Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant get rid of Unisoales Extension in Chrome... Please Help!!!


  • This topic is locked This topic is locked
10 replies to this topic

#1 crivera726

crivera726

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 18 January 2015 - 10:47 PM

I have been fighting with this extension on google chrome which is continuously allowing pop up ads to get through. I have deleted this extension numerous times to no avail. It just shows up again the minute I restart chrome.  It is making my laptop lag and I have no clue how to fix it.  I have I have downloaded the Malwarebytes software and run a scan but I am not sure what to do next. Please help!!! 

 

Here is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/18/2015
Scan Time: 10:24:05 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.11.20.06
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Christina
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 372444
Time Elapsed: 18 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 75
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, , [3acc6bd3a5d7a096680268905fa333cd], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [3acc6bd3a5d7a096680268905fa333cd], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [3acc6bd3a5d7a096680268905fa333cd], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, , [3acc6bd3a5d7a096680268905fa333cd], 
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, , [3acc6bd3a5d7a096680268905fa333cd], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [f2149aa4493337ff9673764c08faa957], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [f2149aa4493337ff9673764c08faa957], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, , [f2149aa4493337ff9673764c08faa957], 
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, , [f2149aa4493337ff9673764c08faa957], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, , [a85e95a9a5d777bf23173b2ee320a759], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, , [fb0be5598cf020162317e08930d3827e], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, , [57af112da1db73c33dfd87e2729125db], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, , [bd49e6589ede63d382b71f4a23e054ac], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, , [19ed211d82fa3ef8db5f39301be8f50b], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, , [877fb38bed8f41f5201a2e3b946f04fc], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, , [0204122c2359ac8ab981f37661a229d7], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, , [ec1a043ad1ab0f271426d29743c0aa56], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, , [48beb18d8cf024120c2ee386da2909f7], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, , [9175ef4fb0cc56e005353c2d2ad9e41c], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, , [e71f0b3374081b1b1a205514ec1736ca], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, , [7d89a39b87f58fa795a5b2b7f31015eb], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, , [cd39b48a6f0dec4a1d1d1653ba496997], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, , [7e88fc42ea9243f342f899d07e85867a], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, , [4abcf34b8af2a294c07a6306b54ed62a], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, , [0006b48a9be13303ea506cfd0ff4fa06], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, , [0df976c8f58793a365d56dfcd42f41bf], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, , [08fef14d5d1f5adc0b2f4920659e748c], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, , [818546f8ee8e063083b79acfcd36ab55], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, , [d1355be3d4a864d25bdfa3c6da2935cb], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, , [c73f77c727550a2c1c1e93d610f311ef], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, , [c541f34b0a7292a4c773abbe2ad96d93], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, , [a75f6ed0324aac8a90aad9908e759868], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, , [01054cf2522a36006bcf5e0bd231857b], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, , [24e2df5f4735b185c179115856ad6d93], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, , [cf37033b116bd75fa892ef7a07fce917], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, , [27df4bf3e993e74f78c2b2b70cf7cb35], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, , [8f779f9f7b016fc762d84128a65d4eb2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, , [cf370737a4d8082ebcd53e4f8381966a], 
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\ONESOFTPERDAY, , [c83e300ee696a2942267e45e08fbdf21], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickCtrl.9, , [57afb886354770c65edc501970932dd3], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine, , [fa0cf14d7804152151e9eb7e42c1ae52], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0, , [53b3241ac8b41f17201a6cfd1ee5a759], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdate.Update3WebControl.3, , [7f875ce26a12f046d366d19881827c84], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync, , [21e50a345e1e3303e75327421ae9ff01], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0, , [a066b48aed8fb38358e29ecb52b14ab6], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass, , [a85ed36ba2da75c1b486da8fce359a66], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreClass.1, , [b94d70ce92ea0d291624c5a4798a847c], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass, , [9c6a75c94834bd795ae03a2ffb08a759], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CoreMachineClass.1, , [c73fa29ca9d371c591a9f376b053de22], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine, , [17efcd710f6d60d6d1690069e81b639d], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0, , [e2247ec0abd138fe62d879f0778c06fa], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine, , [64a28db1512b59dd300a9dccb74c2dd3], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0, , [d234cd719ddf38fe69d192d71ee5f50b], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback, , [eb1b1628eb91a195330772f7788b738d], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0, , [e0265de13e3e2610e25801685ea5af51], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc, , [848216287309fc3a86b46306fd0632ce], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0, , [b353a9951c605cda8caeb2b74db6b050], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher, , [8d79dc62bcc0cd6979c1ee7bac57fd03], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0, , [1ee808365e1eaa8cf248da8f4ab98a76], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService, , [54b2c17d53290f27f842561360a38a76], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0, , [4fb746f8dd9fd066a9913a2f04ffd62a], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine, , [d13572ccbebec76fe555dc8d1ee5946c], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0, , [7a8cc17d3d3fb77f73c76afffb087987], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback, , [e4224bf31b61b4823a0058115aa97b85], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0, , [a46249f5f08c7fb78fabff6a7a896a96], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc, , [798d99a5700c88aee3572e3be71c8779], 
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0, , [7195f648bac2f343192155142ad96e92], 
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [8f7784bab0ccc076893c00ad2fd52cd4], 
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V9.0, , [59adba846c105cdab1ec363a37cc4bb5], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [8d7963db0c7082b40c7bbecf94704fb1], 
PUP.Optional.PriceMeter.A, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PriceMeter, , [0afcc37b5e1e3afcd46d8adff211d030], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [9076112d790374c2bfaa26896f9514ec], 
PUP.Optional.WeDownLoadManager.A, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WeDlMngr, , [bb4b50ee82fac76f7ff71239966d1ee2], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [a0665ce2760640f6501f9907848004fc], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [e3239ca288f426106bebd5c508fc51af], 
 
