Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tuvaro/ www-search.net redirect in Chrome, FF & IE


  • This topic is locked This topic is locked
10 replies to this topic

#1 drumr1829

drumr1829

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 23 March 2014 - 09:24 AM

Hi,

 

I'm working on a very infected client's pc and was able to remove 2700+ infections/ malware via malwarebytes, combofix & tdsskiller.

 

So far, it looks pretty good but the tuvaro/ www-search.net redirect is persistant.  I changed my home page on FF to Google.com.  It will work fine for a bit...even after a restart but this morning I opened up FF again and it went back to the Tuvaro home page.  Chrome, I was able to get working....but soon after it changes back to www-search.net and crashes Chrome (Chrome encountered an error & needs to close), so I'm unable to get back into it even after a uninstall/ reinstall.  I've left Chrome uninstalled for now.  I'm hoping to get rid of this infection once and for all!

 

Below are the DDS logs and attached is the Attach.txt from DDS.  Thanks for the help!

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540
Run by Luis at 10:11:13 on 2014-03-23
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3837.1362 [GMT -4:00]
.
AV: Norton 360 Premier Edition *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\ProgramData\MediaDev\1394488259\mediadev.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\ProgramData\UpdateServer\1395498996\webdev.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Savings Champion\FrameworkEngine.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uProxyServer = hxxp=127.0.0.1:8877;https=127.0.0.1:8877
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: {6492E171-2427-4932-B414-33574A089F5E} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Savings Champion BHO: {E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} - C:\Program Files (x86)\Savings Champion\FrameworkBHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [mobilegeni daemon] "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
mRun: [Malwarebytes Anti-Exploit] "C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\System32\config\systemprofile\AppData\Roaming\SearchProtect"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FB37AFE3-1F70-4714-B4FC-6A14B2D95A8D} : DHCPNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480

\Program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: {11111111-1111-1111-1111-110511331160} - <orphaned>
x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - <orphaned>
x64-BHO: {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - <orphaned>
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Savings Champion BHO: {E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} - C:\Program Files (x86)\Savings Champion\FrameworkBHO64.dll
x64-BHO: {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - <orphaned>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\
FF - prefs.js: browser.startup.homepage - about:newtab
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\Luis\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Luis\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-10-14 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-10-14 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20140214.001\BHDrvx64.sys

[2014-2-24 1526488]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-10-14 169048]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-3-22 62168]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20140314.001\IDSviA64.sys [2014

-3-16 524504]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-10-14 224416]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symtdiv.sys [2013-10-14 457304]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

[2008-9-26 27632]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe [2008-10-15 89088]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-3-22 319288]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-12-29 517632]
R2 MediaDevSrv;MediaDevSrv;C:\ProgramData\MediaDev\1394488259\mediadev.exe [2014-3-10 368960]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-10-14 144368]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-23 365952]
R2 sbmntr;SBMNTR;C:\PROGRA~2\YTDOWN~1\sbmntr.sys [2013-12-20 58216]
R2 SMUpd;Search Module Update;C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2014-3-4 2541928]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-9-29 185640]
R2 WinDevSrv;WinDevSrv;C:\ProgramData\UpdateServer\1395498996\webdev.exe [2014-3-22 368960]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-3-16 137648]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
R3 SMUpdd;Search Module UpdateD;C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [2014-3-4 41320]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-2-19 26168]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18

138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2012-6-26 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2012-6-26 71168]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319

\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-19

89920]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 28464]
S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 290832]
S4 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-9-29 206120]
S4 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-24 296320]
S4 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-24 116096]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-22 19:08:48    290304    ----a-w-    C:\Windows\SysWow64\subinacl.exe
2014-03-22 17:59:30    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-22 17:59:30    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-22 15:59:10    119000    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-22 15:58:45    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-23 07:12:29    17847808    ----a-w-    C:\Windows\System32\mshtml.dll
2014-02-23 06:54:58    2334720    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-23 06:52:45    10926592    ----a-w-    C:\Windows\System32\ieframe.dll
2014-02-23 06:48:43    1347072    ----a-w-    C:\Windows\System32\urlmon.dll
2014-02-23 06:48:31    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-23 06:46:42    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-23 06:46:20    237056    ----a-w-    C:\Windows\System32\url.dll
2014-02-23 06:46:08    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2014-02-23 06:45:36    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:32    816640    ----a-w-    C:\Windows\System32\jscript.dll
2014-02-23 06:45:27    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-23 06:44:57    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2014-02-23 06:44:57    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2014-02-23 06:44:14    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2014-02-23 06:44:02    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-23 06:43:22    248320    ----a-w-    C:\Windows\System32\ieui.dll
2014-02-23 05:50:22    12347904    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2014-02-23 05:47:19    1806848    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:43:55    9739264    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2014-02-23 05:41:03    1105408    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2014-02-23 05:40:18    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:15    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2014-02-23 05:38:08    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2014-02-23 05:38:08    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49    421376    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:37:28    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2014-02-23 05:37:12    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2014-02-23 05:37:09    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2014-02-23 05:36:31    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2014-02-23 05:36:22    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-23 05:35:49    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2014-02-07 12:11:49    2776064    ----a-w-    C:\Windows\System32\win32k.sys
2014-02-03 13:20:59    619008    ----a-w-    C:\Windows\System32\qedit.dll
2014-02-03 10:37:54    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-01-30 10:12:47    1111040    ----a-w-    C:\Windows\System32\wer.dll
2014-01-30 07:46:58    876032    ----a-w-    C:\Windows\SysWow64\wer.dll
.
============= FINISH: 10:12:40.05 ===============
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:56 AM

Posted 23 March 2014 - 10:53 AM

Hello drumr1829,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 drumr1829

drumr1829
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 23 March 2014 - 12:49 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Luis (administrator) on LUIS-PC on 23-03-2014 13:43:35
Running from C:\Users\Luis\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe
(Agere Systems) C:\Windows\system32\agr64svc.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
() C:\ProgramData\MediaDev\1394488259\mediadev.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
() C:\Program Files (x86)\SMINST\BLService.exe
(Search Module Ltd.) C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe
() C:\ProgramData\UpdateServer\1395498996\webdev.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [246784 2008-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441344 2008-10-15] (IDT, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {67D7FE62-DD38-48E0-9480-A7D12163F62C} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {ED905251-EDB7-4CA0-AF39-1551C50BCE24} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E3Gzadku1,985b28e6-2617-4ace-8fc8-3163f00ae8e9,&q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E3Gzadku1,985b28e6-2617-4ace-8fc8-3163f00ae8e9,&q={searchTerms}
BHO: No Name - {11111111-1111-1111-1111-110511331160} -  No File
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: No Name - {93DBF2BB-A2B3-4683-A92E-57E60751F346} -  No File
BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -  No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Savings Champion BHO - {E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} - C:\Program Files (x86)\Savings Champion\FrameworkBHO64.dll ()
BHO: No Name - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: No Name - {6492E171-2427-4932-B414-33574A089F5E} -  No File
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Savings Champion BHO - {E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} - C:\Program Files (x86)\Savings Champion\FrameworkBHO.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.TelevisionFanatic.com/Plugin - C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.16 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.16 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.16 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Luis\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\searchplugins\Web Search.xml
FF Extension: Object Browser - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2014-03-22]
FF Extension: Snap.Do  - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{2bf3169c-c128-7892-58eb-87333673f601} [2014-03-16]
FF Extension: Savings Champion - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{3197FA33-0DDE-3EC7-34CE-451660AEB38C} [2014-03-15]
FF Extension: Coupon Server - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607} [2014-02-09]
FF Extension: Shopper-Pro - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-03-15]
FF Extension: Value Apps - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-16]
FF Extension: SnapDo - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\firefox@splashurl.com.xpi [2014-03-22]
FF Extension: FreeHDSport.TV - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\freehdsport@freehdsport.tv.xpi [2012-10-07]
FF Extension: Adblock Plus - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-21]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF [2013-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [lesstabs@lesstabs.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Luis\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Luis\AppData\Roaming\Move Networks [2009-12-12]
FF HKCU\...\Firefox\Extensions: [singalong@xenophesoft.com] - C:\Program Files (x86)\SingAlong\FF\
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - C:\Program Files (x86)\SingAlong\Chrome.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [hgbjigogbpggnhcicdeanggmdfknglid] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1238\ch\MediaViewV1alpha1238.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-10-14]

