Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

weird spyware poping up all over my computer (gorillaprice.exe, watgorp.exe,)


  • This topic is locked This topic is locked
6 replies to this topic

#1 Rogue_wolf

Rogue_wolf

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 10 May 2014 - 03:29 PM

Hello there,

 

My name is Julian. I have problem with a friend's computer. It seems to be infectedwith a host of malware. I have included some of the names in my post (gorillaprice.exe, watgorp.exe, bobsled-notifier.exe vivoxvoiceservice.exe.  Here is my DDS log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Jorge at 16:07:18 on 2014-05-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1643.780 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\GorillaPrice\gorillaprice.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe
C:\ProgramData\gorillaprice\WatGorp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\Jorge\AppData\Local\Updater19962\Updater19962.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar3.exe
C:\Users\Jorge\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Users\Jorge\AppData\Local\Vivox\VVS\Current\VivoxVoiceService.exe
C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\Bobsled-Notifier.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = about:blank
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=app0202ie&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtDtA0BtAtCyDyBtAyBzztN0D0Tzu0SyBzzyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=868587084&ir=
mSearch Page = hxxp://start.qone8.com/web/?utm_source=b&utm_medium=testyac&utm_campaign=rg&utm_content=ds&from=testyac&uid=ST9320325AS_6VDG2JH5&ts=1383602055&type=default&q={searchTerms}
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://start.qone8.com/web/?utm_source=b&utm_medium=testyac&utm_campaign=rg&utm_content=ds&from=testyac&uid=ST9320325AS_6VDG2JH5&ts=1383602055&type=default&q={searchTerms}
uProxyServer = hxxp=127.0.0.1:8080
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Bobsled by T-Mobile: {C8748F11-F4AD-47AF-AB50-C7DF5792096B} -
uRun: [ares plus] "C:\Program Files (x86)\Ares Plus\AresPlus.exe" -h
uRun: [Updater19962.exe] C:\Users\Jorge\AppData\Local\Updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300
uRun: [VivoxHDN] "C:\Users\Jorge\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe" /d
uRun: [9616f8fa3cdd69b46dcb52b0b5f8e3d1] "C:\Users\Jorge\AppData\Local\Temp\LORD.exe" ..
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [Google Update] "C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [9616f8fa3cdd69b46dcb52b0b5f8e3d1] "C:\Users\Jorge\AppData\Local\Temp\LORD.exe" ..
mRun: [YTDownloader] "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
mRun: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
TCP: NameServer = 65.32.5.74 65.32.5.75
TCP: Interfaces\{027A30D0-F2B4-4662-8AFF-73D3DB734079} : DHCPNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{36A8FDD1-43B8-45B1-91A0-BD7A73F26AB6} : DHCPNameServer = 65.32.5.74 65.32.5.75
TCP: Interfaces\{36A8FDD1-43B8-45B1-91A0-BD7A73F26AB6}\27463716A6F6D616 : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{36A8FDD1-43B8-45B1-91A0-BD7A73F26AB6}\34963736F61373733373 : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
TCP: Interfaces\{36A8FDD1-43B8-45B1-91A0-BD7A73F26AB6}\C696E6B6379737 : DHCPNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{36A8FDD1-43B8-45B1-91A0-BD7A73F26AB6}\E49636560556E6765796E6 : DHCPNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - LocalServer32 - <no file>
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=app0202ie&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtDtA0BtAtCyDyBtAyBzztN0D0Tzu0SyBzzyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=868587084&ir=
x64-mSearch Page = hxxp://start.qone8.com/web/?utm_source=b&utm_medium=testyac&utm_campaign=rg&utm_content=ds&from=testyac&uid=ST9320325AS_6VDG2JH5&ts=1383602055&type=default&q={searchTerms}
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = hxxp://start.qone8.com/web/?utm_source=b&utm_medium=testyac&utm_campaign=rg&utm_content=ds&from=testyac&uid=ST9320325AS_6VDG2JH5&ts=1383602055&type=default&q={searchTerms}
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64;{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64;C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [2014-5-3 61120]
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64;{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64;C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [2014-5-4 61120]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-5-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-6 204288]
R2 GorillaPrice;GorillaPrice;C:\Program Files (x86)\GorillaPrice\gorillaprice.exe -service --> C:\Program Files (x86)\GorillaPrice\gorillaprice.exe -service [?]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 WajamUpdaterV3;WajamUpdaterV3;C:\Program Files (x86)\Wajam\Updater\WajamUpdaterV3.exe [2014-3-25 114176]
R2 WatGorp;WatGorp;C:\ProgramData\gorillaprice\WatGorp.exe -service --> C:\ProgramData\gorillaprice\WatGorp.exe -service [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-17 1582144]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-2-15 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S1 SASDIFSV;SASDIFSV;C:\Users\Jorge\AppData\Local\Temp\HBCD\SuperAntiSpyware\sasdifsv.sys [2014-5-9 12872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP Support Assistant Service;HP Support Assistant Service;"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" --> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [?]
S2 WCMVCAM;WebcamMax, WDM Video Capture;C:\Windows\System32\drivers\wcmvcam64.sys [2012-4-15 1071032]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-17 46136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-19 111616]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-26 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-10 03:48:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9700552B-5B40-4438-80E3-B57D023C46D0}\offreg.dll
2014-05-10 02:54:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-05-10 02:51:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-05-10 02:48:59 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9700552B-5B40-4438-80E3-B57D023C46D0}\mpengine.dll
2014-05-07 02:36:00 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-06 22:13:53 465408 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-06 22:13:53 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-05-05 00:52:33 61120 ----a-w- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-05-04 00:52:45 61120 ----a-w- C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-05-03 19:18:23 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-03 19:18:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-03 19:04:22 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-05-03 19:03:02 -------- d-----w- C:\Users\Jorge\AppData\Local\BrowserSafeguard
2014-04-20 18:06:25 -------- d-----w- C:\HP
2014-04-20 16:53:26 -------- d-sh--w- C:\Users\Jorge\AppData\Local\EmieUserList
2014-04-20 16:53:26 -------- d-sh--w- C:\Users\Jorge\AppData\Local\EmieSiteList
2014-04-20 01:36:08 -------- d-----w- C:\Windows\pss
2014-04-20 01:19:37 4096000 ----a-w- C:\Program Files (x86)\GUTBDE3.tmp
2014-04-20 01:19:37 -------- d-----w- C:\Users\Jorge\AppData\Roaming\SUPERAntiSpyware.com
2014-04-20 01:19:37 -------- d-----w- C:\Program Files (x86)\GUMBDE2.tmp
2014-04-20 01:05:28 -------- d-----w- C:\Users\Jorge\AppData\Local\LogMeIn Rescue Applet
2014-04-20 00:53:57 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
.
==================== Find3M  ====================
.
2014-05-04 00:43:56 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-04 00:43:56 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-03 11:01:25 0 ----a-w- C:\Windows\ativpsrm.bin
2014-03-31 13:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 16:08:20.79 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:07 AM