Registry Values: 3
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [0600c876fc80b97db0543e725ba9d030]
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ospd_us_548, , [d82e7ac4601cea4c5437ab973dc65ca4], 
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, , [010515296319d3633b1c8f0baa5aa25e]
 
Registry Data: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72),,[23e3ab93077541f5245b4afb43c2e21e]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-916696894-2385312038-2690276573-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72),,[fd0954ea2a5211251d61004565a001ff]
 
Folders: 18
Rogue.Multiple, C:\ProgramData\1078601655, , [3acc71cdc1bbba7cb8517782df2352ae], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Roaming\PriceMeterUpdater, , [7a8c4af4522a57df65f225ea35ce52ae], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Roaming\PriceMeterUpdater\UpdateProc, , [7a8c4af4522a57df65f225ea35ce52ae], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\CrashReports, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\1.3.23.0, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Download, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Install, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Program Files (x86)\PriceMeterLiveUpdate\Update\Offline\{F29C8015-6AC3-4815-93B5-DF9E905C7BA8}, , [17ef033bc6b64aec05532de2659e718f], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.SearchProtect.A, C:\Users\Christina\AppData\Local\SearchProtect, , [10f6ab93a9d342f433f4e638699aff01], 
PUP.Optional.SearchProtect.A, C:\Users\Christina\AppData\Local\SearchProtect\Logs, , [10f6ab93a9d342f433f4e638699aff01], 
PUP.Optional.SimpleFiles, C:\Program Files (x86)\SimpleFiles, , [33d3e5598bf14ee8c088c06acd36ae52], 
PUP.Optional.SimpleFiles, C:\Program Files (x86)\SimpleFilesUpdater, , [c83e47f728544bebed5ce842a55e847c], 
PUP.Optional.SimpleFiles, C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles, , [b55142fc89f3b87e3119979336cdaf51], 
 
Files: 194
PUP.Optional.EZDownloader.A, C:\Users\Christina\AppData\Local\Temp\F18d67\temp\EzDownloader_setup.exe, , [10f68db1324a1b1b5c6cc35c6a961fe1], 
PUP.Optional.MultiPlug.A, C:\Users\Christina\AppData\Local\Temp\F18d67\temp\hpds_setup.exe, , [848255e9e6966dc9e8e90de86e93f808], 
PUP.Optional.Conduit.A, C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ztj7fgi6.default\searchplugins\conduit-search.xml, , [8d79bb831b61de587f8de75b3fc44fb1], 
PUP.Optional.SimpleFiles, C:\WINDOWS\System32\Tasks\Update Service SimpleFiles, , [e71ffd413b417eb8547d1b2cda29ff01], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\System32\Tasks\pricemeterdownloader, , [28de8cb2027a6cca1658b39c63a04bb5], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\System32\Tasks\pricemetertask, , [bd49aa94f884a19569fb2330cf34e818], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\System32\Tasks\pricemeterwatcher, , [798de35bf18b8fa782e37cd7f112ae52], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore, , [986e54eafa8278beb9ad0d46cf34956b], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\System32\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA, , [db2b95a9a3d9310583e3ada66e950000], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\System32\Tasks\PriceMeterUpdater, , [26e01925d1ab8caac6a1a4af53b0ef11], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineCore.job, , [9b6bb8860f6d91a547f4d8917291e818], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\Tasks\PriceMeterLiveUpdateUpdateTaskMachineUA.job, , [fc0a52ecf389b0866ad18fda04ff2bd5], 
PUP.Optional.PriceMeter.A, C:\WINDOWS\Tasks\PriceMeterUpdater.job, , [a66043fbe993bd79ca72b4b553b07888], 
PUP.Optional.WebSearch.A, C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ztj7fgi6.default\searchplugins\WebSearch.xml, , [f01673cb5a22d66001447cf04ab91ce4], 
PUP.Optional.ColorMedia.A, C:\WINDOWS\SysWOW64\ColorMedia.ini, , [c442aa94e7952214b800941d2cd8a759], 
PUP.Optional.ColorMedia.A, C:\WINDOWS\System32\ColorMediaOff.ini, , [44c2d866700ce650962305acef158a76], 
PUP.Optional.ColorMedia.A, C:\WINDOWS\SysWOW64\ColorMediaOff.ini, , [e125c37b3f3d1422fbbe58595ca8fc04], 
Rogue.Multiple, C:\ProgramData\1078601655\BITD2F4.tmp, , [3acc71cdc1bbba7cb8517782df2352ae], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Roaming\PriceMeterUpdater\UpdateProc\config.dat, , [7a8c4af4522a57df65f225ea35ce52ae], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Roaming\PriceMeterUpdater\UpdateProc\info.dat, , [7a8c4af4522a57df65f225ea35ce52ae], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Roaming\PriceMeterUpdater\UpdateProc\STTL.DAT, , [7a8c4af4522a57df65f225ea35ce52ae], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Roaming\PriceMeterUpdater\UpdateProc\TTL.DAT, , [7a8c4af4522a57df65f225ea35ce52ae], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\cef.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\cfg.dat, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\console.log, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\devtools_resources.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\icon.ico, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\icudt.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\libcef.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\version.dat, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\am.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\am.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\am.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ar.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ar.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ar.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\bg.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\bg.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\bg.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\bn.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\bn.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\bn.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ca.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ca.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ca.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\cs.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\cs.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\cs.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\da.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\da.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\da.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\de.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\de.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\de.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\el.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\el.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\el.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\en-GB.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\en-GB.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\en-GB.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\en-US.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\en-US.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\en-US.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\es-419.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\es-419.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\es-419.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\es.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\es.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\es.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\et.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\et.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\et.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fa.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fa.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fa.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fi.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fi.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fi.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fil.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fil.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fil.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fr.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fr.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\fr.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\gu.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\gu.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\gu.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\he.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\he.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\he.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hi.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hi.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hi.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hr.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hr.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hr.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hu.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hu.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\hu.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\id.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\id.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\id.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\it.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\it.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\it.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ja.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ja.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ja.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\kn.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\kn.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\kn.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ko.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ko.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ko.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\lt.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\lt.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\lt.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\lv.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\lv.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\lv.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ml.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ml.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ml.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\mr.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\mr.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\mr.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ms.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ms.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ms.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\nb.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\nb.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\nb.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\nl.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\nl.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\nl.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pl.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pl.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pl.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pt-BR.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pt-BR.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pt-BR.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pt-PT.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pt-PT.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\pt-PT.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ro.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ro.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ro.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ru.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ru.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ru.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sk.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sk.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sk.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sl.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sl.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sl.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sr.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sr.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sr.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sv.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sv.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sv.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sw.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sw.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\sw.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ta.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ta.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\ta.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\te.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\te.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\te.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\th.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\th.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\th.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\tr.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\tr.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\tr.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\uk.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\uk.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\uk.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\vi.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\vi.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\vi.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\zh-CN.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\zh-CN.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\zh-CN.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\zh-TW.dll, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\zh-TW.dll.pdb, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.PriceMeter.A, C:\Users\Christina\AppData\Local\PriceMeter\locales\zh-TW.pak, , [17efb48ad8a484b261fa49c6da2925db], 
PUP.Optional.SimpleFiles, C:\Program Files (x86)\SimpleFiles\htmlayout.dll, , [33d3e5598bf14ee8c088c06acd36ae52], 
PUP.Optional.SimpleFiles, C:\Program Files (x86)\SimpleFilesUpdater\htmlayout.dll, , [c83e47f728544bebed5ce842a55e847c], 
PUP.Optional.SimpleFiles, C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles\SimpleFiles.lnk, , [b55142fc89f3b87e3119979336cdaf51], 
PUP.Optional.Conduit.A, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=55&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&SSPV=",), ,[d82e9da1374582b40892bbcbbc4951af]
PUP.Optional.Conduit.A, C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=55&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&SSPV=",), ,[54b2340add9f92a43763b1d52dd817e9]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


