Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with CDN.ADNX.COM or some other type of virus, etc. Not too sure...


  • This topic is locked This topic is locked
14 replies to this topic

#1 laprea

laprea

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 08 December 2014 - 04:57 PM

Hello,

 

I am using Windows 8,1, 64-bit operating system, x64 based processor, Google Chrome as my default browser..Using Norton 360.

 

Here is what is happening:

 

It started out with my app windows randomly minimizing, then I would randomly get sent to some unknown site.

Coincidentally, this started happening when I was given a new Constant Guard app from my cable provider - Comcast/Xfinity. The new application is named Fast Connection Protection Suite from a company named White Skyes. Note: I just now launched the Fast Connection Suite to get the name and now my browser window is randomly minimizing! I have not yet unistalled because I do need this application for now.)

 

I am getting Norton 360 alerts for High Disk Usage for something named: Chormium. Never heard of this software. Not listed in Programs to Uninstall.

Other Norton 360 messages include: Np-cwmp.dll is Safe, Download Insight analyzed files are Safe, APIsupport.dll is Safe, ChromeAPIPulgin.dll and a host of other files.

 

I tried to run DDS but I know now that it is not compatible with Windows 8.1.

 

  • I tried to use RKILL64 to halt the processes, but the processes resume.
  • I have tried to use SuperAntiSpyWare after running RKILL64
  • The last thing I have tried is to run the EMISOFT Emergency Kit. The log is below along with a message regarding detected files...Not sure what to do next! Please help! 

Attached File  Rkill.txt   3.34KB   0 downloadsAttached File  a2scan_141208-142222.txt   67.83KB   0 downloads

 

C:\WINDOWS\System32\Drivers\{16059ec5-52e8-4756-b01c-cdf3d1058db7}Gw64.sys - The removal experts on the Emsisoft Forum will help you to safely remove this detection for free: http://support.emsisoft.com
 

 

 

 

 