Posted 11 May 2014 - 11:57 AM

Hello,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:07 AM

Posted 13 May 2014 - 09:42 AM

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 Rogue_wolf

Rogue_wolf
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 13 May 2014 - 12:27 PM

Here are my log reports, I am copying & pasting them as you requested.

 

# AdwCleaner v3.208 - Report created 13/05/2014 at 12:38:26
# Updated 11/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jorge - JORGE-HP
# Running from : C:\Users\Jorge\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : qknfd
Service Deleted : WajamUpdaterV3

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\DealPlyLive
Folder Deleted : C:\Program Files (x86)\Flash Player Pro
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\Omiga Plus
Folder Deleted : C:\Program Files (x86)\PC Performer
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\Savepath Deals
Folder Deleted : C:\Program Files (x86)\SaveValet
Folder Deleted : C:\Program Files (x86)\Supreme Savings
Folder Deleted : C:\Program Files (x86)\Systweak Support Dock
Folder Deleted : C:\Program Files (x86)\Video downloader
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\Common Files\337
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Users\Jorge\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\Jorge\AppData\Local\BrowserSafeguard
Folder Deleted : C:\Users\Jorge\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Jorge\AppData\Local\Conduit
Folder Deleted : C:\Users\Jorge\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\Jorge\AppData\Local\iac
Folder Deleted : C:\Users\Jorge\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Jorge\AppData\Local\somoto_v.1
Folder Deleted : C:\Users\Jorge\AppData\Local\Supreme Savings
Folder Deleted : C:\Users\Jorge\AppData\Local\Temp\ConstaSurf
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\iRobinHood
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jorge\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Jorge\AppData\Roaming\337
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jorge\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Desk 365
Folder Deleted : C:\Users\Jorge\AppData\Roaming\DSite
Folder Deleted : C:\Users\Jorge\AppData\Roaming\file scout
Folder Deleted : C:\Users\Jorge\AppData\Roaming\ilividtoolbarguid
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Omiga Plus
Folder Deleted : C:\Users\Jorge\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Jorge\AppData\Roaming\SeeSimilar02
Folder Deleted : C:\Users\Jorge\AppData\Roaming\speedtest4354
Folder Deleted : C:\Users\Jorge\AppData\Roaming\strongvault
Folder Deleted : C:\Users\Jorge\AppData\Roaming\SwvUpdater
Folder Deleted : C:\Users\Jorge\AppData\Roaming\Systweak
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Jorge\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\Jorge\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Windows\Tasks\Dealply.job
File Deleted : C:\Windows\System32\Tasks\Dealply
File Deleted : C:\Windows\System32\Tasks\LaunchApp
File Deleted : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\SMupdate1