BC AdBot (Login to Remove)

 


#2 crivera726

crivera726
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 18 January 2015 - 11:01 PM

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Christina (administrator) on 18-01-2015 at 22:49:57
Running from "C:\Users\Christina\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
 
127.0.0.1 www.craftedge.com 
127.0.0.1 craftedge.com 
127.0.0.1       activate.adobe.com
127.0.0.1       practivate.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       adobe.activate.com
127.0.0.1       adobeereg.com                       
127.0.0.1       www.adobeereg.com                   
 
There are 3 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Intel® Centrino® Wireless-N 2230 = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Chrissy
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 60-36-DD-6C-B4-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 2230
   Physical Address. . . . . . . . . : 60-36-DD-6C-B4-B6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2604:2000:536a:1100:e4e8:3a55:90be:e469(Preferred) 
   Temporary IPv6 Address. . . . . . : 2604:2000:536a:1100:2555:2225:ad65:ab87(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::e4e8:3a55:90be:e469%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, January 18, 2015 1:57:17 PM
   Lease Expires . . . . . . . . . . : Sunday, January 18, 2015 11:24:20 PM
   Default Gateway . . . . . . . . . : fe80::16ab:f0ff:fec7:1617%13
                                       192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 325072605
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-4D-11-4E-20-89-84-21-8B-EC
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 20-89-84-21-8B-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Name:    google.com
Addresses:  2607:f8b0:4006:80b::1005
 74.125.226.166
 74.125.226.161
 74.125.226.160
 74.125.226.174
 74.125.226.163
 74.125.226.164
 74.125.226.165
 74.125.226.168
 74.125.226.167
 74.125.226.162
 74.125.226.169
 
 
Pinging google.com [2607:f8b0:4006:809::1005] with 32 bytes of data:
Request timed out.
Reply from 2607:f8b0:4006:809::1005: time=33ms 
 