Emsisoft Emergency Kit - Version 9.0
Last update: 12/8/2014 2:20:25 PM
User account: HOME_GATEWAY\Lawrence
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 12/8/2014 2:22:22 PM
C:\WINDOWS\System32\Drivers\{16059ec5-52e8-4756-b01c-cdf3d1058db7}Gw64.sys detected: Adware.SwiftBrowse.CH ( B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} detected: Application.Win32.WebApp (A)
C:\Users\Lawrence\AppData\Local\Conduit detected: Application.AppInstall (A)
C:\Users\Lawrence\AppData\Local\cre detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} detected: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\BABSOLUTION detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\SIMPLYTECH detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\INSTALLCORE detected: Application.AdTool (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\TUTOTAG detected: Adware.Win32.Ozore (A)
C:\Program Files (x86)\Conduit detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DATAMNGR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DELTA detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\DATAMNGR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP detected: Application.AdReg (A)
C:\$Recycle.Bin\S-1-5-21-3082084262-3058386254-3549796108-1001\$R5H1KXM.exe detected: Gen:Variant.Application.Bundler.SoftPulse.4 ( B)
C:\$Recycle.Bin\S-1-5-21-3082084262-3058386254-3549796108-1001\$RT6GKK5.exe detected: Gen:Variant.Application.Bundler.SoftPulse.4 ( B)
C:\$Recycle.Bin\S-1-5-21-3082084262-3058386254-3549796108-1001\$RV3PFGL.dll detected: Application.Toolbar (A)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll detected: Application.Win32.WebToolbar (A)
C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\scoped_dir_872_4218\CRX_INSTALL\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1AA0736E-F404-405B-95AE-B702E14F56C5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1AA0736E-F404-405B-95AE-B702E14F56C5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1EA7FAE3-11EC-4069-8535-9DF04040744A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1EA7FAE3-11EC-4069-8535-9DF04040744A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{34FB9927-F114-455B-A7D1-6E7A6684C175}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{34FB9927-F114-455B-A7D1-6E7A6684C175}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{38627BCF-41C3-4D52-B048-54C9948C951E}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{38627BCF-41C3-4D52-B048-54C9948C951E}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{39B57B24-9190-4E44-891A-8CFDB6603EAB}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{3A8813FB-14D7-4497-94FE-37937927467F}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{68E8B26B-5CE3-43BC-96F8-D5C760AE11D6}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{6C899FD6-6081-4FBD-B5B5-3470E2C98C94}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{7181C554-D413-43DD-9A98-F7DD07B093F5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{7181C554-D413-43DD-9A98-F7DD07B093F5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{7603601F-4B42-470B-9C3F-D7926167E312}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{86A7B90E-A26F-4ACA-9864-CDB1C360489C}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{86A7B90E-A26F-4ACA-9864-CDB1C360489C}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{8E871527-150D-49DE-91F3-C1E6F4B11A9B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{8E871527-150D-49DE-91F3-C1E6F4B11A9B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{A7DEFE73-0E18-46F7-B93A-7596B2F3AD08}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{A9E2F570-9B89-49F9-9600-A0EBD1F937FD}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{AD798A8A-4252-4A6C-8FFA-CEDBC4D2D1E3}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{B2E5E7AE-EA4D-4455-B640-8B19FB792BB6}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{B7CD9FBF-C179-43CD-ADC8-2CEA5310DA79}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{B82B48E8-1F5D-4ED1-97A6-1C3B6F91C1E4}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{BA19943C-D3E9-49FA-A9E5-A5800C25050D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{BA19943C-D3E9-49FA-A9E5-A5800C25050D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C517B213-0CB9-4956-8862-ACF3C3DDB47A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C517B213-0CB9-4956-8862-ACF3C3DDB47A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C6153E06-BB8D-4F32-B9F1-4BF5A6954F2B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C6153E06-BB8D-4F32-B9F1-4BF5A6954F2B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{CD71B752-034E-4414-B3B4-515EDA8A5F89}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D0D3F0C9-FAE0-499C-8410-5A8AFCAA9620}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D0D3F0C9-FAE0-499C-8410-5A8AFCAA9620}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D3A89C73-5183-4C76-93C1-A4DA421D54E7}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D3A89C73-5183-4C76-93C1-A4DA421D54E7}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D627A59D-5E67-4DAE-ACF2-75B40914FC1B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D683BAB5-EF14-4055-8E56-0A05A3EF8FF8}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D6C6094A-D42B-445E-ADEE-22D0551A40AE}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{DC7CF352-C156-4163-9FD0-16DFFB0C8D87}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E21944A0-EE08-441A-B0AD-1A75C95B9667}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E4826186-252E-4FF1-ABAC-7181FCE2A08D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E4826186-252E-4FF1-ABAC-7181FCE2A08D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E6598A6D-D0D0-45C7-B80E-961271308C47}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E8A519D9-CDF8-490E-9772-41D7E50E0F1C}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E9486C4D-E78E-4B13-9F5F-D4F580C5BC16}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E9486C4D-E78E-4B13-9F5F-D4F580C5BC16}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{EBA49461-97F6-44AA-B404-6CBB207D04B3}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{EF6ADD79-596F-464C-AA85-5FE9CC4FB964}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{EF6ADD79-596F-464C-AA85-5FE9CC4FB964}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F125D85C-099C-460A-85CA-D6188151A650}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F125D85C-099C-460A-85CA-D6188151A650}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F25483D8-6567-493B-B988-662940EAB919}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F25483D8-6567-493B-B988-662940EAB919}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F33CC3F0-E5F4-42A2-8B35-C5292623A416}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F3818C52-E683-4ED1-9359-D23435208412}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F42B95A6-B0B4-4E73-B6D3-A58CDE15B91F}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F42B95A6-B0B4-4E73-B6D3-A58CDE15B91F}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F77B506C-459E-4A20-86E7-4C12C83D6C26}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F983CAFA-380E-4E89-AD2E-8C3FCA5DE2CA}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll detected: Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F983CAFA-380E-4E89-AD2E-8C3FCA5DE2CA}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll detected: Application.Toolbar (A)
C:\Windows\System32\drivers\{16059ec5-52e8-4756-b01c-cdf3d1058db7}Gw64.sys detected: Adware.SwiftBrowse.CH ( B)
 