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [OKitSpace@OKitSpace.es]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [seesimilar02@SeeSimilar.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [seesimilar02@SeeSimilar.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lbidgdoiglndbjlcnnifemecdhnpeabo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\OKitSpace.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\CLASSES\OKitSpace
Key Deleted : HKLM\SOFTWARE\CLASSES\OKitSpace.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\mconduitinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\strongvaultapp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Supreme Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\supreme savings-bg_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
Key Deleted : HKCU\Software\5f2d7d8b33feb49
Key Deleted : HKCU\Software\9616f8fa3cdd69b46dcb52b0b5f8e3d1
Key Deleted : HKLM\SOFTWARE\5f2d7d8b33feb49
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279412
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3299570
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-youcam_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cyberlink-youcam_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_ares-plus_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_ares-plus_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_smrecorder_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_smrecorder_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater19962.exe]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{90A52F08-64AC-4DC6-9D7D-4516670275D3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122992262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9DF7C087-6F58-2D0E-6BCF-CC77A93B7641}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155995562}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166996662}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440144994462}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93488930-185C-4CED-AFEB-0FD4930F8423}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3061B3C3-8B7F-4DBD-82DF-0B6CE9AA60E8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{30CBDB40-5B21-481B-A09B-F87CEF73F020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3436BC13-C898-4775-B1EA-BA224587010D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88CCA982-C030-4B27-8FBC-201189970FDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{952EEDFD-A98B-4670-9BDD-3634C8846FC1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550155995562}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166996662}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458E-AE16-1C1D8255C28A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\DealPlyLive
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\GOffers
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\Smart Suggestor
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Supreme Savings
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\XingHaoLyrics
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Supreme Savings
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\AedgePerformanceBCN
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BonanzaDealsLive
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DealPlyLive
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\OKitSpace
Key Deleted : HKLM\Software\omigaplusSvc
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\SoftwareUpdater
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\Vittalia
Key Deleted : HKLM\Software\Wajam
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [38035 octets] - [13/05/2014 12:35:09]
AdwCleaner[S0].txt - [32661 octets] - [13/05/2014 12:38:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [32722 octets] ##########

 

JRT log file:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jorge on mar 05/13/2014 at 12:43:07.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] gorillaprice
Successfully deleted: [Service] gorillaprice

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3415476095-3041208136-4132752601-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\spd_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\spd_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\LyricsPal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_130001_1001_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_130001_1001_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\LyricsPal_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_130001_1001_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0577CBF6-1692-4CF5-B689-43637645DC12}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{11094583-3AC7-481D-B36B-B0FEEAC43E10}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3F9A7FFD-0508-4A6C-A85C-9D795DB008E8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7E8FABC2-9CA5-4895-9910-2ABD4DBC6B52}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9C2AA653-ADB0-49F7-A54D-0A8D049F2A03}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AED218A3-3C0D-41F3-93DE-14E990C45316}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9C2AA653-ADB0-49F7-A54D-0A8D049F2A03}

 

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho7454.tmp

 

~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\wiseconvert"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on mar 05/13/2014 at 13:00:13.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

FRST & its "additions" Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by Jorge (administrator) on JORGE-HP on 13-05-2014 13:08:46
Running from C:\Users\Jorge\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\ProgramData\gorillaprice\WatGorp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Vivox) C:\Users\Jorge\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar3.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Vivox Inc.) C:\Users\Jorge\AppData\Local\Vivox\VVS\Current\VivoxVoiceService.exe
(Vivox) C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\Bobsled-Notifier.exe
() C:\Program Files (x86)\gorillaprice\GorillaPrice.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [9616f8fa3cdd69b46dcb52b0b5f8e3d1] => "C:\Users\Jorge\AppData\Local\Temp\LORD.exe" ..
HKLM-x32\...\Run: [YouCam Service] => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKU\S-1-5-21-3415476095-3041208136-4132752601-1001\...\Run: [ares plus] => "C:\Program Files (x86)\Ares Plus\AresPlus.exe" -h
HKU\S-1-5-21-3415476095-3041208136-4132752601-1001\...\Run: [VivoxHDN] => C:\Users\Jorge\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe [34641256 2013-09-13] (Vivox)
HKU\S-1-5-21-3415476095-3041208136-4132752601-1001\...\Run: [9616f8fa3cdd69b46dcb52b0b5f8e3d1] => "C:\Users\Jorge\AppData\Local\Temp\LORD.exe" .. <===== ATTENTION
HKU\S-1-5-21-3415476095-3041208136-4132752601-1001\...\Run: [ares] => "C:\Program Files (x86)\Ares\Ares.exe" -h
HKU\S-1-5-21-3415476095-3041208136-4132752601-1001\...\Run: [Google Update] => C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-06] (Google Inc.)
HKU\S-1-5-21-3415476095-3041208136-4132752601-1001\...\MountPoints2: G - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-3415476095-3041208136-4132752601-1001\...\MountPoints2: {5d79ea49-89bc-11e2-849b-a0b3ccc442c6} - H:\iLinker.exe

