Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting/certain sites not working


  • This topic is locked This topic is locked
10 replies to this topic

#1 AlexC1986

AlexC1986

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 19 February 2015 - 11:56 AM

Hi all, been dealing with this problem for several days now and have used the usual suspects regarding anti-virus software from reputable sites, which has turned up nothing.  The gist of it is that random websites are unresponsive and then occasionally I'm redirected to strange Google homepages with (fake looking) ads.  This is happening across browsers and computers on the home network in my family's house, so I suspect it is some kind of network software that's been hit.  I will start on my computer and use the same process on all of them if necessary and advised.  For example, when I type "eftps.gov" into the address bar, instead of going to the website, it sends me to Google with "http://eftps.gov/" filled into the search box an ad for the NBA underneath it that has a clickable "like" button (scared to check if it's legit or not, I assume it is not).  When I Google search "eftps" and go to the site, I get an error that the page is not available.  I've attached a picture of the redirect.  Previously, when I typed in espn.com, it would send me to the same page (but with espn.com in the address bar) but with bogus looking ads underneath the search advertising Louis Vuitton bags.  It now loads normally.   I noticed in the addition.txt log that there are strange addresses under the host section that I had been advised on a Google board to clear out and now they're back.

Here is the log requested:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Owner (administrator) on OWNER-PC on 19-02-2015 11:31:53
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(AOL Inc.) C:\Program Files (x86)\AIM\aim.exe
(Spotify Ltd) C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Voobly) C:\Program Files (x86)\Voobly\voobly.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe [18240 2010-07-21] (Dell)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120032 2010-08-11] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4321112 2011-05-03] (AOL Inc.)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-21] (Google Inc.)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Spotify Web Helper] => C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-10-24] (Spotify Ltd)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [159744 2014-03-20] (Voobly)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [supertintin_skype] => C:\Program Files (x86)\SuperTintin for Skype\supertintin_skype.exe [1538048 2013-02-23] (Imtiger Software Inc.)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Tiny download manager] => "C:\Users\Owner\AppData\Local\DM\TinyDM.exe" /M
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [uTorrent] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe [1378640 2014-12-11] (BitTorrent Inc.)
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\MountPoints2: {b854ac20-8a5c-11e0-8c30-806e6f6e6963} - D:\ClicknConnect.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-13239763-3604620186-3359948431-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-13239763-3604620186-3359948431-1000 -> No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\uz9ul47g.default-1424048882810
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-13239763-3604620186-3359948431-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-13239763-3604620186-3359948431-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-13239763-3604620186-3359948431-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-13239763-3604620186-3359948431-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-13239763-3604620186-3359948431-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-13239763-3604620186-3359948431-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.cnn.com/", "about:blank"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-25]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-02-17]
CHR Extension: (Motive Extension) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-06-20]
CHR Extension: (AdBlock) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-05-19]
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-02-17]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2013-12-19]
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-28]
CHR Extension: (Share on Tumblr) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mohemmpiompfkodgmdnoinaocckbphho [2013-12-09]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-25]
CHR HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Owner\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [Not Found]
CHR HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Owner\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Owner\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-06-20]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Owner\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [983104 2010-11-03] (Intel Corporation) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [305152 2011-09-08] (IDT, Inc.) [File not signed]
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-02-15] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-15] (Emsisoft GmbH)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-03-15] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 11:20 - 2015-02-19 11:29 - 00051687 _____ () C:\Users\Owner\Desktop\Addition.txt
2015-02-19 11:18 - 2015-02-19 11:32 - 00029063 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-02-19 11:18 - 2015-02-19 11:31 - 00000000 ____D () C:\FRST
2015-02-19 11:17 - 2015-02-19 11:17 - 02086912 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-02-19 09:53 - 2015-02-19 10:57 - 00130465 ____H () C:\Users\Owner\Desktop\~WRL0006.tmp
2015-02-18 00:16 - 2015-02-18 00:16 - 00000077 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2015-02-18 00:15 - 2015-02-18 00:15 - 00024100 _____ () C:\Users\Owner\Desktop\Parks.and.Recreation.S07E11.720p.HDTV.X264-DIMENSION.torrent
2015-02-17 08:54 - 2015-02-17 08:54 - 00000000 ____D () C:\ProgramData\Sun
2015-02-17 08:54 - 2015-02-17 08:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-17 08:53 - 2015-02-17 08:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-17 08:53 - 2015-02-17 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-02-17 08:53 - 2015-02-17 08:53 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-17 08:52 - 2015-02-17 08:52 - 00639912 _____ (Oracle Corporation) C:\Users\Owner\Downloads\jxpiinstall.exe
2015-02-17 00:48 - 2015-02-17 00:48 - 00000000 ____D () C:\Windows\pss
2015-02-17 00:46 - 2015-02-17 00:46 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-02-15 20:08 - 2015-02-15 20:08 - 00000000 ____D () C:\Users\Owner\Desktop\Old Firefox Data
2015-02-15 19:56 - 2015-02-15 19:56 - 00052464 _____ () C:\EamClean.log
2015-02-15 19:42 - 2015-02-17 08:54 - 00000000 ____D () C:\EEK
2015-02-15 19:42 - 2015-02-15 19:42 - 00000745 _____ () C:\Users\Owner\Desktop\Start Emsisoft Emergency Kit.lnk
2015-02-15 19:41 - 2015-02-15 19:42 - 169375544 _____ () C:\Users\Owner\Desktop\EmsisoftEmergencyKit.exe
2015-02-15 19:40 - 2015-02-15 19:47 - 00000000 ____D () C:\AdwCleaner
2015-02-15 19:40 - 2015-02-15 19:40 - 02112512 _____ () C:\Users\Owner\Desktop\adwcleaner_4.110.exe
2015-02-15 19:39 - 2015-02-15 19:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-15 19:22 - 2015-02-15 19:27 - 11227888 _____ (SurfRight B.V.) C:\Users\Owner\Desktop\HitmanPro_x64.exe
2015-02-15 19:21 - 2015-02-15 19:37 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-15 19:17 - 2015-02-15 19:21 - 10288040 _____ (SurfRight B.V.) C:\Users\Owner\Desktop\HitmanPro.exe
2015-02-13 21:19 - 2015-02-13 21:19 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2015-02-13 12:29 - 2015-02-13 12:29 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-13 12:27 - 2015-02-13 12:27 - 00243440 _____ () C:\Users\Owner\Desktop\Firefox Setup Stub 35.0.1.exe
2015-02-13 11:36 - 2015-02-13 11:36 - 00003556 _____ () C:\Users\Owner\Desktop\software_removal_tool.log
2015-02-12 23:43 - 2015-02-12 23:43 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-12 23:43 - 2015-02-12 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-12 23:42 - 2015-02-19 10:47 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 23:42 - 2015-02-18 23:47 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 23:42 - 2015-02-12 23:42 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-12 23:42 - 2015-02-12 23:42 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-12 22:03 - 2015-02-12 22:03 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-02-12 20:03 - 2015-02-12 23:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 17:09 - 2015-02-12 17:09 - 00000296 _____ () C:\Users\Owner\Desktop\soccerbets.txt
2015-02-11 11:56 - 2015-02-12 23:29 - 00000000 ___DC () C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-02-11 11:55 - 2015-02-11 11:57 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-02-09 00:20 - 2015-01-27 17:53 - 393963315 _____ () C:\Users\Owner\Desktop\Kill.the.Messenger.2014.LIMITED.720p.BluRay.x264-GECKOS.mkv
2015-01-30 23:42 - 2015-02-12 23:29 - 00000000 ____D () C:\Users\Owner\Desktop\Kill.the.Messenger.2014.LIMITED.720p.BluRay.x264-GECKOS
2015-01-28 13:58 - 2015-01-28 13:59 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-19 11:29 - 2011-10-03 19:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-02-19 11:21 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-19 11:21 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-19 10:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At69.job
2015-02-19 10:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At68.job
2015-02-19 10:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At22.job
2015-02-19 10:41 - 2013-02-23 15:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-19 10:40 - 2012-05-23 00:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13239763-3604620186-3359948431-1000UA.job