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe [89088 2008-10-15] (Andrea Electronics Corporation)
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-03-17] (Alcatel-Lucent)
R2 MediaDevSrv; C:\ProgramData\MediaDev\1394488259\mediadev.exe [368960 2014-03-10] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2541928 2014-03-04] (Search Module Ltd.)
S4 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-29] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe [279040 2008-10-15] (IDT, Inc.)
S4 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-29] (SupportSoft, Inc.)
S4 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-09-24] ()
S4 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-09-24] ()
R2 WinDevSrv; C:\ProgramData\UpdateServer\1395498996\webdev.exe [368960 2014-03-22] ()
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-03-14] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20140314.001\IDSvia64.sys [524504 2014-03-09] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140315.009\ENG64.SYS [126040 2014-03-14] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140315.009\EX64.SYS [2099288 2014-03-14] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58216 2013-12-20] (YTDownloader)
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-04] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 13:43 - 2014-03-23 13:43 - 00022454 _____ () C:\Users\Luis\Downloads\FRST.txt
2014-03-23 13:43 - 2014-03-23 13:43 - 00000000 ____D () C:\FRST
2014-03-23 13:42 - 2014-03-23 13:42 - 02157056 _____ (Farbar) C:\Users\Luis\Downloads\FRST64.exe
2014-03-23 10:15 - 2014-03-23 10:26 - 00011222 _____ () C:\Users\Luis\Downloads\Attach.txt
2014-03-23 10:15 - 2014-03-23 10:15 - 00018848 _____ () C:\Users\Luis\Downloads\DDS.txt
2014-03-23 10:14 - 2014-03-23 10:14 - 00011221 _____ () C:\Users\Luis\Desktop\attach.txt
2014-03-23 10:14 - 2014-03-23 10:12 - 00018848 _____ () C:\Users\Luis\Desktop\dds.txt
2014-03-23 10:10 - 2014-03-23 10:10 - 00688992 ____R (Swearware) C:\Users\Luis\Downloads\dds.com
2014-03-23 10:02 - 2014-03-23 10:02 - 00000000 ____D () C:\SUPERDelete
2014-03-23 09:59 - 2014-03-23 09:59 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-23 09:58 - 2014-03-23 09:58 - 18435176 _____ (SUPERAntiSpyware) C:\Users\Luis\Downloads\SAS_818D1.EXE
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 17:21 - 2014-03-22 17:21 - 00282880 _____ (Mozilla) C:\Users\Luis\Downloads\Firefox Setup Stub 28.0.exe
2014-03-22 16:57 - 2014-03-23 12:12 - 00019052 _____ () C:\Windows\PFRO.log
2014-03-22 14:27 - 2014-03-22 15:10 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-22 14:27 - 2014-03-22 14:27 - 00000000 ____D () C:\Users\Luis\AppData\Local\Anvisoft
2014-03-22 14:13 - 2014-03-22 14:13 - 00265752 _____ (Secure By Design Inc.) C:\Users\Luis\Downloads\Ninite Chrome Installer.exe
2014-03-22 13:37 - 2014-03-22 16:49 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-22 13:37 - 2014-03-22 15:08 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-22 12:50 - 2014-03-22 12:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-22 11:59 - 2014-03-22 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-22 11:59 - 2014-03-22 11:59 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-22 11:58 - 2014-03-22 12:49 - 00000000 ____D () C:\Users\Luis\Desktop\mbar
2014-03-22 11:58 - 2014-03-22 11:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-22 11:51 - 2014-03-22 11:51 - 00046098 _____ () C:\ComboFix.txt
2014-03-22 10:36 - 2014-03-22 10:36 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-03-22 10:29 - 2014-03-22 10:29 - 00000000 ____D () C:\Windows\pss
2014-03-21 16:53 - 2014-03-21 16:53 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-21 16:53 - 2014-03-21 16:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 16:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-16 16:20 - 2014-03-16 16:20 - 00000000 ____D () C:\Users\Luis\AppData\Local\HistoryCleaner
2014-03-16 16:14 - 2014-03-22 15:12 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-03-16 16:13 - 2014-03-16 16:13 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-16 16:11 - 2014-03-16 16:11 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-16 11:49 - 2014-03-22 10:34 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-03-16 11:49 - 2014-03-16 11:49 - 00000971 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-03-16 11:49 - 2014-03-16 11:49 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\FastMediaConverter
2014-03-16 11:28 - 2014-03-16 11:28 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Compete
2014-03-16 10:11 - 2014-03-16 10:11 - 00002304 _____ () C:\{45864454-B5A0-4020-9894-004C822D2523}
2014-03-16 10:09 - 2014-03-16 10:09 - 00002408 _____ () C:\{23F1EC39-4957-4671-9D21-21FC979B832B}
2014-03-16 10:03 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 10:03 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 10:03 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 10:03 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 10:03 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 10:03 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 10:03 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-16 10:03 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 10:03 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-16 10:03 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-16 10:03 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 10:03 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 10:03 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 10:03 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 10:03 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-16 10:03 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 10:03 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 10:03 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 10:03 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 10:03 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 10:03 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 10:03 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 10:03 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-16 10:03 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 10:03 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-16 10:03 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 10:03 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-16 10:03 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 11:29 - 2014-03-22 00:25 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-03-15 11:29 - 2014-03-15 11:29 - 00004530 _____ () C:\Windows\System32\Tasks\hdtotal1.1-updater
2014-03-15 11:29 - 2014-03-15 11:29 - 00004384 _____ () C:\Windows\System32\Tasks\hdtotal1.1-enabler
2014-03-15 11:29 - 2014-03-15 11:29 - 00003242 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-15 11:29 - 2014-03-15 11:29 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-03-15 11:28 - 2014-03-15 11:29 - 00004484 _____ () C:\Windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-15 11:27 - 2014-03-16 16:12 - 00004808 _____ () C:\Windows\System32\Tasks\iWebar-updater
2014-03-15 11:27 - 2014-03-16 16:12 - 00004764 _____ () C:\Windows\System32\Tasks\iWebar-codedownloader
2014-03-15 11:27 - 2014-03-16 16:12 - 00004642 _____ () C:\Windows\System32\Tasks\iWebar-enabler
2014-03-15 11:26 - 2014-03-16 16:11 - 00003718 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-03-15 11:25 - 2014-03-16 16:11 - 00004234 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323939383733323831302d3437415a556c2a3223346c41
2014-03-15 11:25 - 2014-03-16 16:11 - 00003822 _____ () C:\Windows\System32\Tasks\Smp
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-03-15 11:24 - 2014-03-16 16:11 - 00004500 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-03-15 11:24 - 2014-03-16 16:11 - 00003564 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-03-15 11:24 - 2014-03-15 11:24 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-15 11:23 - 2014-03-15 11:24 - 00000157 _____ () C:\Users\Luis\AppData\Roaming\aps.uninstall.scan.results
2014-03-15 11:21 - 2014-03-15 11:21 - 00000000 ____D () C:\Users\Luis\AppData\Local\CrashRpt
2014-03-15 11:21 - 2014-03-15 11:21 - 00000000 ____D () C:\Program Files (x86)\Savings Champion
2014-03-15 11:20 - 2014-03-22 16:23 - 00000000 ____D () C:\Users\Luis\AppData\Local\Savings Champion
2014-03-15 11:20 - 2014-03-15 11:20 - 00000000 ____D () C:\Program Files (x86)\Ainishare
2014-03-15 10:41 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 10:41 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-15 10:41 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-15 10:41 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-15 10:40 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 10:40 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 10:40 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-15 09:28 - 2014-03-22 00:59 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-10 20:36 - 2014-03-21 23:29 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\VOPackage
2014-03-10 20:36 - 2014-03-10 20:36 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-03-10 20:35 - 2014-03-10 20:35 - 00003962 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2014-03-10 20:35 - 2014-03-10 20:35 - 00003710 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2014-03-10 20:35 - 2014-03-10 20:35 - 00003048 _____ () C:\Windows\System32\Tasks\ClickAndMark Update
2014-03-10 20:34 - 2014-03-15 11:19 - 00000854 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ISTCleaner.lnk
2014-03-10 20:34 - 2014-03-10 20:35 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\istcleaner
2014-03-10 20:34 - 2014-03-10 20:34 - 00002992 _____ () C:\Windows\System32\Tasks\ClickAndMark_wd
2014-03-10 20:34 - 2014-03-10 20:34 - 00000000 ____D () C:\Program Files (x86)\ISTCleaner
2014-03-10 18:09 - 2014-03-10 18:09 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-03-10 17:59 - 2014-03-10 17:59 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 17:50 - 2014-03-16 10:35 - 00000000 ____D () C:\ProgramData\MediaDev
2014-03-10 17:45 - 2014-03-10 17:45 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-03-09 15:07 - 2014-03-10 17:51 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-02-24 16:15 - 2014-03-16 11:06 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro

==================== One Month Modified Files and Folders =======

2014-03-23 13:43 - 2014-03-23 13:43 - 00022454 _____ () C:\Users\Luis\Downloads\FRST.txt
2014-03-23 13:43 - 2014-03-23 13:43 - 00000000 ____D () C:\FRST
2014-03-23 13:42 - 2014-03-23 13:42 - 02157056 _____ (Farbar) C:\Users\Luis\Downloads\FRST64.exe
2014-03-23 13:17 - 2009-01-14 11:08 - 01403318 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 12:52 - 2012-07-08 23:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 12:45 - 2010-01-29 13:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 12:19 - 2009-02-19 13:32 - 00001129 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-23 12:19 - 2009-02-19 13:31 - 00001135 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 12:19 - 2006-11-02 08:46 - 00703516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 12:13 - 2010-01-29 13:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 12:13 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 12:13 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 12:13 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 12:12 - 2014-03-22 16:57 - 00019052 _____ () C:\Windows\PFRO.log
2014-03-23 12:11 - 2006-11-02 11:42 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 10:26 - 2014-03-23 10:15 - 00011222 _____ () C:\Users\Luis\Downloads\Attach.txt
2014-03-23 10:15 - 2014-03-23 10:15 - 00018848 _____ () C:\Users\Luis\Downloads\DDS.txt
2014-03-23 10:14 - 2014-03-23 10:14 - 00011221 _____ () C:\Users\Luis\Desktop\attach.txt
2014-03-23 10:12 - 2014-03-23 10:14 - 00018848 _____ () C:\Users\Luis\Desktop\dds.txt
2014-03-23 10:10 - 2014-03-23 10:10 - 00688992 ____R (Swearware) C:\Users\Luis\Downloads\dds.com
2014-03-23 10:02 - 2014-03-23 10:02 - 00000000 ____D () C:\SUPERDelete
2014-03-23 10:02 - 2009-12-13 13:19 - 00000000 ____D () C:\Users\Luis\AppData\Local\The Weather Channel
2014-03-23 10:02 - 2008-10-23 05:10 - 00000000 ____D () C:\Program Files\AWS
2014-03-23 09:59 - 2014-03-23 09:59 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-23 09:58 - 2014-03-23 09:58 - 18435176 _____ (SUPERAntiSpyware) C:\Users\Luis\Downloads\SAS_818D1.EXE
2014-03-22 19:35 - 2009-02-21 14:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 17:23 - 2009-02-21 14:36 - 00000888 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 17:21 - 2014-03-22 17:21 - 00282880 _____ (Mozilla) C:\Users\Luis\Downloads\Firefox Setup Stub 28.0.exe
2014-03-22 17:19 - 2009-02-20 18:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-22 17:04 - 2009-02-20 18:34 - 00000000 ____D () C:\Users\Luis\AppData\Local\Google
2014-03-22 16:49 - 2014-03-22 13:37 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-22 16:49 - 2014-02-09 15:39 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-03-22 16:23 - 2014-03-15 11:20 - 00000000 ____D () C:\Users\Luis\AppData\Local\Savings Champion
2014-03-22 15:12 - 2014-03-16 16:14 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-03-22 15:10 - 2014-03-22 14:27 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-22 15:08 - 2014-03-22 13:37 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-22 14:51 - 2012-01-15 19:00 - 00000000 ____D () C:\Users\Luis\AppData\Local\CrashDumps
2014-03-22 14:45 - 2012-11-04 23:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-22 14:45 - 2009-11-26 22:08 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 14:45 - 2009-02-21 13:46 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Skype
2014-03-22 14:36 - 2012-10-07 15:59 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
2014-03-22 14:36 - 2011-02-27 16:36 - 00000000 ____D () C:\Users\Luis\Desktop\WDM
2014-03-22 14:36 - 2009-02-19 13:24 - 00000000 ____D () C:\Users\Luis
2014-03-22 14:36 - 2008-10-23 03:22 - 00000000 ____D () C:\Windows\panther
2014-03-22 14:32 - 2011-02-02 21:06 - 00001704 _____ () C:\Users\Luis\Desktop\Click for Verizon Wi-Fi Setup.lnk
2014-03-22 14:27 - 2014-03-22 14:27 - 00000000 ____D () C:\Users\Luis\AppData\Local\Anvisoft
2014-03-22 14:13 - 2014-03-22 14:13 - 00265752 _____ (Secure By Design Inc.) C:\Users\Luis\Downloads\Ninite Chrome Installer.exe
2014-03-22 13:59 - 2012-07-08 23:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-22 13:59 - 2012-07-08 23:21 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-22 13:59 - 2012-01-15 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-22 13:55 - 2006-11-02 11:21 - 00315368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 13:54 - 2008-10-23 03:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-22 13:18 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-22 12:50 - 2014-03-22 12:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-22 12:50 - 2012-11-01 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 12:49 - 2014-03-22 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-22 12:49 - 2014-03-22 11:58 - 00000000 ____D () C:\Users\Luis\Desktop\mbar
2014-03-22 11:59 - 2014-03-22 11:59 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-22 11:58 - 2014-03-22 11:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-22 11:52 - 2012-11-01 15:13 - 00000000 ____D () C:\Qoobox
2014-03-22 11:51 - 2014-03-22 11:51 - 00046098 _____ () C:\ComboFix.txt
2014-03-22 11:47 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-22 11:47 - 2006-11-02 08:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-03-22 11:45 - 2014-02-09 19:34 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-03-22 10:42 - 2012-10-20 23:16 - 00000000 ____D () C:\Program Files (x86)\Advanced System Optimizer 3
2014-03-22 10:36 - 2014-03-22 10:36 - 00000000 ____D () C:\ProgramData\UpdateServer
2014-03-22 10:34 - 2014-03-16 11:49 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-03-22 10:29 - 2014-03-22 10:29 - 00000000 ____D () C:\Windows\pss
2014-03-22 10:29 - 2009-02-19 13:31 - 00000000 ___RD () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 00:59 - 2014-03-15 09:28 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-22 00:59 - 2014-02-09 19:34 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-03-22 00:25 - 2014-03-15 11:29 - 00000000 ____D () C:\Program Files (x86)\SmartTweak
2014-03-22 00:20 - 2012-10-19 12:16 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Systweak
2014-03-21 23:40 - 2014-02-09 19:24 - 00000000 ____D () C:\ProgramData\Systweak
2014-03-21 23:29 - 2014-03-10 20:36 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\VOPackage
2014-03-21 23:29 - 2014-02-11 19:09 - 00000000 ____D () C:\a
2014-03-21 23:29 - 2014-02-09 19:34 - 00000000 ____D () C:\Users\Luis\AppData\Local\SwvUpdater
2014-03-21 23:29 - 2014-02-09 15:39 - 00000000 ____D () C:\Users\Luis\AppData\Local\genienext
2014-03-21 16:53 - 2014-03-21 16:53 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-21 16:53 - 2014-03-21 16:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 16:20 - 2014-03-16 16:20 - 00000000 ____D () C:\Users\Luis\AppData\Local\HistoryCleaner
2014-03-16 16:13 - 2014-03-16 16:13 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-16 16:12 - 2014-03-15 11:27 - 00004808 _____ () C:\Windows\System32\Tasks\iWebar-updater
2014-03-16 16:12 - 2014-03-15 11:27 - 00004764 _____ () C:\Windows\System32\Tasks\iWebar-codedownloader
2014-03-16 16:12 - 2014-03-15 11:27 - 00004642 _____ () C:\Windows\System32\Tasks\iWebar-enabler
2014-03-16 16:11 - 2014-03-16 16:11 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-16 16:11 - 2014-03-15 11:26 - 00003718 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-03-16 16:11 - 2014-03-15 11:25 - 00004234 _____ () C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323939383733323831302d3437415a556c2a3223346c41
2014-03-16 16:11 - 2014-03-15 11:25 - 00003822 _____ () C:\Windows\System32\Tasks\Smp
2014-03-16 16:11 - 2014-03-15 11:24 - 00004500 _____ () C:\Windows\System32\Tasks\ShopperPro
2014-03-16 16:11 - 2014-03-15 11:24 - 00003564 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2014-03-16 16:11 - 2006-11-02 09:33 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-16 15:47 - 2014-02-09 19:34 - 00003238 _____ () C:\Windows\System32\Tasks\bench-sys
2014-03-16 15:47 - 2014-02-09 19:34 - 00003214 _____ () C:\Windows\System32\Tasks\bench-S-1-5-21-1907794234-3787397731-298375424-1000
2014-03-16 11:49 - 2014-03-16 11:49 - 00000971 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-03-16 11:49 - 2014-03-16 11:49 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\FastMediaConverter
2014-03-16 11:28 - 2014-03-16 11:28 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Compete
2014-03-16 11:22 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-16 11:06 - 2014-02-24 16:15 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro
2014-03-16 10:38 - 2008-10-23 05:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 10:35 - 2014-03-10 17:50 - 00000000 ____D () C:\ProgramData\MediaDev
2014-03-16 10:11 - 2014-03-16 10:11 - 00002304 _____ () C:\{45864454-B5A0-4020-9894-004C822D2523}
2014-03-16 10:09 - 2014-03-16 10:09 - 00002408 _____ () C:\{23F1EC39-4957-4671-9D21-21FC979B832B}
2014-03-16 10:09 - 2009-10-09 20:49 - 00000680 _____ () C:\Users\Luis\AppData\Local\d3d9caps.dat
2014-03-15 11:29 - 2014-03-15 11:29 - 00004530 _____ () C:\Windows\System32\Tasks\hdtotal1.1-updater
2014-03-15 11:29 - 2014-03-15 11:29 - 00004384 _____ () C:\Windows\System32\Tasks\hdtotal1.1-enabler
2014-03-15 11:29 - 2014-03-15 11:29 - 00003242 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-15 11:29 - 2014-03-15 11:29 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SmartTweak Software
2014-03-15 11:29 - 2014-03-15 11:28 - 00004484 _____ () C:\Windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Program Files\Common Files\Goobzo
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-03-15 11:24 - 2014-03-15 11:24 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-15 11:24 - 2014-03-15 11:23 - 00000157 _____ () C:\Users\Luis\AppData\Roaming\aps.uninstall.scan.results
2014-03-15 11:21 - 2014-03-15 11:21 - 00000000 ____D () C:\Users\Luis\AppData\Local\CrashRpt
2014-03-15 11:21 - 2014-03-15 11:21 - 00000000 ____D () C:\Program Files (x86)\Savings Champion
2014-03-15 11:21 - 2014-02-09 19:34 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-15 11:20 - 2014-03-15 11:20 - 00000000 ____D () C:\Program Files (x86)\Ainishare
2014-03-15 11:19 - 2014-03-10 20:34 - 00000854 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ISTCleaner.lnk
2014-03-15 09:30 - 2013-05-19 21:48 - 00000258 __RSH () C:\Users\Luis\ntuser.pol
2014-03-10 20:36 - 2014-03-10 20:36 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-03-10 20:35 - 2014-03-10 20:35 - 00003962 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA
2014-03-10 20:35 - 2014-03-10 20:35 - 00003710 _____ () C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore
2014-03-10 20:35 - 2014-03-10 20:35 - 00003048 _____ () C:\Windows\System32\Tasks\ClickAndMark Update
2014-03-10 20:35 - 2014-03-10 20:34 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\istcleaner
2014-03-10 20:34 - 2014-03-10 20:34 - 00002992 _____ () C:\Windows\System32\Tasks\ClickAndMark_wd
2014-03-10 20:34 - 2014-03-10 20:34 - 00000000 ____D () C:\Program Files (x86)\ISTCleaner
2014-03-10 18:09 - 2014-03-10 18:09 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-03-10 18:00 - 2009-02-20 18:30 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 17:59 - 2014-03-10 17:59 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 17:59 - 2012-02-21 19:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-10 17:51 - 2014-03-09 15:07 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-03-10 17:45 - 2014-03-10 17:45 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-02-24 16:40 - 2010-01-29 13:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 16:40 - 2010-01-29 13:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 03:12 - 2014-03-16 10:03 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-16 10:03 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-16 10:03 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-16 10:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-16 10:03 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-16 10:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-16 10:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-16 10:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-16 10:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-16 10:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-16 10:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-16 10:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-16 10:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-16 10:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:44 - 2014-03-16 10:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:43 - 2014-03-16 10:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-16 10:03 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-16 10:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-16 10:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-16 10:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-16 10:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-16 10:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-16 10:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-16 10:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-16 10:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-16 10:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-16 10:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-16 10:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Files to move or delete:
====================
C:\Users\Luis\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\Luis\AppData\Local\Temp\dufgmr4c.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 12:21

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Luis at 2014-03-23 13:44:23
Running from C:\Users\Luis\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 Premier Edition (Enabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier Edition (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Ainishare Free Center (HKLM-x32\...\{CC86C6C4-7E7D-8447-BA9D-2FD7823E5754}_is1) (Version: 1.0.0 - Ainishare International LLC.)
AMD USB Audio Driver Filter (HKLM-x32\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{50CFD060-4267-0D82-C5A1-4C083110F34F}) (Version: 3.0.691.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.14 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2008.0917.337.4556 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Czech (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Danish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Dutch (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Finnish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization French (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization German (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Greek (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Italian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Japanese (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Korean (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Norwegian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Polish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Russian (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Spanish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Swedish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Thai (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Catalyst Control Center Localization Turkish (x32 Version: 2008.0917.337.4556 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Czech (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Danish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Dutch (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help English (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Finnish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help French (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help German (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Greek (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Italian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Japanese (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Korean (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Polish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Russian (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Spanish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Swedish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Thai (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
CCC Help Turkish (x32 Version: 2008.0917.0336.4556 - ATI) Hidden
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
ccc-utility64 (Version: 2008.0917.337.4556 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2126 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.2126 - CyberLink Corp.) Hidden
ESU for Microsoft Vista (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FastMediaConverter (HKLM-x32\...\FastMediaConverter) (Version: 1.0.30.0 - Applon)
FirstRowSportApp (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - FirstRowSportApp.com)
GEAR driver installer for x86 and x64 (x32 Version: 4.008.5 - GEAR Software) Hidden
GMI (HKLM-x32\...\{28507DEF-A8E9-4615-81C9-CBEEDD7623B5}) (Version: 1.00.0000 - GMI)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoSupportNow (HKLM-x32\...\TurboMeeting) (Version: 3.0.233 - RHUB Communications, Inc.)
GradeQuick Web Plugin (HKLM-x32\...\{0EB768CD-EF48-4C66-8BCB-2DA8166B2654}) (Version: 1.00.0000 - Edline)
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.64.0 - HP) Hidden
HP Active Support Library (x32 Version: 3.1.6.1 - Hewlett-Packard) Hidden
HP Doc Viewer (HKLM-x32\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.01.0005 - Hewlett-Packard)
HP Help and Support (HKLM-x32\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.0.2126 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 2.0.2126 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.0.2125 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 2.0.2125 - Hewlett-Packard) Hidden
HP MediaSmart SmartMenu (HKLM\...\{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}) (Version: 2.0.8 - Hewlett-Packard)
HP MediaSmart TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 2.0.0924 - Hewlett-Packard)
HP MediaSmart TV (x32 Version: 2.0.0924 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.0926 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 2.0.0926 - Hewlett-Packard) Hidden
HP MULTIPLE MODEM INSTALLER for VISTA (HKLM-x32\...\{45A136EC-88BF-4B95-99F5-C45D3930E1CC}) (Version: 1.0.0.30 - Hewlett Packard)
HP Quick Launch Buttons 6.40 H2 (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 H2 - Hewlett-Packard)
HP User Guides 0125 (HKLM-x32\...\{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}) (Version: 1.00.0000 - Hewlett-Packard)
HPTCSSetup (HKLM-x32\...\{30D3B7BC-5798-45D9-822D-05CA18F39E99}) (Version: 1.1.1955.2793 - Hewlett-Packard Company)
iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{80813829-BE27-4799-8BC7-2F75A7B6CB50}) (Version: 1.1.0 - Verizon)
InternetHelper3 Chrome Toolbar (HKLM-x32\...\InternetHelper3 Chrome Toolbar) (Version: 1.0.0.0 - )
ISTCleaner (HKLM-x32\...\ISTCleaner) (Version: 1.0.0.1 - ISTCleaner)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0919 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.0919 - CyberLink Corp.) Hidden
Lightspark 0.5.3-git (HKLM-x32\...\Lightspark) (Version: 0.5.3-git - Lightspark Team)
Logitech Desktop Messenger (HKLM-x32\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.54.11 - Logitech, Inc.)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.6.0.8 - Logitech) Hidden
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Move Media Player (HKCU\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)
NewPlayer (HKLM-x32\...\NewPlayer) (Version: v2.1.1.0 - TUGUU SL) <==== ATTENTION
Norton 360 Premier Edition (HKLM-x32\...\N360) (Version: 20.4.0.40 - Symantec Corporation)
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 5.1.0.26 - Symantec Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2119 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2119 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2119 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2119 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Savings Champion (HKLM-x32\...\38958_Savings Champion) (Version: 1.0 - Smart Apps)
Search module (HKLM-x32\...\Search module) (Version:  - Search Module)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - Silicon Laboratories)
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Slingbox - Watch Your TV Anywhere (HKLM-x32\...\{7B798B31-2F33-4DC8-BDA4-D36488E86636}) (Version: 1.0.0 - Sling Media)
SlingPlayer (HKLM-x32\...\InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}) (Version: 1.04.0206 - Sling Media)
SlingPlayer (x32 Version: 1.04.0206 - Sling Media) Hidden
Snap.Do (HKLM-x32\...\{F4F6F37C-8D19-4DAD-BF7B-0953133FD43F}) (Version: 11.20.1.15636 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{c2e9de1c-2c23-4b3b-9c11-59c6c6733c63}) (Version: 10.206.1.14585 - ReSoft Ltd.) <==== ATTENTION
SPORE Creature Creator Trial Edition (HKLM-x32\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Veetle TV 0.9.16 (HKLM-x32\...\Veetle TV) (Version: 0.9.16 - Veetle, Inc)
Verizon Download Manager (HKLM-x32\...\{8C0B406B-DF08-49EF-8702-FA45752C135F}) (Version: 9 - SupportSoft)
Verizon Help and Support Tool (HKLM-x32\...\Verizon Help and Support) (Version:  - )
Verizon Media Manager (HKLM-x32\...\Verizon Media Manager) (Version: 9.4.86 - Verizon)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vz In Home Agent (HKLM-x32\...\{A0524B49-9798-4EFB-A392-06C18BEC7432}) (Version: 8.02.27 - Verizon)
Watch Firmware Update Utility 1.0 (HKLM-x32\...\Watch Firmware Update Utility_is1) (Version: 1.0 - Watch Firmware Update Utility)
WeatherBug (HKLM-x32\...\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}) (Version: 7.0.0.11 - Earth Networks, Inc.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader)

