Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove Shopper PRO, YT Downloader, x86 from PC


  • Please log in to reply
5 replies to this topic

#1 rbzo

rbzo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 11 October 2014 - 02:06 AM

Help!

 

I have another PC infected with this junk.

 

Since Nasdaq has assisted me with a similar post, I have already run ADW Cleaner and Farbar.

 

This has deleted much of the problem, yet I notice that Malwarebytes is still blocking malicious sites (x86)

related to this infection.

 

Here are the logs from these scans: 

 

# AdwCleaner v3.311 - Report created 04/10/2014 at 16:55:30
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rebeca ****** 
# Running from : C:\Users\Rebeca ******\Downloads\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : BackupStack
Service Found : sbmntr
Service Found : SPBIUpdd
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\sh5iuo8y.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\aps.scan.quick.results
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\aps.scan.results
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\searchplugins\Askcom.xml
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\searchplugins\bingp.xml
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\user.js
File Found : C:\Users\Rebeca Lainez\Desktop\AnyProtect.lnk
File Found : C:\Users\Rebeca Lainez\Desktop\Continue Live Installation.lnk
File Found : C:\Users\Rebeca Lainez\Desktop\MyPC Backup.lnk
File Found : C:\Users\Rebeca Lainez\Desktop\Sync Folder.lnk
Folder Found : C:\Program Files (x86)\AnyProtectEx
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\YTDownloader
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\Users\Guest\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\sh5iuo8y.default\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\Astromenda
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\ConvertAd
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\globalUpdate
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\Rebeca Lainez\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\ap_logs
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Babylon
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\DSite
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Systweak
Folder Found : C:\Users\REBECA~1\AppData\Local\Temp\mt_ffx
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
 