2015-02-19 09:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At67.job
2015-02-19 09:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At66.job
2015-02-19 09:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At20.job
2015-02-19 08:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At65.job
2015-02-19 08:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At64.job
2015-02-19 08:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At18.job
2015-02-19 07:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At63.job
2015-02-19 07:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At62.job
2015-02-19 07:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At16.job
2015-02-19 07:19 - 2011-05-29 20:30 - 02033771 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 07:16 - 2011-10-22 19:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2015-02-19 07:15 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At61.job
2015-02-19 07:15 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At59.job
2015-02-19 07:15 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At57.job
2015-02-19 07:15 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At60.job
2015-02-19 07:15 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At58.job
2015-02-19 07:15 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At56.job
2015-02-19 07:15 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At14.job
2015-02-19 07:15 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At12.job
2015-02-19 07:15 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At10.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At55.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At53.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At51.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At49.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At54.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At52.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At50.job
2015-02-19 04:42 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At1.job
2015-02-19 04:42 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At8.job
2015-02-19 04:42 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At6.job
2015-02-19 04:42 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At4.job
2015-02-19 04:42 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At2.job
2015-02-18 23:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At95.job
2015-02-18 23:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At94.job
2015-02-18 23:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At48.job
2015-02-18 23:40 - 2012-05-23 00:34 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13239763-3604620186-3359948431-1000Core.job
2015-02-18 22:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At93.job
2015-02-18 22:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At92.job
2015-02-18 22:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At46.job
2015-02-18 21:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At91.job
2015-02-18 21:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At90.job
2015-02-18 21:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At44.job
2015-02-18 20:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At89.job
2015-02-18 20:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At88.job
2015-02-18 20:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At42.job
2015-02-18 19:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At87.job
2015-02-18 19:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At86.job
2015-02-18 19:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At40.job
2015-02-18 18:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At85.job
2015-02-18 18:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At84.job
2015-02-18 18:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At38.job
2015-02-18 17:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At83.job
2015-02-18 17:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At82.job
2015-02-18 17:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At36.job
2015-02-18 16:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At81.job
2015-02-18 16:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At80.job
2015-02-18 16:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At34.job
2015-02-18 15:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At79.job
2015-02-18 15:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At78.job
2015-02-18 15:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At32.job
2015-02-18 14:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At77.job
2015-02-18 14:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At76.job
2015-02-18 14:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At30.job
2015-02-18 13:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At75.job
2015-02-18 13:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At74.job
2015-02-18 13:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At28.job
2015-02-18 12:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At73.job
2015-02-18 12:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At72.job
2015-02-18 12:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At26.job
2015-02-18 11:43 - 2011-12-16 07:41 - 00000346 _____ () C:\Windows\Tasks\At71.job
2015-02-18 11:43 - 2011-12-16 07:41 - 00000344 _____ () C:\Windows\Tasks\At70.job
2015-02-18 11:43 - 2011-11-23 12:58 - 00000346 _____ () C:\Windows\Tasks\At24.job
2015-02-18 09:30 - 2009-07-14 00:13 - 00006502 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-18 09:25 - 2012-07-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Voobly
2015-02-18 09:25 - 2011-07-29 17:36 - 00000072 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-02-18 09:25 - 2011-07-29 17:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\SoftThinks
2015-02-18 09:25 - 2011-05-29 21:12 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-02-18 09:24 - 2012-09-07 14:37 - 00043805 _____ () C:\Windows\setupact.log
2015-02-18 09:24 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 09:41 - 2013-02-23 15:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-16 09:41 - 2013-02-23 15:50 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-16 09:41 - 2011-09-18 11:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-15 19:57 - 2013-03-17 13:06 - 00092520 _____ () C:\Windows\PFRO.log
2015-02-13 12:47 - 2012-06-04 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-13 12:29 - 2015-01-19 16:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-13 12:29 - 2012-06-04 16:01 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-12 23:43 - 2011-10-23 02:12 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-12 23:42 - 2011-07-29 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2015-02-12 23:41 - 2012-05-23 13:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2015-02-12 23:35 - 2012-05-23 00:34 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-13239763-3604620186-3359948431-1000UA
2015-02-12 23:35 - 2012-05-23 00:34 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-13239763-3604620186-3359948431-1000Core
2015-02-12 23:33 - 2011-07-29 17:21 - 00000000 ____D () C:\Users\Owner
2015-02-12 23:32 - 2014-04-28 22:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 23:32 - 2013-05-22 20:01 - 00000000 ____D () C:\Program Files\My Dell
2015-02-12 23:32 - 2011-11-25 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-02-12 23:32 - 2011-05-29 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-12 23:31 - 2015-01-06 11:25 - 00000000 ____D () C:\Users\Owner\Desktop\Broadchurch.S02E01.720p.HDTV.x264-FTP
2015-02-12 23:31 - 2014-12-10 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-02-12 23:31 - 2014-04-28 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-02-12 23:31 - 2014-04-28 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-12 23:31 - 2014-04-28 22:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-02-12 23:31 - 2014-04-28 22:59 - 00000000 ____D () C:\Program Files\iTunes
2015-02-12 23:31 - 2014-04-28 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-02-12 23:31 - 2014-04-28 22:53 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-02-12 23:31 - 2013-05-22 20:02 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-12 23:31 - 2012-09-08 17:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\dtc
2015-02-12 23:31 - 2011-11-27 11:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-12 23:31 - 2011-11-27 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-12 23:31 - 2011-11-27 11:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-02-12 23:31 - 2011-11-25 15:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2015-02-12 23:31 - 2011-11-25 15:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-02-12 23:31 - 2011-09-29 23:46 - 00000000 ____D () C:\Windows\system32\Macromed
2015-02-12 23:31 - 2011-09-06 22:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Spotify
2015-02-12 23:31 - 2011-08-26 10:00 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-12 23:31 - 2011-05-29 21:07 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-12 23:31 - 2011-05-29 20:39 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-02-12 23:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-12 23:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-12 23:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-12 23:27 - 2011-11-25 15:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 23:26 - 2014-04-28 22:59 - 00000000 ____D () C:\Program Files\iPod
2015-02-12 23:26 - 2011-08-27 10:05 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-12 23:10 - 2012-01-25 02:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-12 21:37 - 2015-01-10 00:23 - 00000000 ____D () C:\Users\Owner\Desktop\img
2015-02-02 14:53 - 2011-09-06 22:33 - 00000000 ____D () C:\Users\Owner\AppData\Local\Spotify
2015-01-26 10:37 - 2013-05-22 20:02 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-21 08:18 - 2011-05-29 20:53 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-20 15:45 - 2011-08-27 18:42 - 00032768 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Files in the root of some directories =======
 