Scanned 371299
Found 84
 
Scan end: 12/8/2014 4:12:41 PM
Scan time: 1:50:19
 
C:\Windows\System32\drivers\{16059ec5-52e8-4756-b01c-cdf3d1058db7}Gw64.sys Quarantined Adware.SwiftBrowse.CH ( B)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F983CAFA-380E-4E89-AD2E-8C3FCA5DE2CA}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F983CAFA-380E-4E89-AD2E-8C3FCA5DE2CA}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F77B506C-459E-4A20-86E7-4C12C83D6C26}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F42B95A6-B0B4-4E73-B6D3-A58CDE15B91F}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F42B95A6-B0B4-4E73-B6D3-A58CDE15B91F}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F3818C52-E683-4ED1-9359-D23435208412}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F33CC3F0-E5F4-42A2-8B35-C5292623A416}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F25483D8-6567-493B-B988-662940EAB919}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F25483D8-6567-493B-B988-662940EAB919}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F125D85C-099C-460A-85CA-D6188151A650}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{F125D85C-099C-460A-85CA-D6188151A650}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{EF6ADD79-596F-464C-AA85-5FE9CC4FB964}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{EF6ADD79-596F-464C-AA85-5FE9CC4FB964}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{EBA49461-97F6-44AA-B404-6CBB207D04B3}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E9486C4D-E78E-4B13-9F5F-D4F580C5BC16}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E9486C4D-E78E-4B13-9F5F-D4F580C5BC16}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E8A519D9-CDF8-490E-9772-41D7E50E0F1C}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E6598A6D-D0D0-45C7-B80E-961271308C47}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E4826186-252E-4FF1-ABAC-7181FCE2A08D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E4826186-252E-4FF1-ABAC-7181FCE2A08D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{E21944A0-EE08-441A-B0AD-1A75C95B9667}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{DC7CF352-C156-4163-9FD0-16DFFB0C8D87}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D6C6094A-D42B-445E-ADEE-22D0551A40AE}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D683BAB5-EF14-4055-8E56-0A05A3EF8FF8}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D627A59D-5E67-4DAE-ACF2-75B40914FC1B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D3A89C73-5183-4C76-93C1-A4DA421D54E7}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D3A89C73-5183-4C76-93C1-A4DA421D54E7}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D0D3F0C9-FAE0-499C-8410-5A8AFCAA9620}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{D0D3F0C9-FAE0-499C-8410-5A8AFCAA9620}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{CD71B752-034E-4414-B3B4-515EDA8A5F89}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C6153E06-BB8D-4F32-B9F1-4BF5A6954F2B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C6153E06-BB8D-4F32-B9F1-4BF5A6954F2B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C517B213-0CB9-4956-8862-ACF3C3DDB47A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{C517B213-0CB9-4956-8862-ACF3C3DDB47A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{BA19943C-D3E9-49FA-A9E5-A5800C25050D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{BA19943C-D3E9-49FA-A9E5-A5800C25050D}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{B82B48E8-1F5D-4ED1-97A6-1C3B6F91C1E4}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{B7CD9FBF-C179-43CD-ADC8-2CEA5310DA79}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{B2E5E7AE-EA4D-4455-B640-8B19FB792BB6}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{AD798A8A-4252-4A6C-8FFA-CEDBC4D2D1E3}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{A9E2F570-9B89-49F9-9600-A0EBD1F937FD}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{A7DEFE73-0E18-46F7-B93A-7596B2F3AD08}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{8E871527-150D-49DE-91F3-C1E6F4B11A9B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{8E871527-150D-49DE-91F3-C1E6F4B11A9B}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{86A7B90E-A26F-4ACA-9864-CDB1C360489C}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{86A7B90E-A26F-4ACA-9864-CDB1C360489C}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{7603601F-4B42-470B-9C3F-D7926167E312}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{7181C554-D413-43DD-9A98-F7DD07B093F5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{7181C554-D413-43DD-9A98-F7DD07B093F5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{6C899FD6-6081-4FBD-B5B5-3470E2C98C94}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{68E8B26B-5CE3-43BC-96F8-D5C760AE11D6}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{3A8813FB-14D7-4497-94FE-37937927467F}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{39B57B24-9190-4E44-891A-8CFDB6603EAB}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{38627BCF-41C3-4D52-B048-54C9948C951E}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{38627BCF-41C3-4D52-B048-54C9948C951E}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{34FB9927-F114-455B-A7D1-6E7A6684C175}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{34FB9927-F114-455B-A7D1-6E7A6684C175}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1EA7FAE3-11EC-4069-8535-9DF04040744A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1EA7FAE3-11EC-4069-8535-9DF04040744A}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1AA0736E-F404-405B-95AE-B702E14F56C5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.31.4.510_0\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\{ACBC507B-37BD-4DD8-9A02-DC330931B162}\{1AA0736E-F404-405B-95AE-B702E14F56C5}\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.100.4_0\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Users\Lawrence\AppData\Local\Temp\scoped_dir_872_4218\CRX_INSTALL\APISupport\APISupport.dll Quarantined Application.Toolbar (A)
C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll Quarantined Application.Toolbar (A)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll Quarantined Application.Win32.WebToolbar (A)
C:\$Recycle.Bin\S-1-5-21-3082084262-3058386254-3549796108-1001\$RV3PFGL.dll Quarantined Application.Toolbar (A)
C:\$Recycle.Bin\S-1-5-21-3082084262-3058386254-3549796108-1001\$RT6GKK5.exe Quarantined Gen:Variant.Application.Bundler.SoftPulse.4 ( B)
C:\$Recycle.Bin\S-1-5-21-3082084262-3058386254-3549796108-1001\$R5H1KXM.exe Quarantined Gen:Variant.Application.Bundler.SoftPulse.4 ( B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\DATAMNGR Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DELTA Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\DATAMNGR Quarantined Application.InstallAd (A)
C:\Program Files (x86)\Conduit Quarantined Application.AppInstall (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\TUTOTAG Quarantined Adware.Win32.Ozore (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\INSTALLCORE Quarantined Application.AdTool (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\SIMPLYTECH Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3082084262-3058386254-3549796108-1001\SOFTWARE\BABSOLUTION Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Quarantined Application.AdReg (A)
C:\Users\Lawrence\AppData\Local\cre Quarantined Application.AppInstall (A)
C:\Users\Lawrence\AppData\Local\Conduit Quarantined Application.AppInstall (A)
 