Ping statistics for 2607:f8b0:4006:809::1005:
    Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 33ms, Average = 33ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=77ms TTL=49
Reply from 98.138.253.109: bytes=32 time=86ms TTL=49
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 77ms, Maximum = 86ms, Average = 81ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...60 36 dd 6c b4 b7 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...60 36 dd 6c b4 b6 ......Intel® Centrino® Wireless-N 2230
 12...20 89 84 21 8b ec ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.12     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.12    281
     192.168.0.12  255.255.255.255         On-link      192.168.0.12    281
    192.168.0.255  255.255.255.255         On-link      192.168.0.12    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.12    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.12    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    281 ::/0                     fe80::16ab:f0ff:fec7:1617
  1    306 ::1/128                  On-link
 13    281 2604:2000:536a:1100::/64 On-link
 13    281 2604:2000:536a:1100:2555:2225:ad65:ab87/128
                                    On-link
 13    281 2604:2000:536a:1100:e4e8:3a55:90be:e469/128
                                    On-link
 13    281 fe80::/64                On-link
 13    281 fe80::e4e8:3a55:90be:e469/128
                                    On-link
  1    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/18/2015 08:38:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203
 
Error: (01/18/2015 08:38:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203
 
Error: (01/18/2015 08:38:01 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/18/2015 06:26:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1219
 
Error: (01/18/2015 06:26:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1219
 
Error: (01/18/2015 06:26:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/18/2015 05:24:41 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
 
Error: (01/18/2015 05:24:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/18/2015 05:21:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
 
Error: (01/18/2015 05:20:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (01/17/2015 09:48:49 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error: 
%%1053
 
Error: (01/17/2015 09:48:49 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
 
Error: (01/17/2015 09:45:58 AM) (Source: Service Control Manager) (User: )
Description: The AVG Firewall service terminated with the following service-specific error: 
%%3758162007
 
Error: (01/17/2015 09:43:24 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/17/2015 09:41:41 AM) (Source: DCOM) (User: CHRISSY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (01/17/2015 09:41:41 AM) (Source: DCOM) (User: CHRISSY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (01/17/2015 09:41:35 AM) (Source: DCOM) (User: CHRISSY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (01/17/2015 09:41:35 AM) (Source: DCOM) (User: CHRISSY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (01/17/2015 09:33:43 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Store Service (WSService) service, but this action failed with the following error: 
%%1056
 
Error: (01/17/2015 09:32:29 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Store Service (WSService) service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-16 20:23:07.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-16 20:23:00.877
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-16 20:22:53.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-18 13:23:05.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-18 13:23:04.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\WINDOWS\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-05-09 18:43:17.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}) (Version: 1.33.0 - Kovid Goyal)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)
Cricut ™ Driver v2.01 (HKLM-x32\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
Cricut Craft Room® (HKLM-x32\...\com.cricut.Cricut-CraftRoom) (Version: v1.0 build-183 - Provo Craft & Novelty, Inc.)
Cricut Craft Room® (x32 Version: 1.0.183 - Provo Craft & Novelty, Inc.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-7620 Series Printer Uninstall (HKLM\...\EPSON WF-7620 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-7620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-7620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 11.4.8.1_WHQL (HKLM\...\Elantech) (Version: 11.4.8.1 - ELAN Microelectronic Corp.)
Five Nights at Freddy's (HKCU\...\Five Nights at Freddy's) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10182 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Print@Home (HKLM-x32\...\{123D4082-3194-4191-9139-067E9157C2B2}) (Version: 2.0.0 - Valassis Interactive Inc.)
RarMonkey (HKLM-x32\...\RarMonkey_is1) (Version: 1.6 - Harmony Hollow Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6748 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Silhouette Studio (HKLM-x32\...\{4EDB836B-7F7C-4D5C-8A57-758F21D1BCED}) (Version: 3.3.437 - Silhouette America)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\6849F67BACD4DA5A5B9D46803E6850D0BE8B3826) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 41%
Total physical RAM: 8047.52 MB
Available physical RAM: 4732.02 MB
Total Pagefile: 9263.52 MB
Available Pagefile: 5496.87 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.82 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows8_OS) (Fixed) (Total:883.4 GB) (Free:755.52 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.18 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\CHRISSY
 
Administrator            Christina                Guest                    
 
 
**** End of log ****

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8 x64
Ran by Christina on Sun 01/18/2015 at 22:51:31.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] couponprinterservice 
Successfully deleted: [Service] couponprinterservice 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pricemeterliveupdate.exe
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-916696894-2385312038-2690276573-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PacFunction_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PacFunction_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePacFunction_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePacFunction_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilPacFunction_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilPacFunction_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PacFunction_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PacFunction_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePacFunction_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePacFunction_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilPacFunction_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilPacFunction_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Christina\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Christina\AppData\Roaming\mozilla\firefox\profiles\ztj7fgi6.default\user.js
Successfully deleted: [File] C:\Users\Christina\AppData\Roaming\mozilla\firefox\profiles\ztj7fgi6.default\searchplugins\conduit-search.xml
Successfully deleted: [File] C:\Users\Christina\AppData\Roaming\mozilla\firefox\profiles\ztj7fgi6.default\searchplugins\websearch.xml
Successfully deleted the following from C:\Users\Christina\AppData\Roaming\mozilla\firefox\profiles\ztj7fgi6.default\prefs.js
 
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "hxxp://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
user_pref("browser.startup.homepage", "hxxp://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72");
user_pref("extensions.kRVeR8KaqLN4TFN1.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.nEXzq4qCm86iYzyz.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.nEXzq4qCm86iYzyz.url", "hxxp://solutionget.info/sync2/?q=hfZ9ofV9CShEAen0rTYGqihTB6lKDzt4olljtNtVh7n0rjnFrTs4rdnHrda9tMFHhd9FqjaFrjwFqTaHrHaMDMlGojUMAe4U
user_pref("keyword.URL", "hxxp://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72&l=1&q=");
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/18/2015 at 22:54:19.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 AM