2015-02-18 00:16 - 2015-02-18 00:16 - 0000077 _____ () C:\Users\Owner\AppData\Roaming\mbam.context.scan
2013-07-12 16:53 - 2013-07-12 16:53 - 0000096 _____ () C:\Users\Owner\AppData\Roaming\settings.xml
2011-08-27 18:42 - 2015-01-20 15:45 - 0032768 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-23 12:58 - 2011-12-16 07:44 - 0000112 _____ () C:\ProgramData\1VjM2R.dat
2011-10-22 19:25 - 2011-10-22 19:25 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-01-23 02:49 - 2012-01-23 02:49 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-04-14 15:10 - 2013-04-16 21:55 - 0000774 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\ProgramData\1VjM2R.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At52.job
C:\Windows\Tasks\At53.job
C:\Windows\Tasks\At54.job
C:\Windows\Tasks\At55.job
C:\Windows\Tasks\At56.job
C:\Windows\Tasks\At57.job
C:\Windows\Tasks\At58.job
C:\Windows\Tasks\At59.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At60.job
C:\Windows\Tasks\At61.job
C:\Windows\Tasks\At62.job
C:\Windows\Tasks\At63.job
C:\Windows\Tasks\At64.job
C:\Windows\Tasks\At65.job
C:\Windows\Tasks\At66.job
C:\Windows\Tasks\At67.job
C:\Windows\Tasks\At68.job
C:\Windows\Tasks\At69.job
C:\Windows\Tasks\At70.job
C:\Windows\Tasks\At71.job
C:\Windows\Tasks\At72.job
C:\Windows\Tasks\At73.job
C:\Windows\Tasks\At74.job
C:\Windows\Tasks\At75.job
C:\Windows\Tasks\At76.job
C:\Windows\Tasks\At77.job
C:\Windows\Tasks\At78.job
C:\Windows\Tasks\At79.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At80.job
C:\Windows\Tasks\At81.job
C:\Windows\Tasks\At82.job
C:\Windows\Tasks\At83.job
C:\Windows\Tasks\At84.job
C:\Windows\Tasks\At85.job
C:\Windows\Tasks\At86.job
C:\Windows\Tasks\At87.job
C:\Windows\Tasks\At88.job
C:\Windows\Tasks\At89.job
C:\Windows\Tasks\At90.job
C:\Windows\Tasks\At91.job
C:\Windows\Tasks\At92.job
C:\Windows\Tasks\At93.job
C:\Windows\Tasks\At94.job
C:\Windows\Tasks\At95.job
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\Owner\AppData\Local\Temp\FreeMouseAutoClickerSetup-clean.exe
C:\Users\Owner\AppData\Local\Temp\GURC239.exe
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe
C:\Users\Owner\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe
C:\Users\Owner\AppData\Local\Temp\mktbrwsp.exe
C:\Users\Owner\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\uttB4D9.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64
 
 
LastRegBack: 2015-02-13 08:55
 

 

==================== End Of Log ============================
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 AM