Quarantined 82
 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 13 December 2014 - 10:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 laprea

laprea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 December 2014 - 05:47 PM

Hi and thanks nasdaq!

 

I downloaded and ran the AdwCleaner.exe and the log file content is below. I tried to download the Farbar Recovery tool but my Norton indicated the file is not safe and did not download. Norton indicates it contains a "threat" of some sort. Please advise.

 

As for my computer, it was running pretty good now....After I posted to this forum, I did find another utility to help me more real-time since my app windows were minimizing and it was out of control. I also uninstalled Fast Connection Protection Suite downloaded to me by my cable provider (Comcast/Xfinity). A new company named White Sky is now handling the protection suite application and I think that was the culprit initially. 

 

 

AdwarecleanS0.txt:

 

# AdwCleaner v4.105 - Report created 13/12/2014 at 17:18:51
# Updated 08/12/2014 by Xplode
# Database : 2014-12-13.4 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Lawrence - HOME_GATEWAY
# Running from : C:\Users\Lawrence\Downloads\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\LuckyTab
Folder Deleted : C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
Folder Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Lawrence\Desktop\Continue Live Installation.lnk
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LuckyTab
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\f0dd8ab238be43
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA021789-C8CD-4676-BC40-90077A19D5CD}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\SimpleFiles
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : [x64] HKLM\SOFTWARE\Speedchecker Limited
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [6759 octets] - [13/12/2014 17:14:25]
AdwCleaner[S0].txt - [6438 octets] - [13/12/2014 17:18:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6498 octets] ##########

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 14 December 2014 - 09:02 AM

I tried to download the Farbar Recovery tool but my Norton indicated the file is not safe and did not download. Norton indicates it contains a "threat" of some sort. Please advise.

