Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove Shopper PRO, YT Downloader, x86 from PC


  • This topic is locked This topic is locked
2 replies to this topic

#1 rbzo

rbzo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 11 October 2014 - 02:10 AM

Help!

 

I have another PC infected with this junk.

 

Since Nasdaq has assisted me with a similar post, I have already run ADW Cleaner and Farbar.

 

This has deleted much of the problem, yet I notice that Malwarebytes is still blocking malicious sites (x86)

related to this infection.

 

Here are the logs from these scans: 

 

# AdwCleaner v3.311 - Report created 04/10/2014 at 16:55:30
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rebeca ****** 
# Running from : C:\Users\Rebeca ******\Downloads\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : BackupStack
Service Found : sbmntr
Service Found : SPBIUpdd
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\sh5iuo8y.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\aps.scan.quick.results
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\aps.scan.results
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\aps.uninstall.scan.results
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\searchplugins\Askcom.xml
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\searchplugins\bingp.xml
File Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\user.js
File Found : C:\Users\Rebeca Lainez\Desktop\AnyProtect.lnk
File Found : C:\Users\Rebeca Lainez\Desktop\Continue Live Installation.lnk
File Found : C:\Users\Rebeca Lainez\Desktop\MyPC Backup.lnk
File Found : C:\Users\Rebeca Lainez\Desktop\Sync Folder.lnk
Folder Found : C:\Program Files (x86)\AnyProtectEx
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\BabylonToolbar
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\YTDownloader
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Systweak
Folder Found : C:\Users\Guest\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\sh5iuo8y.default\Extensions\staged\{ad7ce998-a77b-4062-9ffb-1d0b7cb23183}
Folder Found : C:\Users\Public\Documents\ShopperPro
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\Astromenda
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\ConvertAd
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\globalUpdate
Folder Found : C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Folder Found : C:\Users\Rebeca Lainez\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\ap_logs
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Babylon
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\DSite
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\Rebeca Lainez\AppData\Roaming\Systweak
Folder Found : C:\Users\REBECA~1\AppData\Local\Temp\mt_ffx
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
 
***** [ Scheduled Tasks ] *****
 
Task Found : advanced-System Protector_startup
Task Found : APSnotifierPP1
Task Found : APSnotifierPP2
Task Found : APSnotifierPP3
Task Found : Digital Sites
Task Found : DSite
Task Found : LaunchSignup
Task Found : RegClean Pro
Task Found : Scheduled Update for Ask Toolbar
Task Found : ShopperPro
Task Found : ShopperProJSUpd
Task Found : Smp
Task Found : SMupdate1
Task Found : SPDriver
Task Found : YTDownloader
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=2 )
Shortcut Found : C:\Users\Rebeca Lainez\Desktop\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
Shortcut Found : C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk ( hxxp://www-search.net/?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&pi=1 )
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Object Browser
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BRS
Key Found : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\ShopperPro
Key Found : HKCU\Software\systweak
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\BRS
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Babylon
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\ShopperPro
Key Found : [x64] HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\iWebar-nv
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0
Key Found : HKLM\SOFTWARE\ShopperPro
Key Found : HKLM\SOFTWARE\systweak
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\iWebar-nv
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\sh5iuo8y.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
 
[ File : C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\prefs.js ]
 