***** [ Scheduled Tasks ] *****
 
Task Found : advanced-System Protector_startup
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : Digital Sites
Task Found : DSite
Task Found : LaunchSignup
Task Found : RegClean Pro
Task Found : Scheduled Update for Ask Toolbar
Task Found : ShopperPro
Task Found : ShopperProJSUpd
Task Found : Smp
Task Found : SMupdate1
Task Found : SPDriver
Task Found : YTDownloader
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=2 )
Shortcut Found : C:\Users\Rebeca Lainez\Desktop\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Object Browser
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BRS
Key Found : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\ShopperPro
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\BRS
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Babylon
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\ShopperPro
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\iWebar-nv
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Found : HKLM\SOFTWARE\ShopperPro
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\iWebar-nv
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\sh5iuo8y.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
[ File : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
Line Found : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Line Found : user_pref("extensions.BabylonToolbar.instlday", "15612");
Line Found : user_pref("extensions.BabylonToolbar.instlref", "sst");
Line Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
Line Found : user_pref("extensions.BabylonToolbar.srcext", "ss");
Line Found : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=28b56ab9000000000000ac7289a50c13&q=");
Line Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1222:36:28");
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A757210%2C%22ver%22%3A1%2C%22status[...]
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_queue.value", "%7B%22jquery.base64.js%22%3A%7B%22id%22%3A757211%2C%22ver%22%3A1%2C%22st[...]
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_resource_757219.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29[...]
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%2[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Found : user_pref("extensions.asktb.cbid", "TV");
Line Found : user_pref("extensions.asktb.config-updated", true);
Line Found : user_pref("extensions.asktb.crumb", "2012.04.23+10.55.06-toolbar010iad-US-VmFsbGVqbyxDQSxVbml0ZWQgU3RhdGVz");
Line Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&gct=bar");
Line Found : user_pref("extensions.asktb.displaybehavior", "");
Line Found : user_pref("extensions.asktb.displaytext", "");
Line Found : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Line Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USCA1184");
Line Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Found : user_pref("extensions.asktb.fresh-install", false);
Line Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Found : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Found : user_pref("extensions.asktb.l", "dis");
Line Found : user_pref("extensions.asktb.last-config-req", "1412461649314");
Line Found : user_pref("extensions.asktb.last-search-timestamp", "1369699401950");
Line Found : user_pref("extensions.asktb.last-v", "3.14.1.100009");
Line Found : user_pref("extensions.asktb.locale", "en_US");
Line Found : user_pref("extensions.asktb.location", "Vallejo,CA,United States");
Line Found : user_pref("extensions.asktb.lstation", "");
Line Found : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Found : user_pref("extensions.asktb.news-native-on", true);
Line Found : user_pref("extensions.asktb.o", "100000031");
Line Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Found : user_pref("extensions.asktb.pstate", "");
Line Found : user_pref("extensions.asktb.qsrc", "2871");
Line Found : user_pref("extensions.asktb.r", "20");
Line Found : user_pref("extensions.asktb.search-history-queries", "classic vintage wedding shower decorations||ticori||tiffany and co||tacori||tacori rings||walgreens weekly ad||hotmail.com||nba.com||ava sofa manu[...]
Line Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
Line Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Found : user_pref("extensions.asktb.socialmini-first", true);
Line Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Found : user_pref("extensions.asktb.socialmini-native-on", true);
Line Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Line Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Found : user_pref("extensions.asktb.to", "");
Line Found : user_pref("extensions.asktb.v", "3.14.1.100013");
Line Found : user_pref("extensions.asktb.volume", "");
Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1[...]
Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDy[...]
Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzyt[...]
Line Found : user_pref("extensions.enabledAddons", "sbzjysqzqc%40sbzjysqzqc.org:2.9.2.1,toolbar%40ask.com:3.14.1.100013,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1");
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110790&tt=270912_nocpc_3912_4&babsrc=SP_ss&mntrId=28b56ab9000000000000ac7289a50c13
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0DtCzzyDyD0BtGyByDyByDtG0AtAtAzztGtB0DyE0DtGyC0AtB0BzztC0Ezy0CtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyByB0EzztBzztGtB0FzzyEtGyEyEzzyEtG0A0EtBtCtGtAyCtA0FzytA0A0D0EyBzzzz2Q&cr=1820919865&ir=
Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&q={searchTerms}
Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [30725 octets] - [04/10/2014 16:55:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [30786 octets] ##########
 