Posted 19 January 2015 - 08:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 crivera726

crivera726
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 19 January 2015 - 11:47 AM

# AdwCleaner v4.108 - Report created 19/01/2015 at 11:28:17
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 8  (64 bits)
# Username : Christina - CHRISSY
# Running from : C:\Users\Christina\Downloads\adwcleaner_4.108.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\PriceMeterLiveUpdate
Folder Deleted : C:\ProgramData\SetApp
Folder Deleted : C:\ProgramData\PicColorData
Folder Deleted : C:\ProgramData\10811018078841289527
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\Amazon\ABB
Folder Deleted : C:\Program Files (x86)\PriceMeterLiveUpdate
Folder Deleted : C:\Program Files (x86)\SimpleFiles
Folder Deleted : C:\Program Files (x86)\SimpleFilesUpdater
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\Christina\AppData\Local\PriceMeter
Folder Deleted : C:\Users\Christina\AppData\Local\PriceMeterLiveUpdate
Folder Deleted : C:\Users\Christina\AppData\Roaming\PriceMeterUpdater
Folder Deleted : C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceMeter
Folder Deleted : C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ztj7fgi6.default\Extensions\C@S3Dd9Q7.edu
Folder Deleted : C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ztj7fgi6.default\Extensions\Y@xT.org
File Deleted : C:\END
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : pricemeterdownloader
Task Deleted : PriceMeterLiveUpdateUpdateTaskMachineCore
Task Deleted : PriceMeterLiveUpdateUpdateTaskMachineUA
Task Deleted : pricemetertask
Task Deleted : PriceMeterUpdater
Task Deleted : pricemeterwatcher
Task Deleted : Update Service SimpleFiles
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\PriceMeter
Key Deleted : HKCU\Software\PriceMeterLiveUpdate
Key Deleted : HKCU\Software\PriceMeterUpdater
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SpeeditUp
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\DealPlyLive
Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
Key Deleted : HKLM\SOFTWARE\SimpleFiles
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\PicColor Utility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.9
Key Deleted : [x64] HKLM\SOFTWARE\PicColor Utility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17183
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=58&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&q={searchTerms}&SSPV=
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=58&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&q={searchTerms}&SSPV=
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=62430982-a3a7-4520-85ef-ec253ecc8d4a&searchtype=ds&q={searchTerms}&installDate=21/09/2013
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=62430982-a3a7-4520-85ef-ec253ecc8d4a&searchtype=ds&q={searchTerms}&installDate=21/09/2013
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=55&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&SSPV=
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=55&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&SSPV=
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=AF98DF4E-04CA-4249-BF2C-2D861099C8B6&n=780b85f1&ind=2014021105&p2=^AFD^xdm003^YYA^us&si=CJ3HwNqRxbwCFeRi7Aodi3EAPg
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=58&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&q={searchTerms}&SSPV=
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=58&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&q={searchTerms}&SSPV=
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=62430982-a3a7-4520-85ef-ec253ecc8d4a&searchtype=ds&q={searchTerms}&installDate=21/09/2013
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=62430982-a3a7-4520-85ef-ec253ecc8d4a&searchtype=ds&q={searchTerms}&installDate=21/09/2013
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=55&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&SSPV=
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321733&octid=EB_ORIGINAL_CTID&ISID=MBDCB0BE0-CC0E-4379-A9DD-CC60F1111A9E&SearchSource=55&CUI=&UM=2&UP=SP03A93508-3F9A-405F-BEA5-E09E26568DDE&SSPV=
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72
[C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://websearch.searchoholic.info/?pid=2825&r=2014/12/29&hid=6706512801767581341&lg=EN&cc=US&unqvl=72
 
*************************
 
AdwCleaner[R0].txt - [16601 octets] - [19/01/2015 11:21:07]
AdwCleaner[S0].txt - [16354 octets] - [19/01/2015 11:28:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16415 octets] ##########
 