==================== Restore Points  =========================

31-01-2014 21:16:22 Removed SpyHunter
31-01-2014 21:21:22 Removed SpyHunter
01-02-2014 19:55:12 Windows Update
09-02-2014 19:39:51 Installed WeatherBug
09-02-2014 22:55:14 Windows Update
09-02-2014 23:34:05 Uniblue SpeedUpMyPC installation
24-02-2014 21:24:35 Windows Modules Installer
24-02-2014 21:30:20 Windows Modules Installer
25-02-2014 08:01:24 Windows Update
02-03-2014 18:58:52 Windows Update
09-03-2014 17:57:07 Windows Update
10-03-2014 21:45:46 Windows Update
15-03-2014 14:35:39 Windows Update
16-03-2014 13:54:02 Windows Update
22-03-2014 14:47:21 Windows Update
22-03-2014 18:18:33 Removed Google Chrome
22-03-2014 18:19:57 Removed Google Chrome
22-03-2014 18:33:40 Anvi CSB 3.2
22-03-2014 18:51:57 Removed Google Chrome
22-03-2014 19:05:55 Removed Google Chrome
22-03-2014 19:11:03 Removed Privacy Dr
22-03-2014 21:17:20 Removed Google Chrome

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1199D5D7-7009-4AA4-B1A9-A47D42FA749C} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {128A9FDC-BB3F-4F3E-89D6-77CC58F04F76} - System32\Tasks\hdtotal1.1-enabler => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe
Task: {14D01987-C345-4D93-9948-94C2E02097D0} - System32\Tasks\hdtotal1.1-chromeinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe
Task: {151625EF-0902-4A8F-B52D-54A959D82B7B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {158E7850-AA58-4EBE-9BD2-B332794FD5E5} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {25CA0845-7B79-4F96-93D5-5466F71F0D56} - System32\Tasks\SMW_UpdateTask_Time_323939383733323831302d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
Task: {2992680D-B52F-4337-951D-AE20BC289FF4} - System32\Tasks\iWebar-updater => C:\Program Files (x86)\iWebar\iWebar-updater.exe
Task: {2F07D062-F61B-468A-B007-6124974332C9} - System32\Tasks\hdtotal1.1-updater => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe
Task: {3234317C-E556-48D8-B3CA-3CEE1DF07879} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {338D6197-54C8-4067-B390-B8348B8BB072} - System32\Tasks\ClickAndMark Update => C:\Program Files (x86)\click-n-mark-soft\cland.exe
Task: {38ED1324-5B25-4087-A9F4-D393826311DE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {3DE1C672-08C2-49DD-9F28-4AC2F5D2625C} - System32\Tasks\hdtotal1.1-firefoxinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe
Task: {41D845AF-61E6-45C3-A798-739EE8E3542F} - System32\Tasks\bench-S-1-5-21-1907794234-3787397731-298375424-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {492E796A-D5BF-46B8-988D-97B04D502F26} - System32\Tasks\iWebar-enabler => C:\Program Files (x86)\iWebar\iWebar-enabler.exe <==== ATTENTION
Task: {53E1519D-2B83-4B4C-B60D-0DBB955F2D16} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5A73EB1B-06AC-4A19-9D45-A705F62CCC0A} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {5E60CD44-0247-4997-8E11-F5E9C4843725} - System32\Tasks\iWebar-codedownloader => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe
Task: {5FA5C0D5-679D-405F-8E63-27C77C3EBE03} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
Task: {6B68D569-84F4-488C-B548-F6519C7F2250} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
Task: {70EF74F7-2B09-4DC6-A139-EFCBC4D8FDC3} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {756B6C3D-0382-4A3E-91B4-6F9F4589CE8A} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7DA687F7-A75C-4D47-AD29-692678365D5C} - System32\Tasks\hdtotal1.1-codedownloader => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe
Task: {8F9648F8-F3B1-4721-92F2-86AA6152E8B4} - System32\Tasks\iWebar-firefoxinstaller => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe
Task: {9BCFE4E8-A98C-4117-B858-210D05312745} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {9D8AC548-F332-4CC1-85EC-4D34BC01AE66} - System32\Tasks\ClickAndMark_wd => C:\Program Files (x86)\click-n-mark-soft\ClickAndMark_wd.exe
Task: {A92BE9E5-3164-485C-B157-4DFC3E39B51C} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {BA1974D0-F49A-4457-880A-71B766526EA5} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
Task: {BC047733-3241-4447-BCD7-136066575CF7} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {C9938215-DFA8-4906-B9E3-FFE2BEC8B60C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29] (Google Inc.)
Task: {CC6A481C-1DB5-4BC6-9F51-38E286EEF67E} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
Task: {CF3F3D8A-34D7-46E2-9FCA-2C50517A8663} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {D2B551F6-6F10-405B-AFA2-CADCB2717B3D} - System32\Tasks\iWebar-chromeinstaller => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe
Task: {D3793043-5ACB-46FD-A893-FB14CA49F201} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {D4371C74-5B51-431B-A559-5E514102F1BD} - System32\Tasks\AmiUpdXp => C:\Users\Luis\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: {DCCD69EF-196E-4CD3-9046-EE92531F83E1} - System32\Tasks\GreatArcadeHits => C:\Users\Luis\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {E2F2F352-5968-47C4-A96E-ED0374D755B2} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {E577B489-1414-46B7-925B-8F341939392E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-22] (Adobe Systems Incorporated)
Task: {E5E76217-641B-43DF-87DC-7BA85B7FDBD5} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16] (Hewlett-Packard)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F62FC9CB-28C4-4C5B-8787-F4F4239B3721} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Luis\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {F63AAE60-F707-460B-91C9-4C37CA3BB5E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F6C1F5DF-A690-412F-BF98-E608195A2848} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-01-16] ()
Task: {F9FE6380-E07F-4E7B-A874-8AE5EE0B54B0} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {FEC6987B-2FCB-4D18-8F16-8E6471B9F844} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{20074242-7360-4F7D-BFC9-0074ECF5C101}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 14:47 - 2013-10-31 14:47 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2008-09-16 23:16 - 2008-09-16 23:16 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2014-03-10 17:50 - 2014-03-10 17:51 - 00368960 _____ () C:\ProgramData\MediaDev\1394488259\mediadev.exe
2008-10-23 05:15 - 2008-10-06 12:54 - 00365952 _____ () C:\Program Files (x86)\SMINST\BLService.exe
2014-03-22 10:36 - 2014-03-22 10:36 - 00368960 _____ () C:\ProgramData\UpdateServer\1395498996\webdev.exe
2012-12-11 15:30 - 2012-12-11 15:30 - 00061496 _____ () C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
2008-10-23 05:15 - 2008-10-06 12:54 - 00132480 _____ () C:\Program Files (x86)\SMINST\STWmiM.dll
2013-10-14 14:41 - 2012-05-30 10:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.4.0.40\wincfi39.dll
2014-03-04 04:39 - 2014-03-04 04:39 - 00526184 _____ () C:\Program Files\Common Files\Goobzo\GBUpdate\smfi32.dll
2012-01-15 17:42 - 2014-03-15 04:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-14 14:41 - 2012-05-30 10:51 - 00699280 ____R () C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HP Health Check Service => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sprtsvc_verizondm => 2
MSCONFIG\Services: tgsrvc_verizondm => 2
MSCONFIG\Services: TVCapSvc => 2
MSCONFIG\Services: TVSched => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FastMediaConverter.lnk => C:\Windows\pss\FastMediaConverter.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mobilegeni daemon => "C:\Program Files (x86)\Mobogenie\DaemonProcess.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MSCONFIG\startupreg: SpeedUpMyPC => "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Weather => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2014 00:14:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 00:11:27 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (03/22/2014 10:44:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 07:37:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 05:15:25 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 33.0.1750.154, time stamp 0x5323921f, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x0004e45a,
process id 0xdcc, application start time 0xchrome.exe0.

Error: (03/22/2014 05:14:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 04:58:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2014 03:04:56 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 33.0.1750.154, time stamp 0x5323921f, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x00053271,
process id 0x128, application start time 0xchrome.exe0.

Error: (03/22/2014 03:04:27 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 33.0.1750.154, time stamp 0x5323921f, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e00, exception code 0xc0000005, fault offset 0x0004e45a,
process id 0x100, application start time 0xchrome.exe0.

