\elizabeyta\AppData\Roaming\Mozilla\Firefox\Profiles\0hb974hz.default
86616A2DB28CBDE470874BD61E8C9B1B    - C:\Users\elizabeyta\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
D7324EB1EDCB8990F8522DE0311359E9    - C:\Windows\SysWOW64\npDeployJava1.dll -    Java Deployment Toolkit 7.0.250.17
3D76B5C0E02ECC19C1F5756E8FD97F72    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll -    Shockwave Flash
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\elizabeyta\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104
270EE43CC00609B9937AAF94E1E970D4    - D:\programs\apple\Mozilla Plugins\npitunes.dll -    iTunes Application Detector
15E298B5EC5B89C5994A59863969D9FF    - C:\Windows\SysWOW64\npmproxy.dll -    Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bpegkgagfojjbcpkihigfmkojdmmimdf - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[09/11/2012 01:45 PM]
ehgldbbpchgpcfagfpfjgoomddhccfgh - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx[11/12/2012 02:22 PM]
jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[05/30/2012 03:56 PM]

Freemake Video Downloader - elizabeyta - Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Freemake Video Downloader - elizabeyta - Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Freemake Video Converter - elizabeyta - Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Google Wallet - elizabeyta - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
"Default_Page_URL"="http://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN"
"Start Page"="http://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN"
"Search Page"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
"Default_Page_URL"="http://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN"
"Start Page"="http://do-search.com/?type=hp&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN"
"Search Page"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
"SearchAssistant"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
"SearchAssistant"="http://do-search.com/web/?type=ds&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-235409771-2387133316-3538370774-1001\Software\Mozilla\Firefox\Extensions\{FDA277A1-0242-11E2-8271-B8AC6F996F26} deleted successfully
HKEY_USERS\S-1-5-21-235409771-2387133316-3538370774-1001\Software\Mozilla\Firefox\Extensions\{b74e7f24-2829-4ba2-9c21-138d0968cd50} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\admin\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\elizabeyta\Desktop\coachfx.lnk - C:\Program Files (x86)\coachfx\CoachFX.exe
C:\Users\elizabeyta\Desktop\Continue Font Installer Installation.lnk - C:\Users\elizabeyta\AppData\Local\Temp\ICReinstall_Font_Installer.exe  /RR
C:\Users\elizabeyta\Desktop\Cubby.lnk - C:\Users\elizabeyta\AppData\Roaming\cubby\cubby.exe
C:\Users\elizabeyta\Desktop\Dropbox.lnk - C:\Users\elizabeyta\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\elizabeyta\Desktop\FAT32 GUI Formatter.lnk - C:\ModMii\Program Files\FAT32_GUI_Formatter\FAT32_GUI_Formatter.exe
C:\Users\elizabeyta\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\elizabeyta\Desktop\Free Screen To Video.lnk - C:\Program Files (x86)\Free Screen To Video\FreeScreenVideo.exe
C:\Users\elizabeyta\Desktop\GoToMeeting.lnk - C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe "/Action Host" "/Trigger Shortcut" "/Product G2M"
C:\Users\elizabeyta\Desktop\GoToWebinar.lnk - C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe "/Action Host" "/Trigger Shortcut" "/Product G2W"
C:\Users\elizabeyta\Desktop\Handbrake.lnk - C:\Program Files (x86)\Handbrake\Handbrake.exe
C:\Users\elizabeyta\Desktop\inSSIDer.lnk - C:\Users\elizabeyta\AppData\Roaming\Microsoft\Installer\{65A5E87D-7A3F-4819-807D-B86990D5F369}\_C103A54796D0027EBD63FB.exe
C:\Users\elizabeyta\Desktop\Install Cute FTP Professional.lnk - C:\Users\elizabeyta\AppData\Local\Temp\ICReinstall\cnet2_cuteftppro_exe.exe /RR
C:\Users\elizabeyta\Desktop\Kindle.lnk - C:\Users\elizabeyta\AppData\Local\Amazon\Kindle\application\Kindle.exe
C:\Users\elizabeyta\Desktop\Minecraft Mods.lnk - C:\Users\elizabeyta\Desktop\Minecraft Mods
C:\Users\elizabeyta\Desktop\MP3 Skype Recorder.lnk - C:\Users\elizabeyta\AppData\Roaming\Microsoft\Installer\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}\_1FE0E36A5139891EB85BB9.exe
C:\Users\elizabeyta\Desktop\MyPublisher.lnk - C:\Program Files (x86)\MyPublisher\MyPublisher\MyPublisher40.exe
C:\Users\elizabeyta\Desktop\payroll-adp.lnk - D:\IGIST_lizAbeyta\Accounting\payroll-adp
C:\Users\elizabeyta\Desktop\QuickGamma.lnk - C:\Program Files (x86)\QuickGamma\QuickGamma.exe
C:\Users\elizabeyta\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\elizabeyta\Desktop\Singing Coach 4 Lite.lnk - C:\Program Files (x86)\Singing Coach 4 Lite\Singing Coach 4 Lite.exe
C:\Users\elizabeyta\Desktop\TreeSize Free.lnk - C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
C:\Users\elizabeyta\Desktop\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
C:\Users\elizabeyta\Desktop\Adrians sdcrad\Resume Cheat Engine download.lnk - C:\Users\elizabeyta\Downloads\cheat engine setup.exe
C:\Users\elizabeyta\Desktop\backups\backup-20121114-132814-130-QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Users\elizabeyta\Desktop\backups\backup-20121114-132814-521-Logo Calibration Loader.lnk - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
C:\Users\elizabeyta\Desktop\backups\backup-20121114-132814-888-ProfileReminder.lnk - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
C:\Users\elizabeyta\Desktop\backups\backup-20121114-132814-997-OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr
C:\Users\UpdatusUser\Desktop\Handbrake.lnk - C:\Program Files\Handbrake\Handbrake.exe
C:\Users\UpdatusUser\Desktop\QuickGamma.lnk - C:\Program Files (x86)\QuickGamma\QuickGamma.exe
C:\Users\UpdatusUser\Desktop\Scratch.lnk - C:\Program Files (x86)\Scratch\Scratch.exe "C:\Program Files (x86)\Scratch\Scratch.image"
C:\Users\UpdatusUser\Desktop\WA3.0 Guide.lnk - C:\ProgramData\WorkingArtist30\GuidePdf\WaGuide3.pdf
C:\Users\UpdatusUser\Desktop\WorkingArtist 3.0.lnk - C:\Program Files (x86)\Common Files\Sagekey Software\StartAccess_97.exe -CMD="SOFTWARE\Software for Artists\WorkingArtist_3.0"