And FarBar:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Rebeca Lainez (administrator) on REBECALAINEZ-HP on 04-10-2014 17:24:52
Running from C:\Users\Rebeca Lainez\Downloads
Loaded Profile: Rebeca Lainez (Available profiles: Rebeca Lainez & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(TLC Education Properties LLC) C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-02-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-02-05] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2012-02-05] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Rebeca Lainez\AppData\Local\ConvertAd\ConvertAd.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [KRworks] => regsvr32.exe "C:\Users\Rebeca Lainez\AppData\Local\KRworks\pjcalendar.ocx" <===== ATTENTION
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Rebeca Lainez\AppData\Local\Temp\stmqkvu\sxtpscp\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MiniMavis.lnk
ShortcutTarget: MiniMavis.lnk -> C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe (TLC Education Properties LLC)
Startup: C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:13923;https=127.0.0.1:13923
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-24]
FF Extension: Video Downloader - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\sbzjysqzqc@sbzjysqzqc.org.xpi [2013-04-18]
FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [2014-09-15]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-02-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2011-12-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2014-10-04]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-23]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\extensions\toolbar@ask.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Simple Pass 2011) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Babylon ToolBar) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2012-10-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-17]
CHR Extension: (Search) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-17]
CHR Extension: (Google Wallet) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2012-02-05] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-04] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120126.003\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120127.019\ENG64.SYS [117880 2011-12-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120127.019\EX64.SYS [2048632 2011-12-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\REBECA~1\AppData\Local\Temp\ALSysIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 17:24 - 2014-10-04 17:25 - 00028351 _____ () C:\Users\Rebeca Lainez\Downloads\FRST.txt
2014-10-04 17:24 - 2014-10-04 17:24 - 02109440 _____ (Farbar) C:\Users\Rebeca Lainez\Downloads\FRST64.exe
2014-10-04 17:24 - 2014-10-04 17:24 - 00000000 ____D () C:\FRST
2014-10-04 17:08 - 2014-10-04 17:08 - 00000000 ____D () C:\Users\Rebeca Lainez\Desktop\Anti Virus
2014-10-04 17:03 - 2014-10-04 17:03 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-10-04 17:02 - 2014-10-04 17:03 - 00000000 ____D () C:\AdwCleaner
2014-10-04 16:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-04 16:55 - 2014-10-04 16:56 - 00000000 ____D () C:\Users\Rebeca Lainez\Desktop\AdwCleaner
2014-10-04 15:37 - 2014-10-04 17:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 15:36 - 2014-10-04 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-04 15:36 - 2014-10-04 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-04 15:36 - 2014-10-04 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-04 15:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-04 15:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 15:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-04 15:31 - 2014-10-04 15:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rebeca Lainez\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-01 21:29 - 2014-10-01 21:29 - 00002221 _____ () C:\Users\Rebeca Lainez\Desktop\HP Support Assistant.lnk
2014-10-01 21:29 - 2014-10-01 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-10-01 21:25 - 2014-10-01 21:25 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-09-30 12:35 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 12:35 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 12:35 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-30 12:35 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 20:41 - 2014-09-24 20:41 - 00001332 _____ () C:\Users\Rebeca Lainez\Desktop\Clean Registry for Free!.lnk
2014-09-15 23:50 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 23:50 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 23:50 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 23:50 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 23:50 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-15 23:50 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 23:50 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 23:50 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 23:50 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 23:50 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 23:50 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 23:50 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 23:50 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 23:50 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 23:50 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 23:50 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 23:50 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 23:50 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 23:50 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 23:50 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 23:50 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 23:50 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 23:50 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 23:50 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 23:50 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 23:50 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 23:50 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-15 23:50 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 23:50 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 23:50 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 23:50 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 23:50 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 23:50 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 23:50 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-15 23:50 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-15 23:50 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 23:50 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 23:50 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 23:50 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 23:50 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 23:50 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 23:50 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 23:50 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 23:50 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 23:50 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 23:50 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 23:50 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 23:50 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 23:50 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 23:50 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 23:50 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-15 23:50 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 23:50 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 23:50 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 23:50 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 23:50 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 23:47 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 23:47 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-15 23:28 - 2014-09-15 23:28 - 00632808 _____ (ClickMeIn Limited) C:\Users\Rebeca Lainez\AppData\Local\nst2C91.tmp