Posted 24 February 2015 - 10:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using the Add/Remove Programs applet remove this program in bold.
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.43 - Creative Island Media, LLC) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Tiny download manager] => "C:\Users\Owner\AppData\Local\DM\TinyDM.exe" /M
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-13239763-3604620186-3359948431-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-13239763-3604620186-3359948431-1000 -> No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-02-17]
CHR HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Owner\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [Not Found]
CHR HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Owner\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Owner\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Owner\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
C:\ProgramData\1VjM2R.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At52.job
C:\Windows\Tasks\At53.job
C:\Windows\Tasks\At54.job
C:\Windows\Tasks\At55.job
C:\Windows\Tasks\At56.job
C:\Windows\Tasks\At57.job
C:\Windows\Tasks\At58.job
C:\Windows\Tasks\At59.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At60.job
C:\Windows\Tasks\At61.job
C:\Windows\Tasks\At62.job
C:\Windows\Tasks\At63.job
C:\Windows\Tasks\At64.job
C:\Windows\Tasks\At65.job
C:\Windows\Tasks\At66.job
C:\Windows\Tasks\At67.job
C:\Windows\Tasks\At68.job
C:\Windows\Tasks\At69.job
C:\Windows\Tasks\At70.job
C:\Windows\Tasks\At71.job
C:\Windows\Tasks\At72.job
C:\Windows\Tasks\At73.job
C:\Windows\Tasks\At74.job
C:\Windows\Tasks\At75.job
C:\Windows\Tasks\At76.job
C:\Windows\Tasks\At77.job
C:\Windows\Tasks\At78.job
C:\Windows\Tasks\At79.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At80.job
C:\Windows\Tasks\At81.job
C:\Windows\Tasks\At82.job
C:\Windows\Tasks\At83.job
C:\Windows\Tasks\At84.job
C:\Windows\Tasks\At85.job
C:\Windows\Tasks\At86.job
C:\Windows\Tasks\At87.job
C:\Windows\Tasks\At88.job
C:\Windows\Tasks\At89.job
C:\Windows\Tasks\At90.job
C:\Windows\Tasks\At91.job
C:\Windows\Tasks\At92.job
C:\Windows\Tasks\At93.job
C:\Windows\Tasks\At94.job
C:\Windows\Tasks\At95.job
C:\Users\Owner\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\Owner\AppData\Local\Temp\FreeMouseAutoClickerSetup-clean.exe
C:\Users\Owner\AppData\Local\Temp\GURC239.exe
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe
C:\Users\Owner\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe
C:\Users\Owner\AppData\Local\Temp\mktbrwsp.exe
C:\Users\Owner\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Owner\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\uttB4D9.tmp.exe
Task: {00B3B6EF-8CB1-451E-842E-8824C40036D1} - System32\Tasks\At46 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {01EAFAA8-C7AD-4D43-BC7E-0CB95638BBC8} - System32\Tasks\At70 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {088F7A37-1633-49EB-9F38-C68A6013129D} - System32\Tasks\At32 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {0C84D4CF-DB9B-4DF6-BB94-1D3A4420BADB} - System32\Tasks\At87 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {11D79CE1-1A14-42A4-8C31-55BB7D731C5A} - System32\Tasks\At79 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {127EBFE8-ADB9-4E17-BA70-06A5CDAA0F55} - System32\Tasks\At2 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {1354D887-A7CF-4748-A4E7-E6117E48F4FC} - System32\Tasks\At14 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {15179A27-E668-4A75-9FBB-44E89359D741} - System32\Tasks\At81 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {17A0286E-1185-4ED2-8078-11D851E4AF0B} - System32\Tasks\At69 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {18EB2811-82EE-453A-AA40-B290A212A82E} - System32\Tasks\At49 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {1E7E5380-3B96-4657-AE7D-6F77BC24CF58} - System32\Tasks\At68 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {24088B6B-552F-45E7-809E-D5E83A5342F5} - System32\Tasks\At75 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {33386A2A-BE28-4457-9ABC-77B234F1DED1} - System32\Tasks\At56 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {3D91A590-4E73-4305-BFB3-F63810240289} - System32\Tasks\At93 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {3E9619A5-A76C-41C8-91B3-2C44AE9515C9} - System32\Tasks\At26 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {40B87139-8F6D-4365-88A9-535914079106} - System32\Tasks\At51 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {40CBE27F-181F-47C7-8A81-9533057BBECC} - System32\Tasks\At72 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4923DD0E-672C-45B8-BF6F-D13F961F9812} - System32\Tasks\At57 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4A30CE90-8DED-4F87-A541-BACC61F2343D} - System32\Tasks\At6 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {4BB9F7A4-329B-4197-8ACD-DC1435A93861} - System32\Tasks\At94 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4EA843A9-6CA9-4345-844C-77CDD7D216A0} - System32\Tasks\At71 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {51F90F88-0E83-4126-8B52-154974BAF59C} - System32\Tasks\At28 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5C71A209-18B7-4CFA-890D-2B238C53E746} - System32\Tasks\At30 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5D27F3CC-6C16-4C71-8CDD-1271D4D3A5B2} - System32\Tasks\At22 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5DAB1FFA-07AC-4997-8CCD-A6C8E5AB39E1} - System32\Tasks\At52 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {608FB0E9-6C5A-4BC7-83B7-C870A90160A8} - System32\Tasks\At62 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {61BF34BA-0264-4D34-B484-0C563EB07DDC} - System32\Tasks\At16 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {654C489B-2791-4559-BCD6-084D7E7381CD} - System32\Tasks\At36 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6979A356-F15E-4FC6-BAF5-EB61F594F3E8} - System32\Tasks\At80 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {69EF35D5-90E3-4D1D-8FF1-96E34FC3E3B1} - System32\Tasks\At48 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6AC61FA1-B516-414C-B1AF-7D28D8BD5771} - System32\Tasks\At55 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {71C75CD4-9F81-4805-AEE7-8C3741A104BF} - System32\Tasks\At4 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {7624165C-3A61-41CE-A1A1-A38C65496AB9} - System32\Tasks\At84 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {76C08E9D-52A6-42CE-89B1-7F3C0EF00EEC} - System32\Tasks\At91 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {7C259DC3-E047-4B4A-9B5E-414BAC923A62} - System32\Tasks\At65 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {80B51227-D790-4B27-93D6-5B237E61979C} - System32\Tasks\At82 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {8465C92D-B0CB-41BA-8E71-45BBBE17AB69} - System32\Tasks\At24 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {8C920B3E-2508-47EF-B032-F05758106B9C} - System32\Tasks\At76 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {91B9E9F0-BCF7-4ED4-ACA1-9295DC9FA3C4} - System32\Tasks\At8 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {96636CF8-D425-479D-863D-3693A3172165} - System32\Tasks\At78 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {9761C003-06BE-45F1-98AF-A932C9C79F77} - System32\Tasks\At77 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {996B6530-5429-4E9E-8B5C-21F5C74FE549} - System32\Tasks\At20 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {9EA5FE0B-DA27-4527-B214-3EEF624D5EBC} - System32\Tasks\At1 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {A0AEEEA1-4859-4173-AF87-2BB44A60237B} - System32\Tasks\At88 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4BB9F7A4-329B-4197-8ACD-DC1435A93861} - System32\Tasks\At94 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4EA843A9-6CA9-4345-844C-77CDD7D216A0} - System32\Tasks\At71 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {51F90F88-0E83-4126-8B52-154974BAF59C} - System32\Tasks\At28 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5C71A209-18B7-4CFA-890D-2B238C53E746} - System32\Tasks\At30 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5D27F3CC-6C16-4C71-8CDD-1271D4D3A5B2} - System32\Tasks\At22 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5DAB1FFA-07AC-4997-8CCD-A6C8E5AB39E1} - System32\Tasks\At52 