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8080
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=app0202ie&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtDtA0BtAtCyDyBtAyBzztN0D0Tzu0SyBzzyBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=868587084&ir=
SearchScopes: HKLM - {9C2AA653-ADB0-49F7-A54D-0A8D049F2A03} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {51A8F00C-939F-4CED-92A3-C87FFEAB28A3 URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1Qzu0EtDtDyC0EyCtDtA0BtAtCyDyBtAyBzztN0D0Tzu0CyCyBtAtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1672153922&ir=
SearchScopes: HKLM-x32 - {7F6A4DAE-6533-4728-D703-2743048CBE1E} URL =
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope F8C4E1E115DA43E997F378C9E27BEFE9 URL = http://www-search.net/search.aspx?s=DAUzadc171637_0_1_tmpue3_0,f27cd57f-f333-47de-aa91-f49efcd20763,&q={searchTerms}
SearchScopes: HKCU - F8C4E1E115DA43E997F378C9E27BEFE9 URL = http://www-search.net/search.aspx?s=DAUzadc171637_0_1_tmpue3_0,f27cd57f-f333-47de-aa91-f49efcd20763,&q={searchTerms}
SearchScopes: HKCU - {0326091D-CAC2-69FB-459A-5650CE8B5CE8} URL = http://www-search.net/search.aspx?s=DAUzadc171637_0_1_tmpue3_0,f27cd57f-f333-47de-aa91-f49efcd20763,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search
SearchScopes: HKCU - {9C2AA653-ADB0-49F7-A54D-0A8D049F2A03} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bobsled by T-Mobile - {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} -  No File
Toolbar: HKCU - No Name - {41524553-2D56-3700-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File
Tcpip\Parameters: [DhcpNameServer] 65.32.5.74 65.32.5.75

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Jorge\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Jorge\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jorge\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jorge\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jorge\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jorge\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-13]
FF HKLM-x32\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Jorge\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test 127 - C:\Users\Jorge\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-10-30]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\Jorge\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test 127 - C:\Users\Jorge\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-10-30]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo [2013-12-08]
CHR Extension: (No Name) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeedhehdfjahfpjhaedmaohbfcdkoolg [2013-12-08]
CHR Extension: (No Name) - C:\Users\Jorge\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncokdgmmjicggolpdppfgbjeaikekhn [2014-04-02]
CHR HKCU\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Jorge\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-28]
CHR HKCU\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Jorge\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-04-10]
CHR HKCU\...\Chrome\Extension: [jeedhehdfjahfpjhaedmaohbfcdkoolg] - C:\Users\Jorge\AppData\Local\CRE\jeedhehdfjahfpjhaedmaohbfcdkoolg.crx [2013-01-20]
CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Jorge\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-09-09]
CHR HKCU\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Jorge\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2013-04-10]
CHR HKCU\...\Chrome\Extension: [mffdcionknddopdmdnloanoafafkmckb] - C:\Program Files (x86)\SaveValet\extension.crx [2013-04-10]
CHR HKCU\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Jorge\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [cbjibcbpmbcabnfnohhgjjmkgkimajko] - C:\Users\Jorge\AppData\Local\CRE\cbjibcbpmbcabnfnohhgjjmkgkimajko.crx [2013-05-28]
CHR HKLM-x32\...\Chrome\Extension: [edfllcfghbogdahicgpcmnmkgpcmdjeo] - C:\Users\Jorge\AppData\Local\CRE\edfllcfghbogdahicgpcmnmkgpcmdjeo.crx [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [iidmoehhpbghchkaogkhmcckhlhebekn] - C:\Program Files (x86)\iRobinHood\iRobinHood Addon\iRobinHoodPartnersVExtension1_42.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [jeedhehdfjahfpjhaedmaohbfcdkoolg] - C:\Users\Jorge\AppData\Local\CRE\jeedhehdfjahfpjhaedmaohbfcdkoolg.crx [2013-01-20]
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Jorge\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [lonndllmbldmmoefheenkmgkencnkdkh] - C:\Users\Jorge\AppData\Local\CRE\lonndllmbldmmoefheenkmgkencnkdkh.crx [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [mmlkabjddkpgkgfhdhpimhcbonapngoh] - C:\Users\Jorge\AppData\Local\CRE\mmlkabjddkpgkgfhdhpimhcbonapngoh.crx [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [oaamoihhikdfenhnamipbnfmmjdfmjbm] - C:\Users\Jorge\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2013-04-10]
CHR HKLM-x32\...\Chrome\Extension: [okbpiomhfjabbhmpfafdnedmgkofgadj] - C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2013-04-10]

==================== Services (Whitelisted) =================

R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [494080 2014-02-06] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WatGorp; C:\ProgramData\gorillaprice\WatGorp.exe [70144 2014-02-06] ()
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