Error: (03/22/2014 03:00:29 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LUIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\COOBGPOHOIKKIIPIBLMJELJNIEDJPJPF\0.0.0.19_0> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)


System errors:
=============
Error: (03/23/2014 00:14:20 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/22/2014 10:44:44 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/22/2014 07:37:09 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/22/2014 07:37:08 PM) (Source: Service Control Manager) (User: )
Description: Apple Mobile Device%%1053

Error: (03/22/2014 07:37:08 PM) (Source: Service Control Manager) (User: )
Description: 30000Apple Mobile Device

Error: (03/22/2014 05:14:18 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/22/2014 04:58:57 PM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (03/22/2014 04:58:30 PM) (Source: netbt) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.103.
The computer with the IP address 192.168.1.132 did not allow the name to be claimed by
this computer.

Error: (03/22/2014 04:58:14 PM) (Source: Microsoft-Windows-ResourcePublication) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer

Error: (03/22/2014 04:48:57 PM) (Source: Service Control Manager) (User: )
Description: Windows Search1300001Restart the service


Microsoft Office Sessions:
=========================
Error: (04/12/2013 00:42:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 810 seconds with 540 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-23 13:44:13.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 13:44:13.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 13:44:12.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 13:44:11.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 13:44:10.566
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 13:44:09.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 13:44:08.701
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 13:44:07.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 10:06:39.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-23 10:06:38.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3836.89 MB
Available physical RAM: 1870.65 MB
Total Pagefile: 7902.3 MB
Available Pagefile: 5858.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:219.97 GB) (Free:125.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: C30A9079)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:56 AM

Posted 23 March 2014 - 01:42 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   10.45KB   22 downloads

 

2.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.

  • Once the scan completes click the Clean button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.

 

3.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

Things to include in your next reply::

Fixlog.txt

AdwCleaner log

JRt.txt

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 drumr1829

drumr1829
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 23 March 2014 - 02:40 PM

Hi,

 

The pc seems to be working ok (and did for the most part before the scans).  But I had left Google Chrome uninstalled because I coulnd't get it to work properly and consistantely.  May I try reinstalling Chrome and then doing a reboot to see if there's anymore issues with it?  The FF Tuvaro redirect did not appear until the next day.  Following are the log files requested.  Thanks!

 

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Luis at 2014-03-23 15:05:09 Run:1
Running from C:\Users\Luis\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {ED905251-EDB7-4CA0-AF39-1551C50BCE24} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E3Gzadku1,985b28e6-2617-4ace-8fc8-3163f00ae8e9,&q={searchTerms}
SearchScopes: HKCU - {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = http://www-search.net/search.aspx?s=E3Gzadku1,985b28e6-2617-4ace-8fc8-3163f00ae8e9,&q={searchTerms}
BHO: No Name - {11111111-1111-1111-1111-110511331160} -  No File
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: No Name - {93DBF2BB-A2B3-4683-A92E-57E60751F346} -  No File
BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -  No File
BHO: Savings Champion BHO - {E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} - C:\Program Files (x86)\Savings Champion\FrameworkBHO64.dll ()
BHO: No Name - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} -  No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: No Name - {6492E171-2427-4932-B414-33574A089F5E} -  No File
BHO-x32: Savings Champion BHO - {E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} - C:\Program Files (x86)\Savings Champion\FrameworkBHO.dll ()
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\searchplugins\Web Search.xml
FF Extension: Object Browser - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2014-03-22]
FF Extension: Snap.Do  - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{2bf3169c-c128-7892-58eb-87333673f601} [2014-03-16]
FF Extension: Savings Champion - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{3197FA33-0DDE-3EC7-34CE-451660AEB38C} [2014-03-15]
FF Extension: Coupon Server - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607} [2014-02-09]
FF Extension: Shopper-Pro - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-03-15]
FF Extension: Value Apps - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} [2014-03-16]
FF Extension: SnapDo - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\firefox@splashurl.com.xpi [2014-03-22]
FF Extension: FreeHDSport.TV - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\freehdsport@freehdsport.tv.xpi [2012-10-07]
FF HKLM-x32\...\Firefox\Extensions: [extension@Fast_Free_Converter.com] - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com
FF HKCU\...\Firefox\Extensions: [singalong@xenophesoft.com] - C:\Program Files (x86)\SingAlong\FF\
FF HKCU\...\Firefox\Extensions: [ConsumerInput@Compete] - C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12171.xpi
CHR HKLM-x32\...\Chrome\Extension: [abepbblpkilpjohncjbccmdjhdhbnhdj] - C:\Program Files (x86)\SingAlong\Chrome.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [cekmkdkefndbeciggfanobcemjnppbbb] - C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [hgbjigogbpggnhcicdeanggmdfknglid] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1238\ch\MediaViewV1alpha1238.crx [2014-03-22]
R2 MediaDevSrv; C:\ProgramData\MediaDev\1394488259\mediadev.exe [368960 2014-03-10] ()
R2 SMUpd; C:\Program Files\Common Files\Goobzo\GBUpdate\smu.exe [2541928 2014-03-04] (Search Module Ltd.)
C:\Program Files\Common Files\Goobzo
R2 WinDevSrv; C:\ProgramData\UpdateServer\1395498996\webdev.exe [368960 2014-03-22] ()
C:\ProgramData\UpdateServer
S1 Beep; No ImagePath
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58216 2013-12-20] (YTDownloader)
 C:\Program Files (x86)\YTDownloader
R3 SMUpdd; C:\Program Files\Common Files\Goobzo\GBUpdate\smw.sys [41320 2014-03-04] ()
C:\Users\Luis\AppData\Roaming\desktop.ini
C:\Users\Luis\AppData\Local\Temp\dufgmr4c.exe
C:\Program Files (x86)\Savings Champion
2014-03-16 11:49 - 2014-03-16 11:49 - 00000971 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
Snap.Do (HKLM-x32\...\{F4F6F37C-8D19-4DAD-BF7B-0953133FD43F}) (Version: 11.20.1.15636 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU\...\{c2e9de1c-2c23-4b3b-9c11-59c6c6733c63}) (Version: 10.206.1.14585 - ReSoft Ltd.) <==== ATTENTION
Task: {1199D5D7-7009-4AA4-B1A9-A47D42FA749C} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {128A9FDC-BB3F-4F3E-89D6-77CC58F04F76} - System32\Tasks\hdtotal1.1-enabler => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe
Task: {14D01987-C345-4D93-9948-94C2E02097D0} - System32\Tasks\hdtotal1.1-chromeinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe
Task: {158E7850-AA58-4EBE-9BD2-B332794FD5E5} - System32\Tasks\ConsumerInputUpdateTaskMachineUA => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {25CA0845-7B79-4F96-93D5-5466F71F0D56} - System32\Tasks\SMW_UpdateTask_Time_323939383733323831302d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0
Task: {2992680D-B52F-4337-951D-AE20BC289FF4} - System32\Tasks\iWebar-updater => C:\Program Files (x86)\iWebar\iWebar-updater.exe
Task: {2F07D062-F61B-468A-B007-6124974332C9} - System32\Tasks\hdtotal1.1-updater => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe
Task: {3DE1C672-08C2-49DD-9F28-4AC2F5D2625C} - System32\Tasks\hdtotal1.1-firefoxinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe
Task: {41D845AF-61E6-45C3-A798-739EE8E3542F} - System32\Tasks\bench-S-1-5-21-1907794234-3787397731-298375424-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {492E796A-D5BF-46B8-988D-97B04D502F26} - System32\Tasks\iWebar-enabler => C:\Program Files (x86)\iWebar\iWebar-enabler.exe <==== ATTENTION
Task: {5E60CD44-0247-4997-8E11-F5E9C4843725} - System32\Tasks\iWebar-codedownloader => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe
Task: {5FA5C0D5-679D-405F-8E63-27C77C3EBE03} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe
Task: {6B68D569-84F4-488C-B548-F6519C7F2250} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe
Task: {70EF74F7-2B09-4DC6-A139-EFCBC4D8FDC3} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {756B6C3D-0382-4A3E-91B4-6F9F4589CE8A} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {7DA687F7-A75C-4D47-AD29-692678365D5C} - System32\Tasks\hdtotal1.1-codedownloader => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe
Task: {8F9648F8-F3B1-4721-92F2-86AA6152E8B4} - System32\Tasks\iWebar-firefoxinstaller => C:\Program Files (x86)\iWebar\iWebar-firefoxinstaller.exe
Task: {9BCFE4E8-A98C-4117-B858-210D05312745} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
Task: {9D8AC548-F332-4CC1-85EC-4D34BC01AE66} - System32\Tasks\ClickAndMark_wd => C:\Program Files (x86)\click-n-mark-soft\ClickAndMark_wd.exe
ask: {BA1974D0-F49A-4457-880A-71B766526EA5} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe
Task: {BC047733-3241-4447-BCD7-136066575CF7} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: {CC6A481C-1DB5-4BC6-9F51-38E286EEF67E} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1
Task: {CF3F3D8A-34D7-46E2-9FCA-2C50517A8663} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {D2B551F6-6F10-405B-AFA2-CADCB2717B3D} - System32\Tasks\iWebar-chromeinstaller => C:\Program Files (x86)\iWebar\iWebar-chromeinstaller.exe
Task: {D4371C74-5B51-431B-A559-5E514102F1BD} - System32\Tasks\AmiUpdXp => C:\Users\Luis\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: {DCCD69EF-196E-4CD3-9046-EE92531F83E1} - System32\Tasks\GreatArcadeHits => C:\Users\Luis\AppData\Local\GreatArcadeHits\GAHUpdate.exe <==== ATTENTION
Task: {E2F2F352-5968-47C4-A96E-ED0374D755B2} - System32\Tasks\ConsumerInputUpdateTaskMachineCore => C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe
Task: {F62FC9CB-28C4-4C5B-8787-F4F4239B3721} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Luis\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {F6C1F5DF-A690-412F-BF98-E608195A2848} - System32\Tasks\Smp => C:\Program Files\Common Files\Goobzo\GBUpdate\smp.exe [2014-01-16] ()
Task: {F9FE6380-E07F-4E7B-A874-8AE5EE0B54B0} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {FEC6987B-2FCB-4D18-8F16-8E6471B9F844} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:D346F792
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
MSCONFIG\startupreg: SpeedUpMyPC => "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
MSCONFIG\startupreg: YTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot


*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED905251-EDB7-4CA0-AF39-1551C50BCE24} => Key deleted successfully.
HKCR\CLSID\{ED905251-EDB7-4CA0-AF39-1551C50BCE24} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key deleted successfully.
HKCR\CLSID\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511331160} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110511331160} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key deleted successfully.
HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key deleted successfully.
HKCR\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key deleted successfully.
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} => Key deleted successfully.
HKCR\CLSID\{E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} => Key deleted successfully.
HKCR\CLSID\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6492E171-2427-4932-B414-33574A089F5E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E5DDA13C-89E7-4CBC-8CDE-5659EE9C82DA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\searchplugins\Web Search.xml => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{2bf3169c-c128-7892-58eb-87333673f601} => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{3197FA33-0DDE-3EC7-34CE-451660AEB38C} => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{3C2422B0-C421-8DCF-B2EB-70B9B2B71607} => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\firefox@splashurl.com.xpi => Moved successfully.
C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\freehdsport@freehdsport.tv.xpi => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\extension@Fast_Free_Converter.com => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\singalong@xenophesoft.com => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\ConsumerInput@Compete => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj => Key deleted successfully.
"C:\Program Files (x86)\SingAlong\Chrome.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cekmkdkefndbeciggfanobcemjnppbbb => Key deleted successfully.
"C:\Program Files (x86)\LessTabs\Chrome\cekmkdkefndbeciggfanobcemjnppbbb.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hgbjigogbpggnhcicdeanggmdfknglid => Key deleted successfully.
"C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1238\ch\MediaViewV1alpha1238.crx" => File/Directory not found.
MediaDevSrv => Service stopped successfully.
MediaDevSrv => Service deleted successfully.
SMUpd => Service stopped successfully.
SMUpd => Service deleted successfully.
C:\Program Files\Common Files\Goobzo => Moved successfully.
WinDevSrv => Service stopped successfully.
WinDevSrv => Service deleted successfully.
C:\ProgramData\UpdateServer => Moved successfully.
Beep => Service deleted successfully.
sbmntr => Service stopped successfully.
sbmntr => Service deleted successfully.
C:\Program Files (x86)\YTDownloader => Moved successfully.
SMUpdd => Service deleted successfully.
C:\Users\Luis\AppData\Roaming\desktop.ini => Moved successfully.
C:\Users\Luis\AppData\Local\Temp\dufgmr4c.exe => Moved successfully.
C:\Program Files (x86)\Savings Champion => Moved successfully.
C:\Users\Public\Desktop\Fast Media Converter.lnk => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1199D5D7-7009-4AA4-B1A9-A47D42FA749C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1199D5D7-7009-4AA4-B1A9-A47D42FA749C} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro_UPDATES => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{128A9FDC-BB3F-4F3E-89D6-77CC58F04F76} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{128A9FDC-BB3F-4F3E-89D6-77CC58F04F76} => Key deleted successfully.
C:\Windows\System32\Tasks\hdtotal1.1-enabler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hdtotal1.1-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{14D01987-C345-4D93-9948-94C2E02097D0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14D01987-C345-4D93-9948-94C2E02097D0} => Key deleted successfully.
C:\Windows\System32\Tasks\hdtotal1.1-chromeinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hdtotal1.1-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{158E7850-AA58-4EBE-9BD2-B332794FD5E5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{158E7850-AA58-4EBE-9BD2-B332794FD5E5} => Key deleted successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{192DDA2D-5815-47B8-983F-65744FEEC03A} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{254095AE-FB97-48EA-94A5-D8BF2AB79714} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{254095AE-FB97-48EA-94A5-D8BF2AB79714} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RACAgent => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25CA0845-7B79-4F96-93D5-5466F71F0D56} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25CA0845-7B79-4F96-93D5-5466F71F0D56} => Key deleted successfully.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323939383733323831302d3437415a556c2a3223346c41 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323939383733323831302d3437415a556c2a3223346c41 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2992680D-B52F-4337-951D-AE20BC289FF4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2992680D-B52F-4337-951D-AE20BC289FF4} => Key deleted successfully.
C:\Windows\System32\Tasks\iWebar-updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F07D062-F61B-468A-B007-6124974332C9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F07D062-F61B-468A-B007-6124974332C9} => Key deleted successfully.
C:\Windows\System32\Tasks\hdtotal1.1-updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hdtotal1.1-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3DE1C672-08C2-49DD-9F28-4AC2F5D2625C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE1C672-08C2-49DD-9F28-4AC2F5D2625C} => Key deleted successfully.
C:\Windows\System32\Tasks\hdtotal1.1-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hdtotal1.1-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41D845AF-61E6-45C3-A798-739EE8E3542F} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41D845AF-61E6-45C3-A798-739EE8E3542F} => Key deleted successfully.
C:\Windows\System32\Tasks\bench-S-1-5-21-1907794234-3787397731-298375424-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-S-1-5-21-1907794234-3787397731-298375424-1000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{492E796A-D5BF-46B8-988D-97B04D502F26} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{492E796A-D5BF-46B8-988D-97B04D502F26} => Key deleted successfully.
C:\Windows\System32\Tasks\iWebar-enabler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E60CD44-0247-4997-8E11-F5E9C4843725} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E60CD44-0247-4997-8E11-F5E9C4843725} => Key deleted successfully.
C:\Windows\System32\Tasks\iWebar-codedownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FA5C0D5-679D-405F-8E63-27C77C3EBE03} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FA5C0D5-679D-405F-8E63-27C77C3EBE03} => Key deleted successfully.
C:\Windows\System32\Tasks\ShopperPro => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B68D569-84F4-488C-B548-F6519C7F2250} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B68D569-84F4-488C-B548-F6519C7F2250} => Key deleted successfully.
C:\Windows\System32\Tasks\ShopperProJSUpd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70EF74F7-2B09-4DC6-A139-EFCBC4D8FDC3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70EF74F7-2B09-4DC6-A139-EFCBC4D8FDC3} => Key deleted successfully.
C:\Windows\System32\Tasks\BrowserSafeguard Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{756B6C3D-0382-4A3E-91B4-6F9F4589CE8A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{756B6C3D-0382-4A3E-91B4-6F9F4589CE8A} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DA687F7-A75C-4D47-AD29-692678365D5C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DA687F7-A75C-4D47-AD29-692678365D5C} => Key deleted successfully.
C:\Windows\System32\Tasks\hdtotal1.1-codedownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hdtotal1.1-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F9648F8-F3B1-4721-92F2-86AA6152E8B4} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F9648F8-F3B1-4721-92F2-86AA6152E8B4} => Key deleted successfully.
C:\Windows\System32\Tasks\iWebar-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BCFE4E8-A98C-4117-B858-210D05312745} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BCFE4E8-A98C-4117-B858-210D05312745} => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchApp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D8AC548-F332-4CC1-85EC-4D34BC01AE66} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D8AC548-F332-4CC1-85EC-4D34BC01AE66} => Key deleted successfully.
C:\Windows\System32\Tasks\ClickAndMark_wd => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ClickAndMark_wd => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC047733-3241-4447-BCD7-136066575CF7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC047733-3241-4447-BCD7-136066575CF7} => Key deleted successfully.
C:\Windows\System32\Tasks\bench-sys => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bench-sys => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC6A481C-1DB5-4BC6-9F51-38E286EEF67E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC6A481C-1DB5-4BC6-9F51-38E286EEF67E} => Key deleted successfully.
C:\Windows\System32\Tasks\SMupdate1 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF3F3D8A-34D7-46E2-9FCA-2C50517A8663} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF3F3D8A-34D7-46E2-9FCA-2C50517A8663} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2B551F6-6F10-405B-AFA2-CADCB2717B3D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2B551F6-6F10-405B-AFA2-CADCB2717B3D} => Key deleted successfully.
C:\Windows\System32\Tasks\iWebar-chromeinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iWebar-chromeinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4371C74-5B51-431B-A559-5E514102F1BD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4371C74-5B51-431B-A559-5E514102F1BD} => Key deleted successfully.
C:\Windows\System32\Tasks\AmiUpdXp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCCD69EF-196E-4CD3-9046-EE92531F83E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCD69EF-196E-4CD3-9046-EE92531F83E1} => Key deleted successfully.
C:\Windows\System32\Tasks\GreatArcadeHits => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GreatArcadeHits => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E2F2F352-5968-47C4-A96E-ED0374D755B2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2F2F352-5968-47C4-A96E-ED0374D755B2} => Key deleted successfully.
C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F62FC9CB-28C4-4C5B-8787-F4F4239B3721} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F62FC9CB-28C4-4C5B-8787-F4F4239B3721} => Key deleted successfully.
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F6C1F5DF-A690-412F-BF98-E608195A2848} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6C1F5DF-A690-412F-BF98-E608195A2848} => Key deleted successfully.
C:\Windows\System32\Tasks\Smp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9FE6380-E07F-4E7B-A874-8AE5EE0B54B0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9FE6380-E07F-4E7B-A874-8AE5EE0B54B0} => Key deleted successfully.
C:\Windows\System32\Tasks\RegClean Pro => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FEC6987B-2FCB-4D18-8F16-8E6471B9F844} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEC6987B-2FCB-4D18-8F16-8E6471B9F844} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3 => Key deleted successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":D346F792" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => Key deleted successfully.

========= MSCONFIG\startupSpeedUpMyPC => "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000 =========

The system cannot find the path specified.


========= End of Reg: =========


========= MSCONFIG\startupYTDownloader => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot =========

The system cannot find the path specified.


========= End of Reg: =========



The system needed a reboot.

==== End of Fixlog ====

 

 

AdwCleaner log

 

# AdwCleaner v3.022 - Report created 23/03/2014 at 15:13:45
# Updated 13/03/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Luis - LUIS-PC
# Running from : C:\Users\Luis\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Systweak
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
[!] Folder Deleted : C:\Program Files (x86)\Bench
[!] Folder Deleted : C:\Program Files (x86)\File Type Helper
[!] Folder Deleted : C:\Program Files (x86)\FirstRowSportApp.com
[!] Folder Deleted : C:\Program Files (x86)\Mobogenie
[!] Folder Deleted : C:\Program Files (x86)\NewPlayer
[!] Folder Deleted : C:\Program Files (x86)\uniblue
[!] Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
[!] Folder Deleted : C:\Users\Luis\AppData\Local\genienext
[!] Folder Deleted : C:\Users\Luis\AppData\Local\NewPlayer
[!] Folder Deleted : C:\Users\Luis\AppData\Local\SwvUpdater
[!] Folder Deleted : C:\Users\Luis\AppData\Local\TelevisionFanatic
[!] Folder Deleted : C:\Users\Luis\AppData\LocalLow\PriceGong
[!] Folder Deleted : C:\Users\Luis\AppData\LocalLow\Smartbar
[!] Folder Deleted : C:\Users\Luis\AppData\LocalLow\TelevisionFanatic
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\PC Health Kit
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\Systweak
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\uniblue
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\Uniblue\SpeedUpMyPC
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\ValueApps
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\VOPackage
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FirstRowSportApp.com
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Smartbar
[!] Folder Deleted : C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\ValueApps
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4084D718-3644-4504-B828-BB054729E39C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\smarttweak
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\TelevisionFanatic
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\TelevisionFanatic
Key Deleted : HKLM\Software\TelevisionFanaticEI
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fast Free Converter
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Mobogenie
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Health Kit_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\prefs.js ]