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {608FB0E9-6C5A-4BC7-83B7-C870A90160A8} - System32\Tasks\At62 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {61BF34BA-0264-4D34-B484-0C563EB07DDC} - System32\Tasks\At16 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {654C489B-2791-4559-BCD6-084D7E7381CD} - System32\Tasks\At36 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6979A356-F15E-4FC6-BAF5-EB61F594F3E8} - System32\Tasks\At80 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {69EF35D5-90E3-4D1D-8FF1-96E34FC3E3B1} - System32\Tasks\At48 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6AC61FA1-B516-414C-B1AF-7D28D8BD5771} - System32\Tasks\At55 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {71C75CD4-9F81-4805-AEE7-8C3741A104BF} - System32\Tasks\At4 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {7624165C-3A61-41CE-A1A1-A38C65496AB9} - System32\Tasks\At84 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {76C08E9D-52A6-42CE-89B1-7F3C0EF00EEC} - System32\Tasks\At91 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {7C259DC3-E047-4B4A-9B5E-414BAC923A62} - System32\Tasks\At65 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {80B51227-D790-4B27-93D6-5B237E61979C} - System32\Tasks\At82 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {8465C92D-B0CB-41BA-8E71-45BBBE17AB69} - System32\Tasks\At24 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {8C920B3E-2508-47EF-B032-F05758106B9C} - System32\Tasks\At76 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {91B9E9F0-BCF7-4ED4-ACA1-9295DC9FA3C4} - System32\Tasks\At8 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {96636CF8-D425-479D-863D-3693A3172165} - System32\Tasks\At78 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {9761C003-06BE-45F1-98AF-A932C9C79F77} - System32\Tasks\At77 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {996B6530-5429-4E9E-8B5C-21F5C74FE549} - System32\Tasks\At20 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {9EA5FE0B-DA27-4527-B214-3EEF624D5EBC} - System32\Tasks\At1 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {A0AEEEA1-4859-4173-AF87-2BB44A60237B} - System32\Tasks\At88 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {A26ECF96-7A72-463E-882E-0A05E42EDA42} - System32\Tasks\At92 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B236C38D-B55B-4A12-BC90-0825F25E37AB} - System32\Tasks\At38 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {B2AB86FE-BC49-4FFD-BA99-769D9BDF42FA} - System32\Tasks\At61 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B50C6A3A-76CB-43CF-930D-32A488CD9582} - System32\Tasks\At83 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B5DF1A94-45CE-4D3A-842C-D7577552A2EE} - System32\Tasks\At54 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B87F86C4-63D5-4713-81E9-2EDAAFEEF1AB} - System32\Tasks\At86 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B8AC4D81-BCE6-426F-9992-387F4AA2CBC1} - System32\Tasks\At74 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B8C57730-4A66-4B35-9199-B48AC52CA6EE} - System32\Tasks\At18 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {B8F3E846-770B-405D-BC70-EC1B529D27B6} - System32\Tasks\At34 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {B8F91403-51E2-4F2A-9726-20D310C4826B} - System32\Tasks\At73 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {BB7A2138-246A-4E3B-9D8B-F636DF0526F1} - System32\Tasks\At58 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {BD21D776-7BAF-49BE-A73F-D04645630ECE} - System32\Tasks\At59 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {BE22A851-95BF-4801-B457-2D388D2317A1} - System32\Tasks\At89 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {C0CFC51C-B5BE-436F-9426-B8AACADDFE43} - System32\Tasks\At40 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {C114803B-01A1-409E-8E66-A373C9FB01F1} - System32\Tasks\At44 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {C38A49D7-FD2F-43FC-9C3F-BE1B61281683} - System32\Tasks\At60 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {C4F7D1CE-638F-4612-A7AB-0AF45222FDBA} - System32\Tasks\At66 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {C67CA7EE-95DC-438C-AABC-A94CDB12EBE4} - System32\Tasks\At64 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {DDC7845F-23F9-467F-BAFA-0112FDDABFEE} - System32\Tasks\At67 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {EA900EC6-51B3-4026-8131-68B15EB3184E} - System32\Tasks\At85 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {EAC97C0C-AFC7-426F-8FCB-7E18F89E8EF0} - System32\Tasks\At63 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {F13858D3-DF9F-4DA2-910A-CD72DEF77E27} - System32\Tasks\At12 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {F1F15267-BB51-4093-830B-6C37B2951085} - System32\Tasks\At90 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {F39AC07D-9791-4D13-A3C6-5CDA0EB9EC24} - System32\Tasks\At10 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {F3AC7E5B-3436-4DE4-86A7-2A9035EC7BBB} - System32\Tasks\At42 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {F6184ED1-96DD-4128-AAD6-2B7AB45FB1D6} - System32\Tasks\At53 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {FD1E901B-B283-4DD7-9DF1-9E902AAC16D1} - System32\Tasks\At95 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At26.job => ?
Task: C:\Windows\Tasks\At28.job => ?
Task: C:\Windows\Tasks\At30.job => ?
Task: C:\Windows\Tasks\At32.job => ?
Task: C:\Windows\Tasks\At34.job => ?
Task: C:\Windows\Tasks\At36.job => ?
Task: C:\Windows\Tasks\At38.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At40.job => ?
Task: C:\Windows\Tasks\At42.job => ?
Task: C:\Windows\Tasks\At44.job => ?
Task: C:\Windows\Tasks\At46.job => ?
Task: C:\Windows\Tasks\At48.job => ?
Task: C:\Windows\Tasks\At49.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At50.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At51.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At52.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At53.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At54.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At55.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At56.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At57.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At58.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At59.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At60.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At61.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At62.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At63.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At64.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At65.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At66.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At67.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At68.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At69.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At70.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At71.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At72.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At73.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At74.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At75.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At76.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At77.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At78.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At79.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At80.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At81.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At82.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At83.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At84.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At85.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At86.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At87.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At88.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At89.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At90.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At91.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At92.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At93.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At94.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At95.job => C:\Windows\system32\S6ovG.exe