==================== Drivers (Whitelisted) ====================

S1 SASDIFSV; C:\Users\Jorge\AppData\Local\Temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows ® Win 7 DDK provider)
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys [61120 2014-04-24] (StdLib)
R1 {0782648b-1717-4fef-ac58-8cb3ce03adb3}w64; C:\Windows\System32\drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys [61120 2014-04-24] (StdLib)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S1 lsnfd; system32\drivers\lsnfd.sys [X]
S1 SASKUTIL; \??\C:\Users\Jorge\AppData\Local\Temp\HBCD\SuperAntiSpyware\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-13 13:08 - 2014-05-13 13:09 - 00017865 _____ () C:\Users\Jorge\Desktop\FRST.txt
2014-05-13 13:08 - 2014-05-13 13:08 - 00000000 ____D () C:\FRST
2014-05-13 13:07 - 2014-05-13 13:07 - 02066944 _____ (Farbar) C:\Users\Jorge\Desktop\FRST64.exe
2014-05-13 13:00 - 2014-05-13 13:00 - 00004242 _____ () C:\Users\Jorge\Desktop\JRT.txt
2014-05-13 12:43 - 2014-05-13 12:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-13 12:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-13 12:34 - 2014-05-13 12:38 - 00000000 ____D () C:\AdwCleaner
2014-05-13 10:56 - 2014-05-13 10:57 - 00002269 _____ () C:\Users\Jorge\Desktop\instructions 1.txt
2014-05-13 10:52 - 2014-05-13 10:54 - 01016261 _____ (Thisisu) C:\Users\Jorge\Desktop\JRT.exe
2014-05-13 10:51 - 2014-05-13 10:53 - 01325827 _____ () C:\Users\Jorge\Desktop\AdwCleaner.exe
2014-05-10 22:27 - 2014-05-10 22:27 - 00007601 _____ () C:\Users\Jorge\AppData\Local\Resmon.ResmonCfg
2014-05-10 16:08 - 2014-05-10 16:08 - 00017499 _____ () C:\Users\Jorge\Desktop\dds.txt
2014-05-10 16:08 - 2014-05-10 16:08 - 00009666 _____ () C:\Users\Jorge\Desktop\attach.txt
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ___RD () C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-10 16:03 - 2014-05-10 16:03 - 00688992 ____R (Swearware) C:\Users\Jorge\Desktop\dds.com
2014-05-09 23:31 - 2014-05-09 23:31 - 07541552 _____ (PortableApps.com) C:\Users\Jorge\Downloads\ClamWinPortable_0.98.1_English.paf.exe
2014-05-09 22:54 - 2014-05-09 22:54 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-09 22:51 - 2014-05-09 22:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-06 22:36 - 2014-05-06 22:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 18:13 - 2014-04-13 22:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 18:13 - 2014-04-13 22:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 20:52 - 2014-04-24 12:26 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-05-04 20:22 - 2014-05-07 21:29 - 00000102 _____ () C:\Windows\win.ini
2014-05-03 20:52 - 2014-04-24 12:36 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-05-03 15:18 - 2014-04-29 10:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 15:18 - 2014-04-29 09:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 15:18 - 2014-04-29 08:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 15:18 - 2014-04-29 08:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-03 15:05 - 2014-05-03 15:05 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-03 15:05 - 2014-05-03 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-03 15:04 - 2014-05-03 15:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-03 15:02 - 2014-05-07 21:47 - 00000000 ___RD () C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-20 14:06 - 2014-04-20 14:06 - 00000000 ____D () C:\HP
2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 __SHD () C:\Users\Jorge\AppData\Local\EmieUserList
2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 __SHD () C:\Users\Jorge\AppData\Local\EmieSiteList
2014-04-19 21:36 - 2014-04-19 23:10 - 00000000 ____D () C:\Windows\pss
2014-04-19 21:19 - 2014-05-13 12:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 21:19 - 2014-05-13 12:39 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 21:19 - 2014-05-09 23:34 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-19 21:19 - 2014-05-09 23:34 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-19 21:19 - 2014-04-19 21:19 - 04096000 _____ () C:\Program Files (x86)\GUTBDE3.tmp
2014-04-19 21:19 - 2014-04-19 21:19 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\SUPERAntiSpyware.com
2014-04-19 21:19 - 2014-04-19 21:19 - 00000000 ____D () C:\Program Files (x86)\GUMBDE2.tmp
2014-04-19 21:05 - 2014-04-19 21:05 - 00000000 ____D () C:\Users\Jorge\AppData\Local\LogMeIn Rescue Applet
2014-04-19 20:55 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-19 20:55 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-19 20:55 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-19 20:55 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-19 20:54 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-19 20:54 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-19 20:54 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 20:54 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-19 20:54 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-19 20:54 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-19 20:54 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-19 20:54 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-19 20:54 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-19 20:54 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-19 20:54 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-19 20:54 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-19 20:54 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-19 20:54 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-19 20:54 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-19 20:54 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-19 20:54 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-19 20:54 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-19 20:54 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-19 20:54 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-19 20:54 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-19 20:54 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-19 20:54 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-19 20:54 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-19 20:54 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-19 20:54 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-19 20:54 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-19 20:54 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-19 20:54 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-19 20:54 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-19 20:54 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-19 20:54 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-19 20:54 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-19 20:54 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-19 20:54 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-19 20:54 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-19 20:54 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-19 20:54 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-19 20:54 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 20:53 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