#5 crivera726

crivera726
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 19 January 2015 - 11:55 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 03
Ran by Christina (administrator) on CHRISSY on 19-01-2015 11:51:59
Running from C:\Users\Christina\Downloads
Loaded Profiles: Christina (Available profiles: Christina & Administrator)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\WINDOWS\System32\dasHost.exe
(Seiko Epson Corporation) C:\WINDOWS\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Realtek semiconductor) C:\WINDOWS\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIKAE.EXE
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIKAE.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\WINDOWS\WinStore\WSHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6334096 2012-08-27] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-27] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-12-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-12-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ospd_us_548] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-916696894-2385312038-2690276573-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKAE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-916696894-2385312038-2690276573-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKAE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-916696894-2385312038-2690276573-1001\...\MountPoints2: {98abf47d-7f88-11e3-be82-6036dd6cb4ba} - "F:\Autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-916696894-2385312038-2690276573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKU\S-1-5-21-916696894-2385312038-2690276573-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-916696894-2385312038-2690276573-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-916696894-2385312038-2690276573-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-916696894-2385312038-2690276573-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-916696894-2385312038-2690276573-1001 -> {E2AA0313-5E9C-4A2F-B45A-638207083017} URL = 
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Christina\AppData\Roaming\Mozilla\Firefox\Profiles\ztj7fgi6.default
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-11-21]
CHR Extension: (Google Docs) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-21]
CHR Extension: (Google Drive) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-21]
CHR Extension: (Embed WMPlayer inline) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bamkbfdmckphehgiafpenehgebjgdlli [2013-11-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]
CHR Extension: (YouTube) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-21]
CHR Extension: (Adblock Plus) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-28]
CHR Extension: (Google Search) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-21]
CHR Extension: (Pixlr-o-matic) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2013-11-21]
CHR Extension: (Facebook Disconnect) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2013-11-21]
CHR Extension: (AdBlock) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-28]
CHR Extension: (CityVille) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgkinlmadnbppnmldahlkmpkopceiepj [2013-11-21]
CHR Extension: (Media file downloader) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab [2013-11-21]
CHR Extension: (Google Wallet) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (Blue Space Sunset Chrome Theme) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndfdjfoclbidmgpmbelcieibgjjfdog [2014-04-01]
CHR Extension: (Instagram for Chrome) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2013-11-21]
CHR Extension: (Gmail) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-21]
CHR Extension: (unisoales) - C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm\ [2013-11-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2014-11-04] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8227216 2012-08-27] (Realtek Semiconductor Corp.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 11:20 - 2015-01-19 11:28 - 00000000 ____D () C:\AdwCleaner
2015-01-19 11:19 - 2015-01-19 11:19 - 02186752 _____ () C:\Users\Christina\Downloads\adwcleaner_4.108.exe
2015-01-18 23:42 - 2015-01-18 23:54 - 00027238 _____ () C:\Users\Christina\Downloads\Addition.txt
2015-01-18 23:41 - 2015-01-19 11:52 - 00000000 ____D () C:\FRST
2015-01-18 23:41 - 2015-01-19 11:51 - 00023591 _____ () C:\Users\Christina\Downloads\FRST.txt
2015-01-18 23:40 - 2015-01-18 23:40 - 02126848 _____ (Farbar) C:\Users\Christina\Downloads\FRST64.exe
2015-01-18 22:54 - 2015-01-18 22:54 - 00005551 _____ () C:\Users\Christina\Desktop\JRT.txt
2015-01-18 22:51 - 2015-01-18 22:51 - 01707939 _____ (Thisisu) C:\Users\Christina\Downloads\JRT.exe
2015-01-18 22:51 - 2015-01-18 22:51 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-18 22:49 - 2015-01-18 22:50 - 00038714 _____ () C:\Users\Christina\Downloads\Result.txt
2015-01-18 22:48 - 2015-01-18 22:48 - 00401920 _____ (Farbar) C:\Users\Christina\Downloads\MiniToolBox.exe
2015-01-18 22:23 - 2015-01-19 11:31 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 22:23 - 2015-01-18 22:23 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 22:23 - 2015-01-18 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 22:23 - 2015-01-18 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 22:23 - 2015-01-18 22:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-18 22:23 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-18 22:23 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-18 22:23 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-18 22:22 - 2015-01-18 22:23 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christina\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-18 21:41 - 2015-01-18 21:44 - 00000000 ____D () C:\Users\Christina\Downloads\FXhome PhotoKey 6 Pro 6.0.0021 (Win 64 bit) [ChingLiu]
2015-01-18 21:41 - 2015-01-18 21:41 - 00019804 _____ () C:\Users\Christina\Downloads\[kickass.so]fxhome.photokey.6.pro.6.0.0021.win.64.bit.chingliu.torrent
2015-01-16 09:20 - 2015-01-16 09:20 - 00001996 _____ () C:\Users\Public\Desktop\Silhouette Studio.lnk
2015-01-16 09:19 - 2015-01-16 09:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silhouette Studio
2015-01-16 09:19 - 2015-01-16 09:20 - 00000000 ____D () C:\Program Files (x86)\Silhouette Studio
2015-01-16 09:16 - 2015-01-16 09:16 - 98312816 _____ (Silhouette America) C:\Users\Christina\Downloads\silhouette-studio_v3.3.437.exe
2015-01-14 10:02 - 2015-01-14 10:02 - 00034649 _____ () C:\Users\Christina\Downloads\339.zip
2015-01-13 17:23 - 2015-01-13 17:23 - 00002086 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2015-01-13 17:23 - 2015-01-13 17:23 - 00002066 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2015-01-13 17:11 - 2015-01-13 17:16 - 00000000 ____D () C:\Users\Christina\Downloads\Adobe Photoshop Lightroom 5.6 Final (64 bit) [ChingLiu]
2015-01-13 17:10 - 2015-01-13 17:10 - 00020055 _____ () C:\Users\Christina\Downloads\[kat.sitescrack.com]adobe.photoshop.lightroom.5.6.final.64.bit.chingliu.torrent
2015-01-13 16:30 - 2014-11-26 21:40 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-01-13 16:30 - 2014-11-26 20:28 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-01-13 16:30 - 2014-11-15 01:06 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-01-13 16:30 - 2014-11-15 00:13 - 03286016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-01-13 16:30 - 2014-11-15 00:13 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-01-13 16:30 - 2014-11-15 00:13 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-01-13 16:30 - 2014-11-15 00:13 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-01-13 16:30 - 2014-11-15 00:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-01-13 16:30 - 2014-11-15 00:13 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-01-13 16:30 - 2014-11-15 00:13 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-01-13 16:30 - 2014-11-15 00:12 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-01-13 16:30 - 2014-11-14 22:54 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-01-13 16:30 - 2014-11-14 22:53 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-01-13 16:30 - 2014-11-14 22:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-01-13 16:30 - 2014-11-14 22:53 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-01-13 16:29 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 16:29 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 16:29 - 2014-12-11 02:35 - 06973248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-01-13 16:29 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 16:29 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 16:29 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 16:29 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 16:29 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 16:29 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 16:29 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 16:29 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 16:29 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 16:29 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 16:29 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 16:29 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 16:29 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 16:29 - 2014-11-05 01:40 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-01-13 16:29 - 2014-11-05 01:39 - 01024512 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-01-13 16:29 - 2014-11-01 01:28 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-01-13 16:29 - 2014-10-29 09:21 - 00499008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-01-13 16:29 - 2014-10-27 17:10 - 00390841 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-01-01 17:21 - 2015-01-01 17:21 - 00000000 ___HD () C:\ProgramData\CanonIJFax