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\1Step DVD Copy.lnk - C:\Program Files (x86)\1Step DVD Copy\1StepDVDCopy.exe
C:\Users\Public\Desktop\Adobe Application Manager.lnk - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\AllWebMenus 5 PRO.lnk - C:\Program Files (x86)\AllWebMenus5\AllWebMenus.exe
C:\Users\Public\Desktop\Articulate Engage '09.lnk - C:\Program Files (x86)\Articulate\Articulate Engage\Engage.exe
C:\Users\Public\Desktop\Articulate Presenter '09.lnk - C:\Program Files (x86)\Articulate\Presenter\common\Presenter.exe
C:\Users\Public\Desktop\Articulate Quizmaker '09.lnk - C:\Program Files (x86)\Articulate\Articulate Quizmaker\Quizmaker.exe
C:\Users\Public\Desktop\Articulate Video Encoder '09.lnk - C:\Program Files (x86)\Articulate\Articulate Video Encoder\videoencoder.exe
C:\Users\Public\Desktop\Disk Burner.lnk - C:\Program Files (x86)\Disk Burner\DiskBurner.exe
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\Google SketchUp 8.lnk - C:\Program Files (x86)\Google\Google SketchUp 8\SketchUp.exe
C:\Users\Public\Desktop\Groove-Stream.lnk - C:\Program Files (x86)\Groove-Stream\Groove-Stream.exe
C:\Users\Public\Desktop\Logitech Webcam Software  .lnk - C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\Public\Desktop\MyDefrag.lnk - C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\opera.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\Public\Desktop\PowerISO.lnk - C:\Program Files (x86)\PowerISO\PowerISO.exe
C:\Users\Public\Desktop\QuickBooks Pro 2009.lnk - C:\Program Files (x86)\Intuit\QuickBooks 2009\QBW32Pro.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\RadioGet.lnk - C:\Program Files (x86)\RadioGet\RadioGet.exe
C:\Users\Public\Desktop\RipTiger.lnk - C:\Program Files (x86)\RipTiger\RipTiger.exe
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe
C:\Users\Public\Desktop\SoundTaxi CDRipper.lnk - C:\Program Files (x86)\SoundTaxi\CDRipper.exe
C:\Users\Public\Desktop\SoundTaxi Endless Music Player.lnk - C:\Program Files (x86)\SoundTaxi Endless Music Player\EndlessMusicPlayer.exe
C:\Users\Public\Desktop\SoundTaxi Media Suite.lnk - C:\Program Files (x86)\SoundTaxi Media Suite\STMediaSuite.exe
C:\Users\Public\Desktop\SoundTaxi.lnk - C:\Program Files (x86)\SoundTaxi\SoundTaxi.exe
C:\Users\Public\Desktop\The Weather Channel App.lnk - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Users\Public\Desktop\TuneGet.lnk - C:\Program Files (x86)\TuneGet\TuneGet.exe
C:\Users\Public\Desktop\UltraCompare.lnk - C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\uc.exe
C:\Users\Public\Desktop\UltraEdit.lnk - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe

==== shortcuts in Users Start Menu ======================

C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Screen To Video.lnk - C:\Program Files (x86)\Free Screen To Video\FreeScreenVideo.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Amazon Cloud Player.lnk - C:\Users\elizabeyta\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player\Uninstall Amazon Cloud Player.lnk - C:\Users\elizabeyta\AppData\Local\Amazon Cloud Player\Uninstall.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coachfx\coachfx Uninstaller.lnk - C:\Windows\coachfx Uninstaller.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coachfx\coachfx.lnk - C:\Program Files (x86)\coachfx\CoachFX.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DictAddon\Uninstall.lnk - C:\Users\elizabeyta\AppData\Roaming\DictAddon\uninst.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk - C:\Program Files (x86)\LogMeIn\x64\LogMeInToolkit.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\opera.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN

==== shortcuts in Quick Launch ======================

C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\mp4UI.lnk - C:\Program Files (x86)\mp4UI\mp4UI.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\1Step DVD Copy.lnk - C:\Program Files (x86)\1Step DVD Copy\1StepDVDCopy.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Disk Burner.lnk - C:\Program Files (x86)\Disk Burner\DiskBurner.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Screen To Video.lnk - C:\Program Files (x86)\Free Screen To Video\FreeScreenVideo.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\mp4UI.lnk - C:\Program Files (x86)\mp4UI\mp4UI.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RadioGet.lnk - C:\Program Files (x86)\RadioGet\RadioGet.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\RipTiger.lnk - C:\Program Files (x86)\RipTiger\RipTiger.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SoundTaxi Endless Music Player.lnk - C:\Program Files (x86)\SoundTaxi Endless Music Player\EndlessMusicPlayer.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SoundTaxi Media Suite.lnk - C:\Program Files (x86)\SoundTaxi Media Suite\STMediaSuite.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SoundTaxi.lnk - C:\Program Files (x86)\SoundTaxi\SoundTaxi.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\TuneGet.lnk - C:\Program Files (x86)\TuneGet\TuneGet.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UltraCompare.lnk - C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\uc.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UltraEdit.lnk - C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Audacity®, the Free, Cross-Platform Sound Editor.lnk -  
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Desk 365.lnk - C:\Program Files (x86)\Desk 365\desk365.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Foxit PhantomPDF - Shortcut.lnk - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\Foxit PhantomPDF.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\MetadataMover.lnk - D:\installCdrive\software\articulate\mp4MetadataMover0.9\MetadataMover\MetadataMover.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\mp4 fast start 1.0.0.1 for Windows             .lnk - D:\installCdrive\software\articulate\mp4 FastStart\MP4 FastStart.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\pixie.exe - Shortcut.lnk - D:\downloads\pixie.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\RipTiger - Shortcut.lnk - C:\Program Files (x86)\RipTiger\RipTiger.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snagit.lnk - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VLC media player.lnk - C:\Program Files (x86)\vlc-2.0.6\vlc.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Amazon Cloud Player.lnk - C:\Users\elizabeyta\AppData\Local\Amazon Cloud Player\Amazon Cloud Player.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Users\elizabeyta\Desktop\Minecraft.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://do-search.com/?type=sc&ts=1384824702&from=mp3&uid=INTELXSSDSC2CW120A3_CVCV237605AN120BGN
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad++.lnk - C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\mp4UI.lnk - C:\Program Files (x86)\mp4UI\mp4UI.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Opera.lnk - C:\Program Files (x86)\Opera\opera.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\opera.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\elizabeyta\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539} deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: DictAddon - {F59C837E-D064-4AF4-9126-7F60D8B3218E} - C:\Users\elizabeyta\AppData\Roaming\DictAddon\temp.dat
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LogMeIn Cubby] "C:\Users\elizabeyta\AppData\Roaming\cubby\cubby.exe" -hidden
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = elizabeyta\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.caminova.net/en/downloads/getmodule.aspx?lang=en
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=1007
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FreemakeVideoCapture - Freemake - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: GSService - Unknown owner - C:\Windows\SysWOW64\GSService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\elizabeyta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\elizabeyta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\elizabeyta\AppData\Local\Mozilla\Firefox\Profiles\0hb974hz.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\elizabeyta\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\ELIZAB~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Amazon"  not found