End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 AlexC1986

AlexC1986
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 24 February 2015 - 02:25 PM

Thanks so much Nadaq for taking the time to reply.  This forum is such a great service.

I uninstalled Updater and here is the FRST log you requested:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-02-2015
Ran by Owner at 2015-02-24 14:03:22 Run:1
Running from C:\Users\Owner\Desktop\FRST
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Run: [Tiny download manager] => "C:\Users\Owner\AppData\Local\DM\TinyDM.exe" /M
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-13239763-3604620186-3359948431-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-13239763-3604620186-3359948431-1000 -> No Name - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 08 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-02-17]
CHR HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Owner\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [Not Found]
CHR HKU\S-1-5-21-13239763-3604620186-3359948431-1000\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Owner\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cgpimkfhjdaobobdomcikioipaenlhke] - C:\Users\Owner\AppData\Local\CRE\cgpimkfhjdaobobdomcikioipaenlhke.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Owner\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [Not Found]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
C:\ProgramData\1VjM2R.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At52.job
C:\Windows\Tasks\At53.job
C:\Windows\Tasks\At54.job
C:\Windows\Tasks\At55.job
C:\Windows\Tasks\At56.job
C:\Windows\Tasks\At57.job
C:\Windows\Tasks\At58.job
C:\Windows\Tasks\At59.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At60.job
C:\Windows\Tasks\At61.job
C:\Windows\Tasks\At62.job
C:\Windows\Tasks\At63.job
C:\Windows\Tasks\At64.job
C:\Windows\Tasks\At65.job
C:\Windows\Tasks\At66.job
C:\Windows\Tasks\At67.job
C:\Windows\Tasks\At68.job
C:\Windows\Tasks\At69.job
C:\Windows\Tasks\At70.job
C:\Windows\Tasks\At71.job
C:\Windows\Tasks\At72.job
C:\Windows\Tasks\At73.job
C:\Windows\Tasks\At74.job
C:\Windows\Tasks\At75.job
C:\Windows\Tasks\At76.job
C:\Windows\Tasks\At77.job
C:\Windows\Tasks\At78.job
C:\Windows\Tasks\At79.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At80.job
C:\Windows\Tasks\At81.job
C:\Windows\Tasks\At82.job
C:\Windows\Tasks\At83.job
C:\Windows\Tasks\At84.job
C:\Windows\Tasks\At85.job
C:\Windows\Tasks\At86.job
C:\Windows\Tasks\At87.job
C:\Windows\Tasks\At88.job
C:\Windows\Tasks\At89.job
C:\Windows\Tasks\At90.job
C:\Windows\Tasks\At91.job
C:\Windows\Tasks\At92.job
C:\Windows\Tasks\At93.job
C:\Windows\Tasks\At94.job
C:\Windows\Tasks\At95.job
C:\Users\Owner\AppData\Local\Temp\FixMyRegistry.exe
C:\Users\Owner\AppData\Local\Temp\FreeMouseAutoClickerSetup-clean.exe
C:\Users\Owner\AppData\Local\Temp\GURC239.exe
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe
C:\Users\Owner\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe
C:\Users\Owner\AppData\Local\Temp\mktbrwsp.exe
C:\Users\Owner\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\Owner\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\SpeedUpMyComputer.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\uttB4D9.tmp.exe
Task: {00B3B6EF-8CB1-451E-842E-8824C40036D1} - System32\Tasks\At46 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {01EAFAA8-C7AD-4D43-BC7E-0CB95638BBC8} - System32\Tasks\At70 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {088F7A37-1633-49EB-9F38-C68A6013129D} - System32\Tasks\At32 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {0C84D4CF-DB9B-4DF6-BB94-1D3A4420BADB} - System32\Tasks\At87 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {11D79CE1-1A14-42A4-8C31-55BB7D731C5A} - System32\Tasks\At79 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {127EBFE8-ADB9-4E17-BA70-06A5CDAA0F55} - System32\Tasks\At2 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {1354D887-A7CF-4748-A4E7-E6117E48F4FC} - System32\Tasks\At14 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {15179A27-E668-4A75-9FBB-44E89359D741} - System32\Tasks\At81 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {17A0286E-1185-4ED2-8078-11D851E4AF0B} - System32\Tasks\At69 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {18EB2811-82EE-453A-AA40-B290A212A82E} - System32\Tasks\At49 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {1E7E5380-3B96-4657-AE7D-6F77BC24CF58} - System32\Tasks\At68 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {24088B6B-552F-45E7-809E-D5E83A5342F5} - System32\Tasks\At75 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {33386A2A-BE28-4457-9ABC-77B234F1DED1} - System32\Tasks\At56 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {3D91A590-4E73-4305-BFB3-F63810240289} - System32\Tasks\At93 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {3E9619A5-A76C-41C8-91B3-2C44AE9515C9} - System32\Tasks\At26 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {40B87139-8F6D-4365-88A9-535914079106} - System32\Tasks\At51 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {40CBE27F-181F-47C7-8A81-9533057BBECC} - System32\Tasks\At72 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4923DD0E-672C-45B8-BF6F-D13F961F9812} - System32\Tasks\At57 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4A30CE90-8DED-4F87-A541-BACC61F2343D} - System32\Tasks\At6 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {4BB9F7A4-329B-4197-8ACD-DC1435A93861} - System32\Tasks\At94 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4EA843A9-6CA9-4345-844C-77CDD7D216A0} - System32\Tasks\At71 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {51F90F88-0E83-4126-8B52-154974BAF59C} - System32\Tasks\At28 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5C71A209-18B7-4CFA-890D-2B238C53E746} - System32\Tasks\At30 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5D27F3CC-6C16-4C71-8CDD-1271D4D3A5B2} - System32\Tasks\At22 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5DAB1FFA-07AC-4997-8CCD-A6C8E5AB39E1} - System32\Tasks\At52 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {608FB0E9-6C5A-4BC7-83B7-C870A90160A8} - System32\Tasks\At62 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {61BF34BA-0264-4D34-B484-0C563EB07DDC} - System32\Tasks\At16 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {654C489B-2791-4559-BCD6-084D7E7381CD} - System32\Tasks\At36 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6979A356-F15E-4FC6-BAF5-EB61F594F3E8} - System32\Tasks\At80 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {69EF35D5-90E3-4D1D-8FF1-96E34FC3E3B1} - System32\Tasks\At48 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6AC61FA1-B516-414C-B1AF-7D28D8BD5771} - System32\Tasks\At55 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {71C75CD4-9F81-4805-AEE7-8C3741A104BF} - System32\Tasks\At4 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {7624165C-3A61-41CE-A1A1-A38C65496AB9} - System32\Tasks\At84 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {76C08E9D-52A6-42CE-89B1-7F3C0EF00EEC} - System32\Tasks\At91 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {7C259DC3-E047-4B4A-9B5E-414BAC923A62} - System32\Tasks\At65 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {80B51227-D790-4B27-93D6-5B237E61979C} - System32\Tasks\At82 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {8465C92D-B0CB-41BA-8E71-45BBBE17AB69} - System32\Tasks\At24 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {8C920B3E-2508-47EF-B032-F05758106B9C} - System32\Tasks\At76 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {91B9E9F0-BCF7-4ED4-ACA1-9295DC9FA3C4} - System32\Tasks\At8 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {96636CF8-D425-479D-863D-3693A3172165} - System32\Tasks\At78 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {9761C003-06BE-45F1-98AF-A932C9C79F77} - System32\Tasks\At77 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {996B6530-5429-4E9E-8B5C-21F5C74FE549} - System32\Tasks\At20 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {9EA5FE0B-DA27-4527-B214-3EEF624D5EBC} - System32\Tasks\At1 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {A0AEEEA1-4859-4173-AF87-2BB44A60237B} - System32\Tasks\At88 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4BB9F7A4-329B-4197-8ACD-DC1435A93861} - System32\Tasks\At94 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {4EA843A9-6CA9-4345-844C-77CDD7D216A0} - System32\Tasks\At71 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {51F90F88-0E83-4126-8B52-154974BAF59C} - System32\Tasks\At28 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5C71A209-18B7-4CFA-890D-2B238C53E746} - System32\Tasks\At30 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5D27F3CC-6C16-4C71-8CDD-1271D4D3A5B2} - System32\Tasks\At22 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {5DAB1FFA-07AC-4997-8CCD-A6C8E5AB39E1} - System32\Tasks\At52 