2014-09-15 22:33 - 2014-09-15 22:33 - 00617369 _____ (ClickMeIn Limited) C:\Users\Rebeca Lainez\AppData\Local\nsy8A78.tmp
2014-09-15 22:27 - 2014-09-15 22:27 - 00000000 ____D () C:\Program Files\TermTutor
2014-09-15 22:26 - 2014-09-15 22:26 - 00000271 _____ () C:\Users\Rebeca Lainez\Desktop\Cut the Rope.url
2014-09-15 22:17 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-15 22:17 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-15 22:17 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-15 22:17 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-15 22:17 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-15 22:16 - 2014-09-15 22:16 - 00003602 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-15 22:16 - 2014-09-15 22:16 - 00001953 _____ () C:\Users\Rebeca Lainez\Desktop\YTDownloader.lnk
2014-09-15 22:14 - 2014-10-04 17:06 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-15 22:14 - 2014-09-15 22:14 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Local\CrashRpt
2014-09-15 22:12 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-15 22:12 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-15 21:57 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-15 21:57 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-15 21:47 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 21:47 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 20:42 - 2014-10-01 21:32 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForRebeca Lainez.job
2014-09-15 20:42 - 2014-10-01 21:29 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRebeca Lainez
2014-09-15 16:10 - 2014-09-15 16:10 - 00001010 _____ () C:\Users\Rebeca Lainez\Desktop\MX410 series - Shortcut.lnk
2014-09-07 11:33 - 2014-09-07 11:33 - 00000000 __SHD () C:\Users\Rebeca Lainez\AppData\Local\EmieUserList
2014-09-07 11:33 - 2014-09-07 11:33 - 00000000 __SHD () C:\Users\Rebeca Lainez\AppData\Local\EmieSiteList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 17:19 - 2011-09-18 16:16 - 01959493 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 17:16 - 2012-10-17 21:38 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 17:15 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 17:15 - 2009-07-13 21:51 - 00096307 _____ () C:\Windows\setupact.log
2014-10-04 17:14 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 17:14 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 17:09 - 2012-04-20 15:33 - 00001436 _____ () C:\Users\Rebeca Lainez\Desktop\Google Chrome.lnk
2014-10-04 17:05 - 2010-11-20 20:47 - 00407876 _____ () C:\Windows\PFRO.log
2014-10-04 17:03 - 2012-10-17 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-04 17:03 - 2011-12-20 23:39 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-04 17:03 - 2011-12-20 23:39 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-04 17:03 - 2011-12-01 21:53 - 00001005 _____ () C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-04 17:01 - 2012-07-23 13:15 - 00000272 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-10-04 16:44 - 2012-09-04 22:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 16:15 - 2012-10-17 21:38 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 16:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2014-10-04 15:28 - 2011-12-01 21:53 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8BDFEC9B-6EBC-4EFF-8C19-4610DE4EC0C9}
2014-10-04 15:27 - 2013-09-14 17:49 - 00000199 _____ () C:\Users\Rebeca Lainez\AppData\Roaming\WB.CFG
2014-10-01 21:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-10-01 21:27 - 2011-06-21 12:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-01 21:26 - 2011-06-21 12:29 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-01 21:24 - 2011-06-21 12:38 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-01 21:24 - 2011-06-21 12:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-01 21:23 - 2011-02-10 12:23 - 00000000 ____D () C:\SWSetup
2014-10-01 21:12 - 2011-12-12 14:25 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Local\CrashDumps
2014-10-01 19:30 - 2011-12-24 22:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-01 19:30 - 2011-12-04 20:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-30 13:05 - 2011-12-04 20:36 - 00000000 ____D () C:\Users\Guest
2014-09-30 13:05 - 2011-12-01 21:45 - 00000000 ____D () C:\Users\Rebeca Lainez
2014-09-30 13:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-09-30 13:04 - 2013-01-03 16:10 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-30 13:04 - 2011-09-18 16:27 - 00000000 ____D () C:\ProgramData\Norton
2014-09-30 13:04 - 2011-06-21 12:37 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-09-30 13:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-09-24 20:33 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 16:44 - 2012-09-04 22:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 16:44 - 2012-09-04 22:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 16:44 - 2011-12-24 22:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-21 21:56 - 2014-03-05 22:51 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Roaming\Ogigbo
2014-09-19 12:20 - 2013-01-03 16:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 20:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 23:49 - 2011-12-02 11:09 - 00776014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-15 23:47 - 2014-08-30 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-15 23:24 - 2012-04-25 11:15 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Local\Windows Live
2014-09-15 22:27 - 2014-02-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 22:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-15 22:14 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-15 22:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-07 11:29 - 2013-03-17 15:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-07 11:29 - 2013-03-17 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-07 11:29 - 2009-07-13 21:45 - 00293408 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Alureon:
C:\Users\Rebeca Lainez\AppData\Local\Temp\stmqkvu\sxtpscp\wow.dll
 