==== EOF on Tue 11/19/2013 at 14:17:24.65 ======================
 

 

Thanks,

Liz



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:28 AM

Posted 20 November 2013 - 01:58 PM

Hi [b]Elizabeyta[/b]

Before we continue fixing the machine please can you tell me if this is a personnal or works computer?

If its a Work computer do you have permission to be fixing this?


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 elizabeyta

elizabeyta
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 20 November 2013 - 02:04 PM

I use it for both and yes I have permission to fix.



#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:28 AM

Posted 20 November 2013 - 03:25 PM

Hi elizabeyta

Please can you stop downloading applications unless instructed by me intill we get your machine clean as they seems to be alot of download activity that will reverse the progress we need to make. Thank you for understanding !

Step 1

We need to re-run Zoek

Please make sure all Browsers are closed before running this.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Unzip the folder (Right Click > Extract all > Next > Next > Make sure Show Extracted Files is tick and Click Finish ).
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !

    C:\Users\elizabeyta\AppData\Local\Temp\tmpD445\;f
    C:\Users\elizabeyta\AppData\Roaming\Oxy\;f
    C:\Windows\SysNative\tasks\Oxy;f
    emptyalltemp;
    standardsearch;
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).

Please post the logfile for further review in your next reply

 

Step 2

More information about Installing and run Combofix can be found HERE

Please download ComboFix from one of the following locations:

  • LINK 1
  • LINK 2
    **IMPORTANT! Save ComboFix to your Desktop. Read the following thoroughly
  • Close any open browsers.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on 'ComboFix.exe' & follow the prompts.
  • If ComboFix finds any Updates, Please allow ComboFix to run them.
  • ComboFix will now disconnect your computer from the Internet and start scanning for Malware so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection. please be patient.
  • When the scan finished, it will delete the malware found and reboot your computer automatically. Don't reboot your computer manually, let ComboFix do it.
  • Once your computer is rebooted, ComboFix will start preparing a log. Please let it do so unhindered.
  • If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

    Please include the contents of C:\ComboFix.txt in your next reply.

    Please Enable your Anti-virus Software again !!

    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. ComboFix may reset a number of Internet Explorer's settings, including making Internet Explorer the default browser.
    4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Edited by seedy21, 20 November 2013 - 03:26 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 elizabeyta

elizabeyta
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 20 November 2013 - 03:37 PM

I'm not downloading any applications. in fact, the ill computer has not been connected to the internet. I'm using a second computer to download the programs you're saying to use and transferring them to the computer that is ill. Then running the programs and posting the logs via the second computer. Does that seem to be a problem?



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:28 AM

Posted 20 November 2013 - 04:39 PM

Hi elizabeyta

Thats fine, thank you for explaining this to me.

Please continue with the step above and we will focus on getting the internet back on that machine soon.

Have you disconnected the machine from the internet? For example removed the cable or turned off the wifi?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 01 March 2014 - 02:09 PM

Due to the lack of feedback/inactivity, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 AM

Posted 01 March 2014 - 02:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users