The file is safe. When you download the file Norton gives you an option to accept the file.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 19 December 2014 - 09:20 AM

Are you still with me?

#6 laprea

laprea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 21 December 2014 - 12:13 PM

Hi,

 

Sorry for the delay....i just ran the Farbar (64) tool.....here is the data:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
Ran by Lawrence (administrator) on HOME_GATEWAY on 21-12-2014 12:05:12
Running from C:\Users\Lawrence\Downloads
Loaded Profile: Lawrence (Available profiles: Lawrence)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Runner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
(The Chromium Authors) C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5\Chrome-bin\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-10-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2012-11-08] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ospd_us_511] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\Run: [SkyDrive] => C:\Users\Lawrence\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\Run: [GoogleChromeAutoLaunch_FB153F676780F896CC9A42F3BE993FA0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [915784 2014-12-05] (Google Inc.)
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\RunOnce: [Adobe Speed Launcher] => 1419143410
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\MountPoints2: {3945a0fa-172a-11e4-bf01-b888e3d3e2a8} - "E:\autorun.exe" 
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\MountPoints2: {4843a36d-1b87-11e4-bf04-b888e3d3e2a8} - "E:\TL_Bootstrap.exe" 
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * Partizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-3082084262-3058386254-3549796108-1001] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - IEXPLORE.EXE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3082084262-3058386254-3549796108-1001 -> {40C4169D-BBD5-4A40-B0A2-E288EB564785} URL = http://search.whiteskyservices.com/?wstoken=F01CFFB3-8F16-496E-862B-D97060A38626&dtid=1&pid=21&src=sgsearch&v=1.14.1120.1&searchparam={SearchTerms}
SearchScopes: HKU\S-1-5-21-3082084262-3058386254-3549796108-1001 -> {44DFBA25-E343-4342-96BE-93AE24078CB0} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} http://216.231.169.59/activex/AMC.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-21]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-28]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/", "https://www.yahoo.com/", "hxxp://www.tvguide.com/Listings/"
CHR Profile: C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-11]
CHR Extension: (Google Docs) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-11]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-11]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-11]
CHR Extension: (Watch Movies Online Free) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cncccfncpbomeoelpccdbhilhbcohkmc [2014-12-11]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]
CHR Extension: (Connect) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeihfhnbnfemlajfadhbpdfiipncebld [2014-12-11]
CHR Extension: (Google Sheets) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-11]
CHR Extension: (Free Invoice Maker) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp [2014-12-11]
CHR Extension: (Webcam Toy) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2014-12-11]
CHR Extension: (Mahjong Gardens) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhochnonopbhcdmndnnakimmdgpebdcn [2014-12-11]
CHR Extension: (Norton Security Toolbar) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-12-18]
CHR Extension: (Camera Effects & Filters) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhdkmikakepiiabdfjjgogcaielndmlj [2014-12-11]
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
CHR HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lawrence\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-21] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-06-10] () [File not signed]
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2012-11-08] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-08] (Emsisoft GmbH)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141219.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141220.002\ENG64.SYS [129752 2014-11-23] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141220.002\EX64.SYS [2137304 2014-11-23] (Symantec Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-11-08] (Dritek System Inc.)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 12:05 - 2014-12-21 12:05 - 00026096 _____ () C:\Users\Lawrence\Downloads\FRST.txt
2014-12-21 12:04 - 2014-12-21 12:05 - 00000000 ____D () C:\FRST
2014-12-21 12:03 - 2014-12-21 12:03 - 02122240 _____ (Farbar) C:\Users\Lawrence\Downloads\FRST64.exe
2014-12-13 17:14 - 2014-12-13 17:19 - 00000000 ____D () C:\AdwCleaner
2014-12-13 17:12 - 2014-12-13 17:12 - 02166272 _____ () C:\Users\Lawrence\Downloads\adwcleaner_4.105.exe
2014-12-13 15:57 - 2014-12-13 15:57 - 00000000 ____D () C:\Users\Lawrence\Downloads\scriptina
2014-12-13 15:56 - 2014-12-13 15:56 - 00058728 _____ () C:\Users\Lawrence\Downloads\scriptina (1).zip
2014-12-13 15:54 - 2014-12-13 15:54 - 00058728 _____ () C:\Users\Lawrence\Downloads\scriptina.zip
2014-12-11 14:50 - 2014-12-11 14:50 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 14:50 - 2014-12-11 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-11 14:32 - 2014-12-11 14:32 - 00880784 _____ (Google Inc.) C:\Users\Lawrence\Downloads\ChromeSetup (1).exe
2014-12-11 14:28 - 2014-12-11 14:29 - 00880784 _____ (Google Inc.) C:\Users\Lawrence\Downloads\ChromeSetup.exe
2014-12-11 12:27 - 2014-12-11 12:29 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Deployment
2014-12-11 12:27 - 2014-12-11 12:27 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Apps\2.0
2014-12-10 19:57 - 2014-12-10 19:57 - 00001168 _____ () C:\Users\Lawrence\Desktop\rkill64.exe - Shortcut.lnk
2014-12-10 14:34 - 2014-12-10 14:34 - 09120016 _____ (White Sky, Inc.) C:\Users\Lawrence\Downloads\fastconnect (1).exe