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {608FB0E9-6C5A-4BC7-83B7-C870A90160A8} - System32\Tasks\At62 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {61BF34BA-0264-4D34-B484-0C563EB07DDC} - System32\Tasks\At16 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {654C489B-2791-4559-BCD6-084D7E7381CD} - System32\Tasks\At36 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6979A356-F15E-4FC6-BAF5-EB61F594F3E8} - System32\Tasks\At80 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {69EF35D5-90E3-4D1D-8FF1-96E34FC3E3B1} - System32\Tasks\At48 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {6AC61FA1-B516-414C-B1AF-7D28D8BD5771} - System32\Tasks\At55 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {71C75CD4-9F81-4805-AEE7-8C3741A104BF} - System32\Tasks\At4 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {7624165C-3A61-41CE-A1A1-A38C65496AB9} - System32\Tasks\At84 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {76C08E9D-52A6-42CE-89B1-7F3C0EF00EEC} - System32\Tasks\At91 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {7C259DC3-E047-4B4A-9B5E-414BAC923A62} - System32\Tasks\At65 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {80B51227-D790-4B27-93D6-5B237E61979C} - System32\Tasks\At82 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {8465C92D-B0CB-41BA-8E71-45BBBE17AB69} - System32\Tasks\At24 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {8C920B3E-2508-47EF-B032-F05758106B9C} - System32\Tasks\At76 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {91B9E9F0-BCF7-4ED4-ACA1-9295DC9FA3C4} - System32\Tasks\At8 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {96636CF8-D425-479D-863D-3693A3172165} - System32\Tasks\At78 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {9761C003-06BE-45F1-98AF-A932C9C79F77} - System32\Tasks\At77 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {996B6530-5429-4E9E-8B5C-21F5C74FE549} - System32\Tasks\At20 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {9EA5FE0B-DA27-4527-B214-3EEF624D5EBC} - System32\Tasks\At1 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {A0AEEEA1-4859-4173-AF87-2BB44A60237B} - System32\Tasks\At88 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {A26ECF96-7A72-463E-882E-0A05E42EDA42} - System32\Tasks\At92 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B236C38D-B55B-4A12-BC90-0825F25E37AB} - System32\Tasks\At38 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {B2AB86FE-BC49-4FFD-BA99-769D9BDF42FA} - System32\Tasks\At61 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B50C6A3A-76CB-43CF-930D-32A488CD9582} - System32\Tasks\At83 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B5DF1A94-45CE-4D3A-842C-D7577552A2EE} - System32\Tasks\At54 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B87F86C4-63D5-4713-81E9-2EDAAFEEF1AB} - System32\Tasks\At86 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B8AC4D81-BCE6-426F-9992-387F4AA2CBC1} - System32\Tasks\At74 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {B8C57730-4A66-4B35-9199-B48AC52CA6EE} - System32\Tasks\At18 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {B8F3E846-770B-405D-BC70-EC1B529D27B6} - System32\Tasks\At34 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {B8F91403-51E2-4F2A-9726-20D310C4826B} - System32\Tasks\At73 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {BB7A2138-246A-4E3B-9D8B-F636DF0526F1} - System32\Tasks\At58 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {BD21D776-7BAF-49BE-A73F-D04645630ECE} - System32\Tasks\At59 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {BE22A851-95BF-4801-B457-2D388D2317A1} - System32\Tasks\At89 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {C0CFC51C-B5BE-436F-9426-B8AACADDFE43} - System32\Tasks\At40 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {C114803B-01A1-409E-8E66-A373C9FB01F1} - System32\Tasks\At44 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {C38A49D7-FD2F-43FC-9C3F-BE1B61281683} - System32\Tasks\At60 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {C4F7D1CE-638F-4612-A7AB-0AF45222FDBA} - System32\Tasks\At66 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {C67CA7EE-95DC-438C-AABC-A94CDB12EBE4} - System32\Tasks\At64 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {DDC7845F-23F9-467F-BAFA-0112FDDABFEE} - System32\Tasks\At67 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {EA900EC6-51B3-4026-8131-68B15EB3184E} - System32\Tasks\At85 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {EAC97C0C-AFC7-426F-8FCB-7E18F89E8EF0} - System32\Tasks\At63 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {F13858D3-DF9F-4DA2-910A-CD72DEF77E27} - System32\Tasks\At12 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {F1F15267-BB51-4093-830B-6C37B2951085} - System32\Tasks\At90 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {F39AC07D-9791-4D13-A3C6-5CDA0EB9EC24} - System32\Tasks\At10 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {F3AC7E5B-3436-4DE4-86A7-2A9035EC7BBB} - System32\Tasks\At42 => C:\Windows\system32\S6ovG.com <==== ATTENTION
Task: {F6184ED1-96DD-4128-AAD6-2B7AB45FB1D6} - System32\Tasks\At53 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: {FD1E901B-B283-4DD7-9DF1-9E902AAC16D1} - System32\Tasks\At95 => C:\Windows\system32\S6ovG.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At10.job => ?
Task: C:\Windows\Tasks\At12.job => ?
Task: C:\Windows\Tasks\At14.job => ?
Task: C:\Windows\Tasks\At16.job => ?
Task: C:\Windows\Tasks\At18.job => ?
Task: C:\Windows\Tasks\At2.job => ?
Task: C:\Windows\Tasks\At20.job => ?
Task: C:\Windows\Tasks\At22.job => ?
Task: C:\Windows\Tasks\At24.job => ?
Task: C:\Windows\Tasks\At26.job => ?
Task: C:\Windows\Tasks\At28.job => ?
Task: C:\Windows\Tasks\At30.job => ?
Task: C:\Windows\Tasks\At32.job => ?
Task: C:\Windows\Tasks\At34.job => ?
Task: C:\Windows\Tasks\At36.job => ?
Task: C:\Windows\Tasks\At38.job => ?
Task: C:\Windows\Tasks\At4.job => ?
Task: C:\Windows\Tasks\At40.job => ?
Task: C:\Windows\Tasks\At42.job => ?
Task: C:\Windows\Tasks\At44.job => ?
Task: C:\Windows\Tasks\At46.job => ?
Task: C:\Windows\Tasks\At48.job => ?
Task: C:\Windows\Tasks\At49.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At50.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At51.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At52.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At53.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At54.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At55.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At56.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At57.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At58.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At59.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At6.job => ?
Task: C:\Windows\Tasks\At60.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At61.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At62.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At63.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At64.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At65.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At66.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At67.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At68.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At69.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At70.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At71.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At72.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At73.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At74.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At75.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At76.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At77.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At78.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At79.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At8.job => ?
Task: C:\Windows\Tasks\At80.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At81.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At82.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At83.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At84.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At85.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At86.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At87.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At88.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At89.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At90.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At91.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At92.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At93.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At94.job => C:\Windows\system32\S6ovG.exe
Task: C:\Windows\Tasks\At95.job => C:\Windows\system32\S6ovG.exe
 