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Astromenda");
Line Found : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Line Found : user_pref("extensions.BabylonToolbar.instlday", "15612");
Line Found : user_pref("extensions.BabylonToolbar.instlref", "sst");
Line Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
Line Found : user_pref("extensions.BabylonToolbar.srcext", "ss");
Line Found : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=28b56ab9000000000000ac7289a50c13&q=");
Line Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1222:36:28");
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_meta.value", "%7B%22handlebars.js%22%3A%7B%22id%22%3A757210%2C%22ver%22%3A1%2C%22status[...]
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_queue.value", "%7B%22jquery.base64.js%22%3A%7B%22id%22%3A757211%2C%22ver%22%3A1%2C%22st[...]
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.Resources_resource_757219.value", "%22function%20startAskCom%28e%2Ct%2Cr%29%7Bfunction%20a%28e%29[...]
Line Found : user_pref("extensions.a927571a5c34c476fbf9f2ed9e8e7e940e6a314c63a357ced35576dcom61913.61913.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%2[...]
Line Found : user_pref("extensions.a9321b2762c2e4c5fbd04b8118e512707c0c8a2d632754caca0b252e936311db9com32850.32850.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Line Found : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Found : user_pref("extensions.asktb.cbid", "TV");
Line Found : user_pref("extensions.asktb.config-updated", true);
Line Found : user_pref("extensions.asktb.crumb", "2012.04.23+10.55.06-toolbar010iad-US-VmFsbGVqbyxDQSxVbml0ZWQgU3RhdGVz");
Line Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&gct=bar");
Line Found : user_pref("extensions.asktb.displaybehavior", "");
Line Found : user_pref("extensions.asktb.displaytext", "");
Line Found : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Line Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USCA1184");
Line Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Line Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
Line Found : user_pref("extensions.asktb.fresh-install", false);
Line Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Found : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Found : user_pref("extensions.asktb.l", "dis");
Line Found : user_pref("extensions.asktb.last-config-req", "1412461649314");
Line Found : user_pref("extensions.asktb.last-search-timestamp", "1369699401950");
Line Found : user_pref("extensions.asktb.last-v", "3.14.1.100009");
Line Found : user_pref("extensions.asktb.locale", "en_US");
Line Found : user_pref("extensions.asktb.location", "Vallejo,CA,United States");
Line Found : user_pref("extensions.asktb.lstation", "");
Line Found : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Found : user_pref("extensions.asktb.news-native-on", true);
Line Found : user_pref("extensions.asktb.o", "100000031");
Line Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Found : user_pref("extensions.asktb.pstate", "");
Line Found : user_pref("extensions.asktb.qsrc", "2871");
Line Found : user_pref("extensions.asktb.r", "20");
Line Found : user_pref("extensions.asktb.search-history-queries", "classic vintage wedding shower decorations||ticori||tiffany and co||tacori||tacori rings||walgreens weekly ad||hotmail.com||nba.com||ava sofa manu[...]
Line Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
Line Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Found : user_pref("extensions.asktb.socialmini-first", true);
Line Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Found : user_pref("extensions.asktb.socialmini-native-on", true);
Line Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Line Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Found : user_pref("extensions.asktb.to", "");
Line Found : user_pref("extensions.asktb.v", "3.14.1.100013");
Line Found : user_pref("extensions.asktb.volume", "");
Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1[...]
Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDy[...]
Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzyt[...]
Line Found : user_pref("extensions.enabledAddons", "sbzjysqzqc%40sbzjysqzqc.org:2.9.2.1,toolbar%40ask.com:3.14.1.100013,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1");
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
[ File : C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=110790&tt=270912_nocpc_3912_4&babsrc=SP_ss&mntrId=28b56ab9000000000000ac7289a50c13
Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_cmi_14_38_ch&cd=2XzuyEtN2Y1L1Qzu0A0CyBtBzzzy0AyDtD0CtCyCyC0A0BzytN0D0Tzu0SzyzzzytN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyB0DtCzzyDyD0BtGyByDyByDtG0AtAtAzztGtB0DyE0DtGyC0AtB0BzztC0Ezy0CtByE0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDzyyByB0EzztBzztGtB0FzzyEtGyEyEzzyEtG0A0EtBtCtGtAyCtA0FzytA0A0D0EyBzzzz2Q&cr=1820919865&ir=
Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&q={searchTerms}
Found [Search Provider] : hxxp://www-search.net/search.aspx?s=E9Gztugdu0338,8890ca06-476a-4445-b3af-e64bc70db3c2,&q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [30725 octets] - [04/10/2014 16:55:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [30786 octets] ##########
 