2014-12-30 22:07 - 2014-12-30 22:07 - 00000000 ____D () C:\Users\Christina\AppData\Local\Bluestacks
2014-12-30 21:40 - 2015-01-07 14:54 - 00000000 ____D () C:\Users\Christina\AppData\Local\Popcorn-Time
2014-12-30 21:40 - 2014-12-30 21:40 - 00002235 _____ () C:\Users\Christina\Desktop\Popcorn Time.lnk
2014-12-30 21:40 - 2014-12-30 21:40 - 00000000 ____D () C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-12-30 21:39 - 2014-12-30 21:40 - 00000000 ____D () C:\Users\Christina\AppData\Local\Popcorn Time
2014-12-30 21:34 - 2014-12-30 23:12 - 00000000 ____D () C:\Users\Christina\Downloads\The Legend of Korra - The Complete Series_ Season 1-4 [720p - WEB-DL]
2014-12-30 20:59 - 2014-12-30 21:24 - 00000000 ____D () C:\Users\Christina\Downloads\Avatar The Last Airbender Book 1,2,3[Water,Earth,Fire] Complete episods Salman Sk Silver RG
2014-12-30 20:47 - 2014-12-30 20:47 - 00000000 ____D () C:\Users\Christina\.android
2014-12-28 23:29 - 2014-12-28 23:29 - 00000000 ____D () C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm
2014-12-28 22:32 - 2014-12-30 22:08 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-12-28 17:52 - 2014-12-28 17:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-28 17:50 - 2015-01-13 17:45 - 00000000 ____D () C:\Program Files\Adobe
2014-12-28 17:44 - 2014-12-28 17:44 - 00000000 ___RD () C:\Users\Christina\Creative Cloud Files
2014-12-28 17:43 - 2014-12-28 17:43 - 00001320 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-12-28 17:43 - 2014-12-28 17:43 - 00001308 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-12-28 16:59 - 2014-12-28 16:59 - 00000000 ____D () C:\Users\Christina\Downloads\RB Polaroid Cameras
2014-12-28 16:58 - 2014-12-28 16:58 - 00920435 _____ () C:\Users\Christina\Downloads\RB Polaroid Cameras.zip
2014-12-21 00:06 - 2015-01-18 22:52 - 00000000 ____D () C:\ProgramData\1078601655
2014-12-21 00:03 - 2014-12-21 00:03 - 00001886 _____ () C:\WINDOWS\patsearch.bin
2014-12-21 00:03 - 2014-12-21 00:03 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-20 23:57 - 2014-12-21 23:00 - 00000000 ____D () C:\ProgramData\FellowSky
2014-12-20 23:57 - 2014-12-21 00:05 - 00006720 _____ () C:\WINDOWS\SysWOW64\ColorMedia.ini
2014-12-20 23:57 - 2014-12-21 00:05 - 00004488 _____ () C:\WINDOWS\SysWOW64\ColorMediaOff.ini
2014-12-20 23:57 - 2014-12-21 00:05 - 00004488 _____ () C:\WINDOWS\system32\ColorMediaOff.ini
2014-12-20 23:57 - 2014-12-20 23:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\FellowSky
2014-12-20 23:56 - 2014-12-20 23:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-19 11:49 - 2014-11-14 21:49 - 00000935 _____ () C:\WINDOWS\Tasks\EPSON WF-7620 Series Update {ACBBB860-7348-48AA-8661-5FC7E97A6BF1}.job
2015-01-19 11:49 - 2014-11-14 21:49 - 00000749 _____ () C:\WINDOWS\Tasks\EPSON WF-7620 Series Invitation {ACBBB860-7348-48AA-8661-5FC7E97A6BF1}.job
2015-01-19 11:45 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-01-19 11:43 - 2012-12-02 09:21 - 01155582 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-19 11:41 - 2013-11-16 18:21 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-916696894-2385312038-2690276573-1001
2015-01-19 11:31 - 2014-09-23 07:50 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 11:31 - 2013-11-16 18:20 - 00000000 ____D () C:\Users\Christina\AppData\Local\Adobe
2015-01-19 11:30 - 2014-01-31 20:17 - 00027336 _____ () C:\WINDOWS\PFRO.log
2015-01-19 11:30 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-19 11:29 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-19 11:20 - 2013-11-20 12:14 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 11:18 - 2012-07-26 02:28 - 00848230 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-19 11:17 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-18 23:57 - 2014-11-14 21:57 - 00000935 _____ () C:\WINDOWS\Tasks\EPSON WF-7620 Series Update {E9A4534C-5036-4A90-991E-EA17C5F8A8F0}.job
2015-01-18 23:57 - 2014-11-14 21:57 - 00000749 _____ () C:\WINDOWS\Tasks\EPSON WF-7620 Series Invitation {E9A4534C-5036-4A90-991E-EA17C5F8A8F0}.job
2015-01-18 23:44 - 2013-12-22 20:44 - 00000000 ____D () C:\Users\Christina\AppData\Roaming\uTorrent
2015-01-18 23:08 - 2014-03-10 15:57 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-18 23:06 - 2014-09-23 07:50 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 14:56 - 2014-10-11 13:02 - 00000000 ____D () C:\Users\Christina\Desktop\Silhouette Images
2015-01-17 13:31 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
2015-01-17 13:01 - 2013-09-13 23:02 - 00120320 ___SH () C:\Users\Christina\Downloads\Thumbs.db
2015-01-17 09:50 - 2014-09-27 14:59 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-17 09:45 - 2014-10-23 16:17 - 04982624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-16 15:03 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-16 13:53 - 2014-09-27 14:50 - 00000000 ____D () C:\Users\Christina\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
2015-01-16 13:53 - 2014-09-27 14:50 - 00000000 ____D () C:\ProgramData\com.aspexsoftware.Silhouette_Studio.8
2015-01-16 09:19 - 2014-03-23 10:46 - 00117248 ___SH () C:\Users\Christina\Desktop\Thumbs.db
2015-01-16 09:08 - 2014-11-14 21:42 - 00000000 ____D () C:\ProgramData\EPSON
2015-01-15 11:01 - 2013-11-17 22:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-15 10:55 - 2013-11-17 22:00 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 18:03 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-13 17:08 - 2014-03-10 15:57 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-13 16:50 - 2014-06-01 10:24 - 00000000 ____D () C:\Users\Christina\AppData\Roaming\vlc
2015-01-05 18:28 - 2014-11-15 12:03 - 00714176 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-05 18:28 - 2014-11-15 12:03 - 00106440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-30 23:39 - 2014-12-11 17:40 - 00000000 ____D () C:\Users\Christina\Downloads\Ed Sheeran - x (Deluxe Edition)
2014-12-30 22:09 - 2013-11-16 18:10 - 00000000 ____D () C:\Users\Christina\AppData\Local\Packages
2014-12-30 20:55 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-30 20:47 - 2013-11-16 18:06 - 00000000 ____D () C:\Users\Christina
2014-12-28 17:52 - 2013-11-16 18:21 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-28 17:52 - 2013-11-16 18:12 - 00000000 ____D () C:\Users\Christina\AppData\Roaming\Adobe
2014-12-28 17:42 - 2013-11-16 18:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-28 17:26 - 2013-11-22 18:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 13:37 - 2014-09-28 20:07 - 03645773 _____ () C:\WINDOWS\setupact.log
2014-12-21 18:39 - 2014-01-14 19:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-21 18:30 - 2014-09-23 07:53 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
2014-04-04 15:10 - 2014-04-05 18:10 - 0000073 _____ () C:\Users\Christina\AppData\Roaming\WB.CFG
2014-08-31 17:49 - 2014-08-31 17:49 - 0000218 _____ () C:\Users\Christina\AppData\Local\recently-used.xbel
2014-11-07 20:15 - 2014-11-07 20:15 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-02 09:14 - 2012-12-02 09:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Christina\AppData\Local\Temp\A390.exe
C:\Users\Christina\AppData\Local\Temp\Quarantine.exe
C:\Users\Christina\AppData\Local\Temp\sqlite3.dll
C:\Users\Christina\AppData\Local\Temp\TsuFA2AC8DA.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-15 09:32
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 AM