2014-12-10 14:26 - 2014-12-10 14:27 - 12065592 _____ (White Sky, Inc.) C:\Users\Lawrence\Downloads\constantguard.exe
2014-12-10 12:55 - 2014-12-10 12:55 - 09120016 _____ (White Sky, Inc.) C:\Users\Lawrence\Downloads\fastconnect.exe
2014-12-10 11:15 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-10 11:15 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 11:08 - 2014-12-10 11:08 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 10:56 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-10 10:56 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-10 10:54 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 10:54 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 10:54 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 10:54 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 10:54 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 10:54 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 10:54 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 10:54 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 10:54 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 10:54 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 10:54 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 10:54 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 10:54 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 10:54 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 10:54 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 10:54 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 10:54 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 10:54 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 10:54 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 10:54 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 10:54 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 10:54 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 10:54 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 10:54 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 10:54 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 10:54 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 10:54 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 10:54 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 10:54 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 10:54 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 10:54 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 10:54 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 10:54 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 10:54 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 10:54 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 10:54 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 10:54 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 10:54 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 10:54 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 10:54 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 10:54 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 10:54 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 10:54 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 10:54 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 10:54 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 10:54 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 10:54 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 10:54 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 10:54 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 10:54 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 10:54 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 10:54 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 10:54 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 10:54 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 10:54 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 10:54 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-10 10:53 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 10:53 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-09 20:52 - 2014-12-09 20:52 - 00000976 _____ () C:\Users\Lawrence\Desktop\Reanimator.lnk
2014-12-09 20:52 - 2014-12-09 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2014-12-09 19:39 - 2014-12-09 20:56 - 00000000 ____D () C:\ProgramData\RegRun
2014-12-09 11:39 - 2014-12-21 01:28 - 00000250 _____ () C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2014-12-09 11:35 - 2014-12-09 21:50 - 00000000 ____D () C:\@RestoreQuarantine
2014-12-09 11:35 - 2014-12-09 11:35 - 00040720 _____ (Greatis Software) C:\WINDOWS\system32\Partizan.exe
2014-12-09 11:30 - 2014-12-09 20:52 - 00000000 ____D () C:\Users\Lawrence\Documents\RegRun2
2014-12-09 11:30 - 2014-12-09 20:52 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-12-09 11:30 - 2014-12-09 20:41 - 00000000 ____D () C:\Users\Public\Documents\regruninfo
2014-12-09 11:30 - 2014-12-09 11:30 - 00001030 _____ () C:\Users\Lawrence\Desktop\UnHackMe.lnk
2014-12-09 11:30 - 2014-12-09 11:30 - 00000002 RSHOT () C:\WINDOWS\winstart.bat
2014-12-09 11:30 - 2014-12-09 11:30 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\CONFIG.NT
2014-12-09 11:30 - 2014-12-09 11:30 - 00000002 RSHOT () C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2014-12-09 11:30 - 2014-12-09 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2014-12-09 11:30 - 2014-11-20 12:56 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2014-12-09 11:29 - 2014-12-09 11:29 - 00000000 ____D () C:\Users\Lawrence\Downloads\unhackme
2014-12-09 11:28 - 2014-12-09 11:28 - 16489198 _____ () C:\Users\Lawrence\Downloads\unhackme.zip
2014-12-08 16:16 - 2014-12-08 16:16 - 00069456 _____ () C:\Users\Lawrence\Desktop\a2scan_141208-142222.txt
2014-12-08 14:16 - 2014-12-10 15:29 - 00000000 ____D () C:\EEK
2014-12-08 14:16 - 2014-12-10 09:37 - 00000762 _____ () C:\Users\Lawrence\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-08 14:15 - 2014-12-08 14:15 - 165373088 _____ () C:\Users\Lawrence\Downloads\EmsisoftEmergencyKit.exe