And FarBar:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
Ran by Rebeca Lainez (administrator) on REBECALAINEZ-HP on 04-10-2014 17:24:52
Running from C:\Users\Rebeca Lainez\Downloads
Loaded Profile: Rebeca Lainez (Available profiles: Rebeca Lainez & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(TLC Education Properties LLC) C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-02-05] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-02-05] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2012-02-05] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-25] (cyberlink)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Rebeca Lainez\AppData\Local\ConvertAd\ConvertAd.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2676584 2011-09-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [KRworks] => regsvr32.exe "C:\Users\Rebeca Lainez\AppData\Local\KRworks\pjcalendar.ocx" <===== ATTENTION
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3532072585-3184838971-2748656625-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Rebeca Lainez\AppData\Local\Temp\stmqkvu\sxtpscp\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MiniMavis.lnk
ShortcutTarget: MiniMavis.lnk -> C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe (TLC Education Properties LLC)
Startup: C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6510 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: http=127.0.0.1:13923;https=127.0.0.1:13923
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-06-21] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-24]
FF Extension: Video Downloader - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\Extensions\sbzjysqzqc@sbzjysqzqc.org.xpi [2013-04-18]
FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com [2014-09-15]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-02-23]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn [2011-12-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2014-10-04]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-07-23]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\Rebeca Lainez\AppData\Roaming\Mozilla\Firefox\Profiles\k9pjktjm.default\extensions\toolbar@ask.com [Not Found]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Simple Pass 2011) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\npwebsitelogon.dll (HP)
CHR Plugin: (Babylon ToolBar) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Website Logon) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe [2012-10-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (YouTube) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-17]
CHR Extension: (Search) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-17]
CHR Extension: (Google Wallet) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Rebeca Lainez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-17]
CHR HKLM-x32\...\Chrome\Extension: [aepeildmfnnehghlknddebgjghlompfe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-02-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2012-02-05] (Realsil Microelectronics Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-04] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120126.003\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120127.019\ENG64.SYS [117880 2011-12-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120127.019\EX64.SYS [2048632 2011-12-04] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\REBECA~1\AppData\Local\Temp\ALSysIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 17:24 - 2014-10-04 17:25 - 00028351 _____ () C:\Users\Rebeca Lainez\Downloads\FRST.txt
2014-10-04 17:24 - 2014-10-04 17:24 - 02109440 _____ (Farbar) C:\Users\Rebeca Lainez\Downloads\FRST64.exe
2014-10-04 17:24 - 2014-10-04 17:24 - 00000000 ____D () C:\FRST
2014-10-04 17:08 - 2014-10-04 17:08 - 00000000 ____D () C:\Users\Rebeca Lainez\Desktop\Anti Virus
2014-10-04 17:03 - 2014-10-04 17:03 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-10-04 17:02 - 2014-10-04 17:03 - 00000000 ____D () C:\AdwCleaner
2014-10-04 16:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-04 16:55 - 2014-10-04 16:56 - 00000000 ____D () C:\Users\Rebeca Lainez\Desktop\AdwCleaner
2014-10-04 15:37 - 2014-10-04 17:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 15:36 - 2014-10-04 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-04 15:36 - 2014-10-04 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-04 15:36 - 2014-10-04 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-04 15:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-04 15:36 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 15:36 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-04 15:31 - 2014-10-04 15:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rebeca Lainez\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-01 21:29 - 2014-10-01 21:29 - 00002221 _____ () C:\Users\Rebeca Lainez\Desktop\HP Support Assistant.lnk
2014-10-01 21:29 - 2014-10-01 21:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-10-01 21:25 - 2014-10-01 21:25 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-09-30 12:35 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 12:35 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 12:35 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-30 12:35 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 20:41 - 2014-09-24 20:41 - 00001332 _____ () C:\Users\Rebeca Lainez\Desktop\Clean Registry for Free!.lnk
2014-09-15 23:50 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 23:50 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-15 23:50 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 23:50 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 23:50 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-15 23:50 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-15 23:50 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 23:50 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 23:50 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 23:50 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 23:50 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 23:50 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 23:50 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-15 23:50 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 23:50 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 23:50 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 23:50 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 23:50 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 23:50 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 23:50 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-15 23:50 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 23:50 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 23:50 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-15 23:50 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 23:50 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-15 23:50 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-15 23:50 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-15 23:50 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-15 23:50 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 23:50 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 23:50 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-15 23:50 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-15 23:50 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 23:50 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-15 23:50 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-15 23:50 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-15 23:50 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-15 23:50 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 23:50 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 23:50 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 23:50 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 23:50 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 23:50 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-15 23:50 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-15 23:50 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-15 23:50 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 23:50 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-15 23:50 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 23:50 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-15 23:50 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-15 23:50 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-15 23:50 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 23:50 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-15 23:50 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-15 23:50 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 23:50 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-15 23:47 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 23:47 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-15 23:28 - 2014-09-15 23:28 - 00632808 _____ (ClickMeIn Limited) C:\Users\Rebeca Lainez\AppData\Local\nst2C91.tmp