==================== One Month Modified Files and Folders =======

2014-05-13 13:09 - 2014-05-13 13:08 - 00017865 _____ () C:\Users\Jorge\Desktop\FRST.txt
2014-05-13 13:08 - 2014-05-13 13:08 - 00000000 ____D () C:\FRST
2014-05-13 13:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2014-05-13 13:07 - 2014-05-13 13:07 - 02066944 _____ (Farbar) C:\Users\Jorge\Desktop\FRST64.exe
2014-05-13 13:03 - 2013-10-09 21:08 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-05-13 13:03 - 2012-05-17 23:14 - 02020813 _____ () C:\Windows\WindowsUpdate.log
2014-05-13 13:00 - 2014-05-13 13:00 - 00004242 _____ () C:\Users\Jorge\Desktop\JRT.txt
2014-05-13 12:57 - 2014-04-06 13:45 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001UA.job
2014-05-13 12:47 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-13 12:47 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-13 12:43 - 2014-05-13 12:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-13 12:43 - 2013-08-31 16:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-13 12:40 - 2014-04-19 21:19 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-13 12:40 - 2014-04-03 07:01 - 00007160 _____ () C:\Windows\setupact.log
2014-05-13 12:40 - 2014-04-03 07:01 - 00004806 _____ () C:\Windows\PFRO.log
2014-05-13 12:40 - 2014-01-16 14:37 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-05-13 12:40 - 2013-01-22 21:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-05-13 12:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-13 12:39 - 2014-04-19 21:19 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-13 12:38 - 2014-05-13 12:34 - 00000000 ____D () C:\AdwCleaner
2014-05-13 10:57 - 2014-05-13 10:56 - 00002269 _____ () C:\Users\Jorge\Desktop\instructions 1.txt
2014-05-13 10:54 - 2014-05-13 10:52 - 01016261 _____ (Thisisu) C:\Users\Jorge\Desktop\JRT.exe
2014-05-13 10:53 - 2014-05-13 10:51 - 01325827 _____ () C:\Users\Jorge\Desktop\AdwCleaner.exe
2014-05-13 09:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-13 09:31 - 2012-09-22 16:38 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F95DDC92-C172-4265-9E12-B64BE0D0BA6D}
2014-05-13 09:28 - 2012-10-28 11:31 - 00000000 ____D () C:\Users\Jorge\AppData\Local\CrashDumps
2014-05-11 09:25 - 2009-07-14 01:13 - 00006230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-10 22:27 - 2014-05-10 22:27 - 00007601 _____ () C:\Users\Jorge\AppData\Local\Resmon.ResmonCfg
2014-05-10 16:08 - 2014-05-10 16:08 - 00017499 _____ () C:\Users\Jorge\Desktop\dds.txt
2014-05-10 16:08 - 2014-05-10 16:08 - 00009666 _____ () C:\Users\Jorge\Desktop\attach.txt
2014-05-10 16:07 - 2014-05-10 16:07 - 00000000 ___RD () C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-10 16:03 - 2014-05-10 16:03 - 00688992 ____R (Swearware) C:\Users\Jorge\Desktop\dds.com
2014-05-09 23:34 - 2014-04-19 21:19 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 23:34 - 2014-04-19 21:19 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 23:31 - 2014-05-09 23:31 - 07541552 _____ (PortableApps.com) C:\Users\Jorge\Downloads\ClamWinPortable_0.98.1_English.paf.exe
2014-05-09 22:57 - 2014-04-06 13:45 - 00000994 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001Core.job
2014-05-09 22:54 - 2014-05-09 22:54 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-05-09 22:52 - 2014-05-09 22:51 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-09 22:52 - 2014-04-06 13:45 - 00004020 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001UA
2014-05-09 22:52 - 2014-04-06 13:45 - 00003624 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001Core
2014-05-09 22:46 - 2013-11-05 20:08 - 00000000 ____D () C:\Program Files (x86)\Ares
2014-05-07 21:47 - 2014-05-03 15:02 - 00000000 ___RD () C:\Users\Jorge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-07 21:29 - 2014-05-04 20:22 - 00000102 _____ () C:\Windows\win.ini
2014-05-06 22:36 - 2014-05-06 22:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 22:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-05-03 20:44 - 2013-08-31 16:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-03 20:43 - 2013-08-31 16:36 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-03 20:43 - 2013-08-31 16:36 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-03 15:05 - 2014-05-03 15:05 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-03 15:05 - 2014-05-03 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-03 15:04 - 2014-05-03 15:04 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-01 17:08 - 2013-04-26 12:47 - 00013312 ___SH () C:\Users\Jorge\Documents\Thumbs.db
2014-05-01 16:13 - 2013-09-15 18:51 - 00000000 ____D () C:\84fac78f309f4cdd1782449978
2014-05-01 15:56 - 2013-05-15 20:53 - 00000000 ____D () C:\Users\Jorge\AppData\Local\Vivox
2014-05-01 15:56 - 2012-12-28 21:17 - 00000000 ____D () C:\Users\Jorge\Desktop\My Shared Folder
2014-04-29 16:51 - 2013-08-30 19:25 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\Mozilla
2014-04-29 10:01 - 2014-05-03 15:18 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 09:40 - 2014-05-03 15:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 08:48 - 2014-05-03 15:18 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 08:34 - 2014-05-03 15:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 12:36 - 2014-05-03 20:52 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}Gw64.sys
2014-04-24 12:26 - 2014-05-04 20:52 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{0782648b-1717-4fef-ac58-8cb3ce03adb3}w64.sys
2014-04-23 19:44 - 2013-09-24 15:13 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3415476095-3041208136-4132752601-1001
2014-04-23 19:44 - 2013-09-24 15:13 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3415476095-3041208136-4132752601-1001
2014-04-20 14:06 - 2014-04-20 14:06 - 00000000 ____D () C:\HP
2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 __SHD () C:\Users\Jorge\AppData\Local\EmieUserList
2014-04-20 12:53 - 2014-04-20 12:53 - 00000000 __SHD () C:\Users\Jorge\AppData\Local\EmieSiteList
2014-04-20 12:50 - 2013-07-06 22:44 - 00000000 ____D () C:\Users\Jorge\Desktop\New folder
2014-04-20 12:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-19 23:21 - 2012-09-22 16:35 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\hpqlog
2014-04-19 23:10 - 2014-04-19 21:36 - 00000000 ____D () C:\Windows\pss
2014-04-19 21:19 - 2014-04-19 21:19 - 04096000 _____ () C:\Program Files (x86)\GUTBDE3.tmp
2014-04-19 21:19 - 2014-04-19 21:19 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\SUPERAntiSpyware.com
2014-04-19 21:19 - 2014-04-19 21:19 - 00000000 ____D () C:\Program Files (x86)\GUMBDE2.tmp
2014-04-19 21:19 - 2012-09-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-19 21:05 - 2014-04-19 21:05 - 00000000 ____D () C:\Users\Jorge\AppData\Local\LogMeIn Rescue Applet
2014-04-16 13:20 - 2014-04-02 13:13 - 00004096 ___SH () C:\Users\Jorge\Desktop\Thumbs.db
2014-04-15 22:48 - 2012-09-22 22:59 - 00000000 ____D () C:\Users\Jorge\AppData\Local\PokerStars.NET
2014-04-13 22:27 - 2013-04-29 19:41 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-13 22:27 - 2012-12-26 21:21 - 00000000 ____D () C:\Users\Jorge\AppData\Roaming\Skype
2014-04-13 22:27 - 2011-10-14 16:58 - 00000000 ____D () C:\ProgramData\Skype
2014-04-13 22:24 - 2014-05-06 18:13 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 22:19 - 2014-05-06 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2940.dll