Some content of TEMP:
====================
C:\Users\Rebeca Lainez\AppData\Local\Temp\ahsomubhh.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\ApnStub.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\AskSLib.dll
C:\Users\Rebeca Lainez\AppData\Local\Temp\BackupSetup.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\converter.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\Extract.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\install_reader11_en_mssa_aih.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\post1.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\post2.dll
C:\Users\Rebeca Lainez\AppData\Local\Temp\post2.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\Quarantine.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\Resource.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\sp54373.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP54841.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP54900.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55094.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55101.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55102.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55104.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55107.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55138.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55151.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55152.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\sp58915.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\sp64126.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\UninstallHPTCA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-11-20 19:33
 
==================== End Of Log ============================
 
 
I await your recommendations. Thank you.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 11 October 2014 - 07:21 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    If not already done run the AdwCleaner tool and Clean everything that has been found.

    ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

    start
    
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
    HKLM-x32\...\Run: [ConvertAd] => C:\Users\Rebeca Lainez\AppData\Local\ConvertAd\ConvertAd.exe
    HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [KRworks] => regsvr32.exe "C:\Users\Rebeca Lainez\AppData\Local\KRworks\pjcalendar.ocx" <===== ATTENTION
    HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
    HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Rebeca Lainez\AppData\Local\Temp\stmqkvu\sxtpscp\wow.dll ATTENTION! ====> ZeroAccess?
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    SearchScopes: HKCU - {92E782E2-E1B0-46B3-9E6C-85E6AF1ADDE8} URL = http://search.babylon.com/?q={searchTerms}&affID=110790&tt=270912_nocpc_3912_4&babsrc=SP_ss&mntrId=28b56ab9000000000000ac7289a50c13
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF Extension: Video Downloader - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\sbzjysqzqc@sbzjysqzqc.org.xpi [2013-04-18]
    FF Extension: No Name - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\extensions\toolbar@ask.com [Not Found]
    CHR DefaultSuggestURL: Default -> http://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
    CHR Plugin: (Babylon ToolBar) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
    S3 ALSysIO; \??\C:\Users\REBECA~1\AppData\Local\Temp\ALSysIO64.sys [X]
    Task: {054073E9-291B-4C9D-99F4-08A356811BE3} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {096CE6B0-B8C2-4312-A85B-8D798E7EBBF5} - \SMW_UpdateTask_Time_323939383938373931372d2a5b45342d4134455b5a326c No Task File <==== ATTENTION
    Task: {715ACDB4-5A06-4B2A-B8DC-4F3A737F7C09} - \SPBIW_UpdateTask_Time_323939383938373931372d2a5b45342d4134455b5a326c No Task File <==== ATTENTION
    Task: {8FD96646-F4E2-4F45-9639-9BFF6C7B5A43} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
    Task: {9F7AA766-1D18-4DCE-81F7-F5CBE3AA1F29} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    C:\Users\Rebeca Lainez\AppData\Local\ConvertAd
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===

    Download and run this tool.


    --RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • =======


    How is the computer running now?


#3 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 12 October 2014 - 12:50 AM