2014-12-08 13:54 - 2014-12-08 13:54 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.com
2014-12-08 13:28 - 2014-12-08 13:28 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-12-08 13:05 - 2014-12-08 13:05 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lawrence\Downloads\rkill64.exe
2014-12-08 13:02 - 2014-12-08 13:02 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Lawrence\Downloads\rkill (1)64-19234.exe
2014-12-08 12:47 - 2014-12-08 12:47 - 00000000 ____D () C:\SUPERDelete
2014-12-08 12:45 - 2014-12-08 12:45 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\SUPERAntiSpyware.com
2014-12-08 12:45 - 2014-12-08 12:45 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-08 12:44 - 2014-12-08 12:44 - 20649600 _____ (SUPERAntiSpyware) C:\Users\Lawrence\Downloads\SUPERAntiSpyware.exe
2014-12-08 12:41 - 2014-12-11 12:03 - 00002574 _____ () C:\Users\Lawrence\Desktop\Rkill.txt
2014-12-07 15:38 - 2014-12-07 15:37 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-12-07 15:37 - 2014-12-07 15:37 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-12-07 15:37 - 2014-12-07 15:37 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-12-07 15:37 - 2014-12-07 15:37 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-12-07 15:37 - 2014-12-07 15:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-07 13:40 - 2014-12-07 13:40 - 00000000 ____D () C:\Program Files (x86)\download Manager
2014-12-07 13:39 - 2014-12-20 12:53 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\AE3F2F8D-F2AD-5B7E-C4D3-0017BC28C5
2014-12-07 13:39 - 2014-12-07 13:39 - 00004418 _____ () C:\WINDOWS\System32\Tasks\Runner IC
2014-12-04 09:23 - 2014-12-04 09:24 - 125202168 _____ (Microsoft Corporation) C:\Users\Lawrence\Downloads\msert.exe
2014-11-25 04:18 - 2013-11-20 10:51 - 00773968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100.dll
2014-11-25 04:18 - 2013-11-20 10:51 - 00421200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp100.dll
2014-11-24 11:22 - 2014-12-19 08:48 - 00003354 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3082084262-3058386254-3549796108-1001
2014-11-24 11:22 - 2014-12-19 08:48 - 00003302 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3082084262-3058386254-3549796108-1001
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-21 12:05 - 2013-08-23 10:31 - 00000000 ____D () C:\Users\Lawrence\Documents\Outlook Files
2014-12-21 12:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-21 12:01 - 2013-11-17 22:34 - 01972895 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-21 02:47 - 2013-08-13 11:58 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-21 02:23 - 2013-08-20 21:36 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-21 01:42 - 2013-04-09 06:32 - 00005002 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOME_GATEWAY-Lawrence Home_Gateway
2014-12-21 01:34 - 2013-04-07 12:49 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3082084262-3058386254-3549796108-1001
2014-12-21 01:33 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-12-21 01:30 - 2013-08-13 11:58 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-21 01:29 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-21 01:29 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-21 01:29 - 2013-04-08 19:01 - 00000000 __RDO () C:\Users\Lawrence\SkyDrive
2014-12-20 12:13 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-20 12:06 - 2014-09-24 13:31 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4B85C820-D5E4-44DB-A4D3-91E8397BB8B5}
2014-12-19 08:52 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-19 08:46 - 2013-11-17 22:17 - 00000000 ____D () C:\Users\Lawrence
2014-12-19 08:45 - 2013-09-29 22:55 - 00184908 _____ () C:\WINDOWS\PFRO.log
2014-12-18 11:12 - 2014-06-26 11:35 - 00003324 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3082084262-3058386254-3549796108-1001
2014-12-18 11:12 - 2014-04-11 06:20 - 00003376 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3082084262-3058386254-3549796108-1001
2014-12-18 11:00 - 2013-04-08 18:49 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-12-18 10:58 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-15 10:40 - 2013-04-07 12:40 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Packages
2014-12-13 17:23 - 2013-08-22 09:44 - 00483944 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-13 16:59 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-11 14:49 - 2013-08-13 11:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-10 18:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 11:08 - 2014-07-10 14:51 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 11:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 11:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 11:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 11:08 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-10 11:04 - 2013-08-14 20:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 11:01 - 2013-04-08 13:21 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 19:51 - 2014-05-14 09:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 19:23 - 2013-08-20 21:36 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-08 19:16 - 2013-08-22 09:46 - 00333784 _____ () C:\WINDOWS\setupact.log
2014-12-08 16:43 - 2014-07-24 09:34 - 00001058 _____ () C:\Users\Lawrence\Desktop\magicJack.lnk
2014-12-08 16:43 - 2014-07-24 09:34 - 00001044 _____ () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-12-08 16:43 - 2014-07-24 09:33 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\mjusbsp
2014-12-08 12:51 - 2013-08-23 12:35 - 00000000 ____D () C:\Program Files (x86)\Club World Casinos
2014-12-07 18:31 - 2013-05-07 10:30 - 00000000 ____D () C:\Users\Lawrence\Documents\Labels
2014-12-07 15:38 - 2013-11-07 19:57 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-07 13:54 - 2014-10-08 13:48 - 00000000 ____D () C:\ProgramData\iolo
2014-12-07 12:47 - 2013-08-22 08:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-12-01 18:54 - 2013-04-09 08:04 - 00000000 ____D () C:\Users\Lawrence\Documents\Resumes_Updated
 