Some content of TEMP:
====================
C:\Users\Jorge\AppData\Local\Temp\DC.exe
C:\Users\Jorge\AppData\Local\Temp\MotoCast_Installer_2.0031.exe
C:\Users\Jorge\AppData\Local\Temp\MP.exe
C:\Users\Jorge\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-06 19:37

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01
Ran by Jorge at 2014-05-13 13:10:50
Running from C:\Users\Jorge\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BovadaPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

01-04-2014 20:48:22 Windows Update
03-04-2014 01:06:48 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
04-04-2014 00:34:37 Windows Backup
07-04-2014 01:27:09 Windows Backup
08-04-2014 11:11:13 Windows Update
09-04-2014 19:44:24 Windows Update
10-04-2014 20:29:52 Windows Update
14-04-2014 02:26:33 Removed Skype™ 5.5
14-04-2014 02:35:19 Windows Backup
15-04-2014 23:46:44 Windows Update
20-04-2014 00:52:12 Windows Update
20-04-2014 16:38:12 Windows Update
21-04-2014 02:08:57 Windows Backup
27-04-2014 02:46:35 Windows Update
01-05-2014 02:01:18 Windows Backup
03-05-2014 18:13:30 Windows Update
03-05-2014 19:17:30 Windows Update
05-05-2014 00:31:21 Windows Backup
05-05-2014 02:20:18 Windows Update
07-05-2014 02:34:34 Windows Update
08-05-2014 01:48:53 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
10-05-2014 02:47:20 Windows Update
13-05-2014 13:33:31 Windows Backup