2014-09-15 22:33 - 2014-09-15 22:33 - 00617369 _____ (ClickMeIn Limited) C:\Users\Rebeca Lainez\AppData\Local\nsy8A78.tmp
2014-09-15 22:27 - 2014-09-15 22:27 - 00000000 ____D () C:\Program Files\TermTutor
2014-09-15 22:26 - 2014-09-15 22:26 - 00000271 _____ () C:\Users\Rebeca Lainez\Desktop\Cut the Rope.url
2014-09-15 22:17 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-15 22:17 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-15 22:17 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-15 22:17 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-15 22:17 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-15 22:16 - 2014-09-15 22:16 - 00003602 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-09-15 22:16 - 2014-09-15 22:16 - 00001953 _____ () C:\Users\Rebeca Lainez\Desktop\YTDownloader.lnk
2014-09-15 22:14 - 2014-10-04 17:06 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-15 22:14 - 2014-09-15 22:14 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Local\CrashRpt
2014-09-15 22:12 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-15 22:12 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-15 21:57 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-15 21:57 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-15 21:47 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 21:47 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 20:42 - 2014-10-01 21:32 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForRebeca Lainez.job
2014-09-15 20:42 - 2014-10-01 21:29 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRebeca Lainez
2014-09-15 16:10 - 2014-09-15 16:10 - 00001010 _____ () C:\Users\Rebeca Lainez\Desktop\MX410 series - Shortcut.lnk
2014-09-07 11:33 - 2014-09-07 11:33 - 00000000 __SHD () C:\Users\Rebeca Lainez\AppData\Local\EmieUserList
2014-09-07 11:33 - 2014-09-07 11:33 - 00000000 __SHD () C:\Users\Rebeca Lainez\AppData\Local\EmieSiteList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-04 17:19 - 2011-09-18 16:16 - 01959493 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 17:16 - 2012-10-17 21:38 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 17:15 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 17:15 - 2009-07-13 21:51 - 00096307 _____ () C:\Windows\setupact.log
2014-10-04 17:14 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 17:14 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 17:09 - 2012-04-20 15:33 - 00001436 _____ () C:\Users\Rebeca Lainez\Desktop\Google Chrome.lnk
2014-10-04 17:05 - 2010-11-20 20:47 - 00407876 _____ () C:\Windows\PFRO.log
2014-10-04 17:03 - 2012-10-17 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-04 17:03 - 2011-12-20 23:39 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-04 17:03 - 2011-12-20 23:39 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-04 17:03 - 2011-12-01 21:53 - 00001005 _____ () C:\Users\Rebeca Lainez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-04 17:01 - 2012-07-23 13:15 - 00000272 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-10-04 16:44 - 2012-09-04 22:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-04 16:15 - 2012-10-17 21:38 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-04 16:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2014-10-04 15:28 - 2011-12-01 21:53 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8BDFEC9B-6EBC-4EFF-8C19-4610DE4EC0C9}
2014-10-04 15:27 - 2013-09-14 17:49 - 00000199 _____ () C:\Users\Rebeca Lainez\AppData\Roaming\WB.CFG
2014-10-01 21:29 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-10-01 21:27 - 2011-06-21 12:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-01 21:26 - 2011-06-21 12:29 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-01 21:24 - 2011-06-21 12:38 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-01 21:24 - 2011-06-21 12:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-01 21:23 - 2011-02-10 12:23 - 00000000 ____D () C:\SWSetup
2014-10-01 21:12 - 2011-12-12 14:25 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Local\CrashDumps
2014-10-01 19:30 - 2011-12-24 22:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-01 19:30 - 2011-12-04 20:11 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-30 13:05 - 2011-12-04 20:36 - 00000000 ____D () C:\Users\Guest
2014-09-30 13:05 - 2011-12-01 21:45 - 00000000 ____D () C:\Users\Rebeca Lainez
2014-09-30 13:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-09-30 13:04 - 2013-01-03 16:10 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-30 13:04 - 2011-09-18 16:27 - 00000000 ____D () C:\ProgramData\Norton
2014-09-30 13:04 - 2011-06-21 12:37 - 00000000 ____D () C:\ProgramData\RoxioNow
2014-09-30 13:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-09-24 20:33 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 16:44 - 2012-09-04 22:47 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 16:44 - 2012-09-04 22:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 16:44 - 2011-12-24 22:32 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-21 21:56 - 2014-03-05 22:51 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Roaming\Ogigbo
2014-09-19 12:20 - 2013-01-03 16:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 20:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 23:49 - 2011-12-02 11:09 - 00776014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-15 23:47 - 2014-08-30 19:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-15 23:24 - 2012-04-25 11:15 - 00000000 ____D () C:\Users\Rebeca Lainez\AppData\Local\Windows Live
2014-09-15 22:27 - 2014-02-23 20:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 22:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-15 22:14 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-15 22:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-07 11:29 - 2013-03-17 15:18 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-07 11:29 - 2013-03-17 15:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-07 11:29 - 2009-07-13 21:45 - 00293408 _____ () C:\Windows\system32\FNTCACHE.DAT
 
Alureon:
C:\Users\Rebeca Lainez\AppData\Local\Temp\stmqkvu\sxtpscp\wow.dll
 
Some content of TEMP:
====================
C:\Users\Rebeca Lainez\AppData\Local\Temp\ahsomubhh.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\ApnStub.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\AskSLib.dll
C:\Users\Rebeca Lainez\AppData\Local\Temp\BackupSetup.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\converter.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\Extract.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\install_reader11_en_mssa_aih.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\post1.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\post2.dll
C:\Users\Rebeca Lainez\AppData\Local\Temp\post2.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\Quarantine.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\Resource.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\sp54373.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP54841.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP54900.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55094.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55101.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55102.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55104.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55107.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55138.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55151.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\SP55152.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\sp58915.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\sp64126.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Rebeca Lainez\AppData\Local\Temp\UninstallHPTCA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-11-20 19:33
 
==================== End Of Log ============================
 
I await your recommendations. Thank You.
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 rbzo

rbzo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 11 October 2014 - 02:22 AM

This is a duplicate post. 

 

Please delete.

 

Thank You, and apologies for the inconvenience.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:17 PM

Posted 14 October 2014 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users