Some content of TEMP:
====================
C:\Users\Lawrence\AppData\Local\Temp\Quarantine.exe
C:\Users\Lawrence\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-20 12:51
 
==================== End Of Log ============================Attached File  Addition.txt   31.96KB   0 downloads


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 21 December 2014 - 01:36 PM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start


HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [ospd_us_511] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
URLSearchHook: [S-1-5-21-3082084262-3058386254-3549796108-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKU\S-1-5-21-3082084262-3058386254-3549796108-1001\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Lawrence\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 laprea

laprea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 22 December 2014 - 08:14 AM

Hello,

 

I tried to run FRST again with the fixlist.txt and received an error. 

 

AutoIT Error

 

Line 9878 (File "C:\FRST\FRST64.exe")

 

Error: Error in Expression.

 



#9 laprea

laprea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 22 December 2014 - 08:18 AM

From the security check.....

 

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender        
Norton Security Suite   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 22 December 2014 - 10:49 AM

AutoIT Error

Line 9878 (File "C:\FRST\FRST64.exe")

Error: Error in Expression.


Is the FRST64.exe in the c:\FRST folder?

Your FRST log shows that it's running from the Downloads folder.
C:\Users\Lawrence\Downloads

Move the file to the c:\FRST folder and run the fix.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

#11 laprea

laprea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 22 December 2014 - 12:32 PM

Ok, so I know for a fact that I moved the exe from the downloads to the FRST directory AND created the fixlist.txt file as described. I just ran the exe again with both in the FRST directory. I receive the same error as before and I notice the fixlist.txt is deleted too....Plz advise

 

I will do the flash update now as well.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 22 December 2014 - 02:43 PM

Are you running the FRST tool as an administrator?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 28 December 2014 - 09:01 AM

Are you still with me?

#14 laprea

laprea
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 28 December 2014 - 02:41 PM

Hello,

 

 

Thanks for the help, but I have decided to reformat my laptop. Please close this case. Thanks.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:05 PM

Posted 29 December 2014 - 07:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users