Posted 19 January 2015 - 02:02 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [ospd_us_548] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-916696894-2385312038-2690276573-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (unisoales) - C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm\ [2013-11-21]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
C:\Program Files\shopperz
C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 crivera726

crivera726
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 19 January 2015 - 02:25 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 03
Ran by Christina at 2015-01-19 14:16:46 Run:1
Running from C:\Users\Christina\Downloads
Loaded Profiles: Christina (Available profiles: Christina & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [ospd_us_548] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-916696894-2385312038-2690276573-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-21]
CHR Extension: (unisoales) - C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm\ [2013-11-21]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
C:\Program Files\shopperz
C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_548 => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-916696894-2385312038-2690276573-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\Christina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm\ => Moved successfully.
cherimoya => Service deleted successfully.
"C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll" => File/Directory not found.
"C:\Program Files\shopperz" => File/Directory not found.
"C:\ProgramData\hcompkldbdpphdnlagimppknnfjgapbm" => File/Directory not found.
 
==== End of Fixlog 14:16:46 ====


#8 crivera726

crivera726
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 19 January 2015 - 02:27 PM

 Results of screen317's Security Check version 0.99.93  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Internet Security 2013   
Windows Defender             
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java version 32-bit out of Date! 
 Adobe Flash Player 16.0.0.257  
 Mozilla Firefox (34.0.5) 
 Google Chrome (39.0.2171.95) 
 Google Chrome (plugins...) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#9 crivera726

crivera726
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 19 January 2015 - 02:50 PM

I use AVG as my antivirus... should I be using something else?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 AM

Posted 20 January 2015 - 07:50 AM

AVG is good. Keep it up to date.

===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
The latest version is Java 7 Update 71 for the 32 bit Operating system.
Java 8 Update 25 for the 64 bit Operating system.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 45

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:56 AM

Posted 26 January 2015 - 09:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users