Line Deleted : user_pref("valueApps.CT0000000./9B+7E+x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E,x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E-x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E.:2z527.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E.x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E/x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:", "6E6D686D6E7272716F70");
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E73747878777576242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E0x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E1x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E2x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E3x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E4x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E5x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E6x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E7x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E8x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E9x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E:x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E;x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E<x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E=x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E>x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E?x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7E@x305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EAx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EBx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7ECx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7EDx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B+7Etx305.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D", "6F706E6C6F413F437A6F7971722079757C21257C4E247C2A205426282524292A295B315F");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;", "");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG", "6E6E6F3F6C6E44747A72437A787B49487B4C7C2320");
Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P", "6E6D686D6E7272716F74757176");
Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E", "6A");
Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE", "2B2E2C3D");
Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<", "393F352F3E");
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ", "6D70706E7674727975762A787A727B78757E79");
Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:", "4443");
Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H", "6D");
Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?", "6C");
Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE", "74727565");
Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED", "46414C5345");
Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS", "454E41424C4544");
Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime", "31333935353233353632333039");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appState_Clarity_Active", "6F6E");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appState_Clarity_Active.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsConfig.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled", "74727565");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time", "31");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime", "31333935353233353632333836");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_settings1.13.0.17.storedInFile", true);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget", "66616C7365");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate", "3230313430333233");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId", "39636163343038662D393335312D346438332D393333312D393038633164326565376139");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted", "");
Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-matkot-user-id", "22313339323136333930303830323034323334353622");
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-matkot-user-id.storedInFile", false);
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339353532333538323231382C31343430303030305D7D");
Line Deleted : user_pref("valueApps.CT0000000.rematchagent-periodic-reports.storedInFile", false);

-\\ Google Chrome v

[ File : C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18315 octets] - [23/03/2014 15:12:22]
AdwCleaner[S0].txt - [18382 octets] - [23/03/2014 15:13:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18443 octets] ##########
 

 