Here's the FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-10-2014 01
Ran by Rebeca Lainez at 2014-10-11 22:10:13 Run:1
Running from C:\Users\Rebeca Lainez\Desktop\Anti Virus\FRST
Loaded Profile: Rebeca Lainez (Available profiles: Rebeca Lainez & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Rebeca Lainez\AppData\Local\ConvertAd\ConvertAd.exe
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [KRworks] => regsvr32.exe "C:\Users\Rebeca Lainez\AppData\Local\KRworks\pjcalendar.ocx" <===== ATTENTION
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Rebeca Lainez\AppData\Local\Temp\stmqkvu\sxtpscp\wow.dll ATTENTION! ====> ZeroAccess?
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: Video Downloader - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\sbzjysqzqc@sbzjysqzqc.org.xpi [2013-04-18]
FF Extension: No Name - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\extensions\toolbar@ask.com [Not Found]
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Babylon ToolBar) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
S3 ALSysIO; \??\C:\Users\REBECA~1\AppData\Local\Temp\ALSysIO64.sys [X]
Task: {054073E9-291B-4C9D-99F4-08A356811BE3} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {096CE6B0-B8C2-4312-A85B-8D798E7EBBF5} - \SMW_UpdateTask_Time_323939383938373931372d2a5b45342d4134455b5a326c No Task File <==== ATTENTION
Task: {715ACDB4-5A06-4B2A-B8DC-4F3A737F7C09} - \SPBIW_UpdateTask_Time_323939383938373931372d2a5b45342d4134455b5a326c No Task File <==== ATTENTION
Task: {8FD96646-F4E2-4F45-9639-9BFF6C7B5A43} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {9F7AA766-1D18-4DCE-81F7-F5CBE3AA1F29} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
C:\Users\Rebeca Lainez\AppData\Local\ConvertAd
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ConvertAd => Value not found.
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KRworks => value deleted successfully.
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
"HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92E782E2-E1B0-46B3-9E6C-85E6AF1ADDE8}" => Key deleted successfully.
"HKCR\CLSID\{92E782E2-E1B0-46B3-9E6C-85E6AF1ADDE8}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.
C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\sbzjysqzqc@sbzjysqzqc.org.xpi not found.
C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\extensions\toolbar@ask.com not found.
Chrome DefaultSuggestURL deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll not found.
C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => Moved successfully.
C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
ALSysIO => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{054073E9-291B-4C9D-99F4-08A356811BE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{054073E9-291B-4C9D-99F4-08A356811BE3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{096CE6B0-B8C2-4312-A85B-8D798E7EBBF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{096CE6B0-B8C2-4312-A85B-8D798E7EBBF5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323939383938373931372d2a5b45342d4134455b5a326c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{715ACDB4-5A06-4B2A-B8DC-4F3A737F7C09}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{715ACDB4-5A06-4B2A-B8DC-4F3A737F7C09}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_323939383938373931372d2a5b45342d4134455b5a326c" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FD96646-F4E2-4F45-9639-9BFF6C7B5A43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FD96646-F4E2-4F45-9639-9BFF6C7B5A43}" => Key deleted successfully.
C:\Windows\System32\Tasks\YTDownloaderUpd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F7AA766-1D18-4DCE-81F7-F5CBE3AA1F29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F7AA766-1D18-4DCE-81F7-F5CBE3AA1F29}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully.
"C:\Users\Rebeca Lainez\AppData\Local\ConvertAd" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

 

 

 

 

RogueKiller:

 

*Note: Unfortunately, I was a bit overzealous in removing this junk, so....... I didn't save the report from the first scan.

 

I apologize for this error, but I do remember seeing x86 and maybe x84 junk that was deleted from the registry. 

 

I ran a second scan, which is below.  

 

RogueKiller V10.0.1.0 (x64) [Oct 10 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Rebeca Lainez [Administrator]
Mode : Scan -- Date : 10/11/2014  22:40:45
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
--- User ---
[MBR] 0635b25e994959b43ebb9d742f76d2ee
[BSP] 139f9342507d5f69d78b8d4d1cc64ad7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 700351 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1434728448 | Size: 14750 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] e9db50b585bb6053fe928f1845a2075a
[BSP] 139f9342507d5f69d78b8d4d1cc64ad7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB
 
 
============================================
RKreport_DEL_10112014_223651.log - RKreport_SCN_10112014_223448.log
 
 
So far, everything seems to be running fine!


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 12 October 2014 - 09:17 AM

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

#5 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 12 October 2014 - 10:34 PM

Here are the results of the scan:

 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 31  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 7% 
````````````````````End of Log`````````````````````` 
 
 
Anything else?


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:30 PM

Posted 13 October 2014 - 07:47 AM


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u67.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 31

---


If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users