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0A1FBF31-0F05-4B5F-ABAB-0C6DAC6706B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {0FBFEBB6-68AB-445F-8675-A9A6D4226EFD} - System32\Tasks\{F8852C28-309D-4FBF-A9F0-C0E9641BF1A2} => Iexplore.exe http://ui.skype.com/ui/0/6.1.0.129/es/go/help.faq.installer?LastError=1618
Task: {19AFB04A-3C04-4F99-BAA3-9EDA44C96ED5} - System32\Tasks\Test TimeTrigger => C:\Users\Jorge\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {330E06DA-4B9B-4CFF-ADCA-83A055E33B19} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3415476095-3041208136-4132752601-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3C79256A-29DC-4AEA-87BB-741E2A90B6B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {3CD8B15D-69FB-43FD-9CDC-9B896479E9E6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3415476095-3041208136-4132752601-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3D80B0C7-09EC-4802-8C6B-AC09C03A4CE5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3415476095-3041208136-4132752601-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4751CD40-4752-4E56-AF86-C4BE8FCB2C5B} - System32\Tasks\{925E8AD1-B238-4B91-973D-8EDD6A2A7661} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {518E8769-AA65-4D33-965C-6796540DEE2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {53424D33-8E4C-46AC-ADA4-8EEB93451A5A} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {55AA8C11-C9C3-478D-BEE0-ED003A226868} - \Dealply No Task File <==== ATTENTION
Task: {5D9504F7-46C0-4E8A-A264-9A53036E750A} - System32\Tasks\{42B0B288-B0E9-4653-91B7-97B600B6FB02} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {607063AC-0A07-4F51-A9E1-A0AB6B4279D4} - System32\Tasks\{390D46AA-6FAF-4E91-B4FB-D0C2D8014B22} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {676B42CB-17DD-4E93-81E3-331ECAB3F672} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {72AA50A4-1122-488D-8FA3-911FC6612A70} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {73286825-12C3-4BCB-AB74-D663A4CE9D32} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3415476095-3041208136-4132752601-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {76B397F6-44E9-47BF-BBA1-8FB310B416C4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001UA => C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)
Task: {7D78144A-C11E-419F-A38B-714D6785B410} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3415476095-3041208136-4132752601-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {93DD0F23-C51E-4631-975D-4A7D1A5C89EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001Core => C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-06] (Google Inc.)
Task: {9A11B435-611C-46BC-A5BF-27B5F4BDE3D5} - System32\Tasks\{671AA0AD-112B-4C65-990C-52429F6314FB} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {9A678CAD-302C-4D25-B92A-0C054AC7F5A6} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2
Task: {9C0D8788-9795-46F5-916C-49631B25198B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3415476095-3041208136-4132752601-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B462B324-652C-4664-809F-8AB6A7711182} - \LaunchApp No Task File <==== ATTENTION
Task: {B91B2EE2-4AC7-4158-ACEB-1651C5B15D44} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3415476095-3041208136-4132752601-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {BE17B892-16A6-427F-9C1B-2B9C9819BA36} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C0126FFE-5969-4AA3-9FD9-7743D74EABC2} - System32\Tasks\{C3642CD0-0B4B-4898-B52E-3A4B4CE56063} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {C4DA66A1-99FD-4D1F-9039-1617D090D037} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C7605C61-27BC-4B3D-9FA5-3851A2529BA0} - System32\Tasks\4684 => Wscript.exe C:\Users\Jorge\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {CDDAFFF7-2840-47F7-B7B0-FCD892C540BD} - System32\Tasks\{1B2B8817-DAFF-4B07-8BC5-39D80973E353} => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
Task: {D2754072-9FDD-4676-A55D-CD74CC904E55} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {DC7F7F3C-37E5-432F-92B6-0DAD0FCBB99F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-19] (Google Inc.)
Task: {E5BBE2CA-9152-4A2C-998A-E20C9E4D6DA0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-03] (Adobe Systems Incorporated)
Task: {ECE28907-3B63-4317-B633-B247EB4682DE} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: {F4AB4817-721B-4B4B-9B08-E3AE79D82E4B} - \SMupdate1 No Task File <==== ATTENTION
Task: {FF1E14AF-6DC6-4256-94EF-A63EB79D0C7B} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001Core.job => C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3415476095-3041208136-4132752601-1001UA.job => C:\Users\Jorge\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-06 13:28 - 2014-02-06 13:28 - 00070144 _____ () C:\ProgramData\gorillaprice\WatGorp.exe
2011-09-30 13:40 - 2011-09-30 13:40 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2014-02-06 14:40 - 2014-02-06 14:40 - 00494080 _____ () C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00276840 _____ () C:\Users\Jorge\AppData\Local\Vivox\VVS\Current\ortp.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00110440 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\jsoncpp_qt.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00276840 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\ortp.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 02479464 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtDeclarative4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 01344872 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtScript4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 02307432 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtCore4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00201064 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtSql4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 02651496 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtXmlPatterns4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00990056 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtNetwork4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 08344936 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtGui4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00275304 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\phonon4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00362856 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtXml4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00916840 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\qxmpp.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00203112 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\phonon_backend\phonon_ds94.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00031592 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\imageformats\qgif4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00034152 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\imageformats\qico4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00205672 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\imageformats\qjpeg4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00227688 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\imageformats\qmng4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00026472 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\imageformats\qsvg4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00285544 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtSvg4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00292200 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\imageformats\qtiff4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00051560 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\bearer\qgenericbearer4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00054120 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\bearer\qnativewifibearer4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00058368 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtWebKit\qmlwebkitplugin.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 11183976 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\QtWebKit4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00146280 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\codecs\qcncodecs4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00172904 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\codecs\qjpcodecs4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00082792 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\codecs\qkrcodecs4.dll
2013-09-13 15:34 - 2013-09-13 15:34 - 00160616 _____ () C:\Users\Jorge\AppData\Local\Vivox\BSN\Current\codecs\qtwcodecs4.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Jorge\Documents\Afterhours Drivers Contact.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: lsnfd
Description: lsnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lsnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (05/13/2014 01:03:55 PM) (Source: ipnathlp) (User: ) (EventID: 30013)
Description: 10.8.132.204192.168.137.0255.255.255.0

Error: (05/13/2014 01:03:55 PM) (Source: ipnathlp) (User: ) (EventID: 1233)
Description:

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 1642.91 MB
Available physical RAM: 812.06 MB
Total Pagefile: 3285.81 MB
Available Pagefile: 2234.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:274.54 GB) (Free:228.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.39 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:0.01 GB) FAT32
Drive f: (HBCD) (CDROM) (Total:1.22 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 27F7617E)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=275 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================



#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:07 AM

Posted 14 May 2014 - 06:00 PM

Hello,

Google Chrome has been infected so bad I think you should uninstall it and reinstall it. Make sure if it ask to delete personal settings you do.

 

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   4.83KB   8 downloads

 

2.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

3.

Please run Frst as you did the first time you did and post the FRST log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:07 AM

Posted 16 May 2014 - 07:42 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:07 AM

Posted 21 May 2014 - 05:39 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users