JRt.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Luis on Sun 03/23/2014 at 15:20:18.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311281150}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\smarttweak"
Successfully deleted: [Folder] "C:\Users\Luis\AppData\Roaming\microsoft\windows\start menu\programs\smarttweak software"



~~~ FireFox

Emptied folder: C:\Users\Luis\AppData\Roaming\mozilla\firefox\profiles\hpav7k4j.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/23/2014 at 15:34:11.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:56 AM

Posted 23 March 2014 - 04:01 PM

Yes you can reinstall Google Chrome and see what happens.

 

1.

Please run FRST as you did the first time you ran it and post the log please.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 drumr1829

drumr1829
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 23 March 2014 - 04:54 PM

Hi,

 

I resintalled Chrome and seems to be working fine this time! I did notice that the detault search engine for Chrome was still www-search.net (when typing a search in the address bar of Chrome).  I changed it back to Google.com and removed the search.net search engine option.  I'm no longer getting the force closes - so far.  I would like to keep this post open one more day if you don't mind just in case the issue reappears tomorrow (like it did today).

 

The following is the FRST scan.  Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Luis (administrator) on LUIS-PC on 23-03-2014 17:49:15
Running from C:\Users\Luis\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe
(Agere Systems) C:\Windows\system32\agr64svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\Program Files (x86)\SMINST\BLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [246784 2008-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441344 2008-10-15] (IDT, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {67D7FE62-DD38-48E0-9480-A7D12163F62C} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default
FF Homepage: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.16 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.16 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.16 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Luis\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\hpav7k4j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-21]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFF [2013-10-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Luis\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Luis\AppData\Roaming\Move Networks [2009-12-12]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (YouTube) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Adblock Plus) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-23]
CHR Extension: (Google Search) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Skype Click to Call) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\Luis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\Exts\Chrome.crx [2013-10-14]

==================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe [89088 2008-10-15] (Andrea Electronics Corporation)
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [290832 2011-12-12] (Verizon)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-03-17] (Alcatel-Lucent)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] ()
S4 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2010-09-29] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe [279040 2008-10-15] (IDT, Inc.)
S4 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2010-09-29] (SupportSoft, Inc.)
S4 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2008-09-24] ()
S4 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116096 2008-09-24] ()
S2 RoxLiveShare9; "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-03-14] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20140314.001\IDSvia64.sys [524504 2014-03-09] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140315.009\ENG64.SYS [126040 2014-03-14] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20140315.009\EX64.SYS [2099288 2014-03-14] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-10-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMTDIV.SYS [457304 2013-04-24] (Symantec Corporation)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-26] (Cyberlink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 17:31 - 2014-03-23 17:31 - 00002043 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-23 15:43 - 2014-03-23 15:43 - 00532424 _____ () C:\Users\Luis\Downloads\HDvid-codec-FF.exe
2014-03-23 15:19 - 2014-03-23 15:19 - 01037734 _____ (Thisisu) C:\Users\Luis\Downloads\JRT.exe
2014-03-23 15:19 - 2014-03-23 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 15:17 - 2014-03-23 15:17 - 00018560 _____ () C:\Users\Luis\Downloads\AdwCleaner[S0].txt
2014-03-23 15:12 - 2014-03-23 15:13 - 00000000 ____D () C:\AdwCleaner
2014-03-23 15:10 - 2014-03-23 15:10 - 01950720 _____ () C:\Users\Luis\Downloads\adwcleaner.exe
2014-03-23 13:44 - 2014-03-23 13:46 - 00045536 _____ () C:\Users\Luis\Downloads\Addition.txt
2014-03-23 13:43 - 2014-03-23 17:49 - 00017307 _____ () C:\Users\Luis\Downloads\FRST.txt
2014-03-23 13:43 - 2014-03-23 17:49 - 00000000 ____D () C:\FRST
2014-03-23 13:42 - 2014-03-23 13:42 - 02157056 _____ (Farbar) C:\Users\Luis\Downloads\FRST64.exe
2014-03-23 10:15 - 2014-03-23 10:26 - 00011222 _____ () C:\Users\Luis\Downloads\Attach.txt
2014-03-23 10:15 - 2014-03-23 10:15 - 00018848 _____ () C:\Users\Luis\Downloads\DDS.txt
2014-03-23 10:10 - 2014-03-23 10:10 - 00688992 ____R (Swearware) C:\Users\Luis\Downloads\dds.com
2014-03-23 10:02 - 2014-03-23 10:02 - 00000000 ____D () C:\SUPERDelete
2014-03-23 09:59 - 2014-03-23 09:59 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-23 09:58 - 2014-03-23 09:58 - 18435176 _____ (SUPERAntiSpyware) C:\Users\Luis\Downloads\SAS_818D1.EXE
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 17:21 - 2014-03-22 17:21 - 00282880 _____ (Mozilla) C:\Users\Luis\Downloads\Firefox Setup Stub 28.0.exe
2014-03-22 16:57 - 2014-03-23 17:37 - 00019976 _____ () C:\Windows\PFRO.log
2014-03-22 14:27 - 2014-03-22 15:10 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-22 14:27 - 2014-03-22 14:27 - 00000000 ____D () C:\Users\Luis\AppData\Local\Anvisoft
2014-03-22 14:13 - 2014-03-22 14:13 - 00265752 _____ (Secure By Design Inc.) C:\Users\Luis\Downloads\Ninite Chrome Installer.exe
2014-03-22 13:37 - 2014-03-22 16:49 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-22 13:37 - 2014-03-22 15:08 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-22 12:50 - 2014-03-22 12:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-22 11:59 - 2014-03-22 12:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-22 11:59 - 2014-03-22 11:59 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-22 11:58 - 2014-03-22 12:49 - 00000000 ____D () C:\Users\Luis\Desktop\mbar
2014-03-22 11:58 - 2014-03-22 11:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-22 11:51 - 2014-03-22 11:51 - 00046098 _____ () C:\ComboFix.txt
2014-03-22 10:29 - 2014-03-22 10:29 - 00000000 ____D () C:\Windows\pss
2014-03-21 16:53 - 2014-03-21 16:53 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-21 16:53 - 2014-03-21 16:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-21 16:53 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-16 16:20 - 2014-03-16 16:20 - 00000000 ____D () C:\Users\Luis\AppData\Local\HistoryCleaner
2014-03-16 16:13 - 2014-03-16 16:13 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-16 16:11 - 2014-03-16 16:11 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-16 11:49 - 2014-03-22 10:34 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-03-16 11:49 - 2014-03-16 11:49 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\FastMediaConverter
2014-03-16 11:28 - 2014-03-16 11:28 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Compete
2014-03-16 10:11 - 2014-03-16 10:11 - 00002304 _____ () C:\{45864454-B5A0-4020-9894-004C822D2523}
2014-03-16 10:09 - 2014-03-16 10:09 - 00002408 _____ () C:\{23F1EC39-4957-4671-9D21-21FC979B832B}
2014-03-16 10:03 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 10:03 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 10:03 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 10:03 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 10:03 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 10:03 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 10:03 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-16 10:03 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 10:03 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-16 10:03 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-16 10:03 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 10:03 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 10:03 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 10:03 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 10:03 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-16 10:03 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 10:03 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-16 10:03 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-16 10:03 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-16 10:03 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-16 10:03 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-16 10:03 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-16 10:03 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-16 10:03 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-16 10:03 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-16 10:03 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-16 10:03 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-16 10:03 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-16 10:03 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-15 11:24 - 2014-03-15 11:24 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-15 11:23 - 2014-03-15 11:24 - 00000157 _____ () C:\Users\Luis\AppData\Roaming\aps.uninstall.scan.results
2014-03-15 11:21 - 2014-03-15 11:21 - 00000000 ____D () C:\Users\Luis\AppData\Local\CrashRpt
2014-03-15 11:20 - 2014-03-22 16:23 - 00000000 ____D () C:\Users\Luis\AppData\Local\Savings Champion
2014-03-15 11:20 - 2014-03-15 11:20 - 00000000 ____D () C:\Program Files (x86)\Ainishare
2014-03-15 10:41 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 10:41 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-15 10:41 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-15 10:41 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-15 10:40 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-15 10:40 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-15 10:40 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-15 09:28 - 2014-03-22 00:59 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-10 20:35 - 2014-03-10 20:35 - 00003048 _____ () C:\Windows\System32\Tasks\ClickAndMark Update
2014-03-10 20:34 - 2014-03-15 11:19 - 00000854 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ISTCleaner.lnk
2014-03-10 20:34 - 2014-03-10 20:35 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\istcleaner
2014-03-10 20:34 - 2014-03-10 20:34 - 00000000 ____D () C:\Program Files (x86)\ISTCleaner
2014-03-10 18:09 - 2014-03-10 18:09 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-03-10 17:59 - 2014-03-10 17:59 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 17:50 - 2014-03-16 10:35 - 00000000 ____D () C:\ProgramData\MediaDev
2014-03-10 17:45 - 2014-03-10 17:45 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-03-09 15:07 - 2014-03-10 17:51 - 00000000 ____D () C:\ProgramData\UpdateCommon

==================== One Month Modified Files and Folders =======

2014-03-23 17:49 - 2014-03-23 13:43 - 00017307 _____ () C:\Users\Luis\Downloads\FRST.txt
2014-03-23 17:49 - 2014-03-23 13:43 - 00000000 ____D () C:\FRST
2014-03-23 17:45 - 2010-01-29 13:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-23 17:44 - 2009-01-14 11:08 - 01434200 _____ () C:\Windows\WindowsUpdate.log
2014-03-23 17:38 - 2010-01-29 13:10 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-23 17:38 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-23 17:38 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-23 17:38 - 2006-11-02 11:22 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-23 17:37 - 2014-03-22 16:57 - 00019976 _____ () C:\Windows\PFRO.log
2014-03-23 17:36 - 2006-11-02 11:42 - 00032574 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-23 17:31 - 2014-03-23 17:31 - 00002043 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-23 17:31 - 2009-02-20 18:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-23 16:52 - 2012-07-08 23:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 15:43 - 2014-03-23 15:43 - 00532424 _____ () C:\Users\Luis\Downloads\HDvid-codec-FF.exe
2014-03-23 15:19 - 2014-03-23 15:19 - 01037734 _____ (Thisisu) C:\Users\Luis\Downloads\JRT.exe
2014-03-23 15:19 - 2014-03-23 15:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-23 15:17 - 2014-03-23 15:17 - 00018560 _____ () C:\Users\Luis\Downloads\AdwCleaner[S0].txt
2014-03-23 15:13 - 2014-03-23 15:12 - 00000000 ____D () C:\AdwCleaner
2014-03-23 15:10 - 2014-03-23 15:10 - 01950720 _____ () C:\Users\Luis\Downloads\adwcleaner.exe
2014-03-23 15:07 - 2014-02-09 19:34 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-03-23 15:07 - 2013-05-19 21:48 - 00000008 __RSH () C:\Users\Luis\ntuser.pol
2014-03-23 15:07 - 2009-02-19 13:24 - 00000000 ____D () C:\Users\Luis
2014-03-23 15:05 - 2006-11-02 09:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-23 13:46 - 2014-03-23 13:44 - 00045536 _____ () C:\Users\Luis\Downloads\Addition.txt
2014-03-23 13:42 - 2014-03-23 13:42 - 02157056 _____ (Farbar) C:\Users\Luis\Downloads\FRST64.exe
2014-03-23 12:19 - 2009-02-19 13:32 - 00001129 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-23 12:19 - 2009-02-19 13:31 - 00001135 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-23 12:19 - 2006-11-02 08:46 - 00703516 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-23 10:26 - 2014-03-23 10:15 - 00011222 _____ () C:\Users\Luis\Downloads\Attach.txt
2014-03-23 10:15 - 2014-03-23 10:15 - 00018848 _____ () C:\Users\Luis\Downloads\DDS.txt
2014-03-23 10:10 - 2014-03-23 10:10 - 00688992 ____R (Swearware) C:\Users\Luis\Downloads\dds.com
2014-03-23 10:02 - 2014-03-23 10:02 - 00000000 ____D () C:\SUPERDelete
2014-03-23 10:02 - 2009-12-13 13:19 - 00000000 ____D () C:\Users\Luis\AppData\Local\The Weather Channel
2014-03-23 10:02 - 2008-10-23 05:10 - 00000000 ____D () C:\Program Files\AWS
2014-03-23 09:59 - 2014-03-23 09:59 - 00001756 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-23 09:59 - 2014-03-23 09:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-03-23 09:58 - 2014-03-23 09:58 - 18435176 _____ (SUPERAntiSpyware) C:\Users\Luis\Downloads\SAS_818D1.EXE
2014-03-22 19:35 - 2009-02-21 14:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-22 17:23 - 2009-02-21 14:36 - 00000888 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-22 17:22 - 2014-03-22 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-22 17:21 - 2014-03-22 17:21 - 00282880 _____ (Mozilla) C:\Users\Luis\Downloads\Firefox Setup Stub 28.0.exe
2014-03-22 17:04 - 2009-02-20 18:34 - 00000000 ____D () C:\Users\Luis\AppData\Local\Google
2014-03-22 16:49 - 2014-03-22 13:37 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-03-22 16:23 - 2014-03-15 11:20 - 00000000 ____D () C:\Users\Luis\AppData\Local\Savings Champion
2014-03-22 15:10 - 2014-03-22 14:27 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-03-22 15:08 - 2014-03-22 13:37 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-03-22 14:51 - 2012-01-15 19:00 - 00000000 ____D () C:\Users\Luis\AppData\Local\CrashDumps
2014-03-22 14:45 - 2012-11-04 23:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-22 14:45 - 2009-11-26 22:08 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 14:45 - 2009-02-21 13:46 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Skype
2014-03-22 14:36 - 2011-02-27 16:36 - 00000000 ____D () C:\Users\Luis\Desktop\WDM
2014-03-22 14:36 - 2008-10-23 03:22 - 00000000 ____D () C:\Windows\panther
2014-03-22 14:32 - 2011-02-02 21:06 - 00001704 _____ () C:\Users\Luis\Desktop\Click for Verizon Wi-Fi Setup.lnk
2014-03-22 14:27 - 2014-03-22 14:27 - 00000000 ____D () C:\Users\Luis\AppData\Local\Anvisoft
2014-03-22 14:13 - 2014-03-22 14:13 - 00265752 _____ (Secure By Design Inc.) C:\Users\Luis\Downloads\Ninite Chrome Installer.exe
2014-03-22 13:59 - 2012-07-08 23:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-22 13:59 - 2012-07-08 23:21 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-22 13:59 - 2012-01-15 18:10 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-22 13:55 - 2006-11-02 11:21 - 00315368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 13:54 - 2008-10-23 03:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-22 13:18 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-22 12:50 - 2014-03-22 12:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-22 12:50 - 2012-11-01 16:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-22 12:49 - 2014-03-22 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-22 12:49 - 2014-03-22 11:58 - 00000000 ____D () C:\Users\Luis\Desktop\mbar
2014-03-22 11:59 - 2014-03-22 11:59 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-22 11:58 - 2014-03-22 11:58 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-22 11:52 - 2012-11-01 15:13 - 00000000 ____D () C:\Qoobox
2014-03-22 11:51 - 2014-03-22 11:51 - 00046098 _____ () C:\ComboFix.txt
2014-03-22 11:47 - 2006-11-02 08:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-22 11:47 - 2006-11-02 08:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.old
2014-03-22 10:42 - 2012-10-20 23:16 - 00000000 ____D () C:\Program Files (x86)\Advanced System Optimizer 3
2014-03-22 10:34 - 2014-03-16 11:49 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-03-22 10:29 - 2014-03-22 10:29 - 00000000 ____D () C:\Windows\pss
2014-03-22 10:29 - 2009-02-19 13:31 - 00000000 ___RD () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-22 00:59 - 2014-03-15 09:28 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-03-21 23:29 - 2014-02-11 19:09 - 00000000 ____D () C:\a
2014-03-21 16:53 - 2014-03-21 16:53 - 00000948 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-21 16:53 - 2014-03-21 16:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-16 16:20 - 2014-03-16 16:20 - 00000000 ____D () C:\Users\Luis\AppData\Local\HistoryCleaner
2014-03-16 16:13 - 2014-03-16 16:13 - 00000066 _____ () C:\Windows\GPlrLanc.dat
2014-03-16 16:11 - 2014-03-16 16:11 - 00003568 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-03-16 16:11 - 2006-11-02 09:33 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-16 11:49 - 2014-03-16 11:49 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\FastMediaConverter
2014-03-16 11:28 - 2014-03-16 11:28 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Compete
2014-03-16 11:22 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-16 10:38 - 2008-10-23 05:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-16 10:35 - 2014-03-10 17:50 - 00000000 ____D () C:\ProgramData\MediaDev
2014-03-16 10:11 - 2014-03-16 10:11 - 00002304 _____ () C:\{45864454-B5A0-4020-9894-004C822D2523}
2014-03-16 10:09 - 2014-03-16 10:09 - 00002408 _____ () C:\{23F1EC39-4957-4671-9D21-21FC979B832B}
2014-03-16 10:09 - 2009-10-09 20:49 - 00000680 _____ () C:\Users\Luis\AppData\Local\d3d9caps.dat
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2014-03-15 11:25 - 2014-03-15 11:25 - 00000000 ____D () C:\ProgramData\SearchModule
2014-03-15 11:24 - 2014-03-15 11:24 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2014-03-15 11:24 - 2014-03-15 11:23 - 00000157 _____ () C:\Users\Luis\AppData\Roaming\aps.uninstall.scan.results
2014-03-15 11:21 - 2014-03-15 11:21 - 00000000 ____D () C:\Users\Luis\AppData\Local\CrashRpt
2014-03-15 11:20 - 2014-03-15 11:20 - 00000000 ____D () C:\Program Files (x86)\Ainishare
2014-03-15 11:19 - 2014-03-10 20:34 - 00000854 _____ () C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ISTCleaner.lnk
2014-03-10 20:35 - 2014-03-10 20:35 - 00003048 _____ () C:\Windows\System32\Tasks\ClickAndMark Update
2014-03-10 20:35 - 2014-03-10 20:34 - 00000000 ____D () C:\Users\Luis\AppData\Roaming\istcleaner
2014-03-10 20:34 - 2014-03-10 20:34 - 00000000 ____D () C:\Program Files (x86)\ISTCleaner
2014-03-10 18:09 - 2014-03-10 18:09 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-03-10 18:00 - 2009-02-20 18:30 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 17:59 - 2014-03-10 17:59 - 00001890 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 17:59 - 2012-02-21 19:01 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-10 17:51 - 2014-03-09 15:07 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-03-10 17:45 - 2014-03-10 17:45 - 00000000 ____D () C:\ProgramData\UpdateTask
2014-02-24 16:40 - 2010-01-29 13:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-24 16:40 - 2010-01-29 13:10 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-23 03:12 - 2014-03-16 10:03 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 02:54 - 2014-03-16 10:03 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 02:52 - 2014-03-16 10:03 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 02:48 - 2014-03-16 10:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 02:48 - 2014-03-16 10:03 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 02:46 - 2014-03-16 10:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 02:46 - 2014-03-16 10:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 02:46 - 2014-03-16 10:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 02:45 - 2014-03-16 10:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 02:45 - 2014-03-16 10:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 02:45 - 2014-03-16 10:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 02:44 - 2014-03-16 10:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 02:44 - 2014-03-16 10:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 02:44 - 2014-03-16 10:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 02:44 - 2014-03-16 10:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 02:43 - 2014-03-16 10:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-23 01:50 - 2014-03-16 10:03 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 01:47 - 2014-03-16 10:03 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 01:43 - 2014-03-16 10:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 01:41 - 2014-03-16 10:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 01:40 - 2014-03-16 10:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 01:39 - 2014-03-16 10:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-23 01:38 - 2014-03-16 10:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-23 01:38 - 2014-03-16 10:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-23 01:38 - 2014-03-16 10:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 01:37 - 2014-03-16 10:03 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-23 01:36 - 2014-03-16 10:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 01:36 - 2014-03-16 10:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-23 01:35 - 2014-03-16 10:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

Some content of TEMP:
====================
C:\Users\Luis\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-23 17:46

==================== End Of Log ============================



#8 drumr1829

drumr1829
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 24 March 2014 - 05:42 PM

 Hi,

 

I believe we are all set to close this post.  I'm not receiving anymore redirects. Thanks much for your help!



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:56 AM

Posted 24 March 2014 - 05:46 PM

Lets run a couple other scanners for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 drumr1829

drumr1829
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 25 March 2014 - 09:04 PM

Hi,

 

I apologize but already gave the laptop back to the owner as I needed to meet a deadline.  I hadn't found any further issues so believe we should be all set.  I will let you know if something creeps back up but thanks again so much for your help!



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:56 AM

Posted 25 March 2014 - 09:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users