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Tiny download manager => value deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} => value deleted successfully.
HKCR\CLSID\{7AEB3EFD-E564-43F1-B658-5058A7C5743B} => Key not found. 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000008\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll not found.
C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna => Moved successfully.
"HKU\S-1-5-21-13239763-3604620186-3359948431-1000\SOFTWARE\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke" => Key deleted successfully.
"HKU\S-1-5-21-13239763-3604620186-3359948431-1000\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cgpimkfhjdaobobdomcikioipaenlhke" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil" => Key deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
C:\ProgramData\1VjM2R.dat => Moved successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Windows\Tasks\At10.job => Moved successfully.
C:\Windows\Tasks\At12.job => Moved successfully.
C:\Windows\Tasks\At14.job => Moved successfully.
C:\Windows\Tasks\At16.job => Moved successfully.
C:\Windows\Tasks\At18.job => Moved successfully.
C:\Windows\Tasks\At2.job => Moved successfully.
C:\Windows\Tasks\At20.job => Moved successfully.
C:\Windows\Tasks\At22.job => Moved successfully.
C:\Windows\Tasks\At24.job => Moved successfully.
C:\Windows\Tasks\At26.job => Moved successfully.
C:\Windows\Tasks\At28.job => Moved successfully.
C:\Windows\Tasks\At30.job => Moved successfully.
C:\Windows\Tasks\At32.job => Moved successfully.
C:\Windows\Tasks\At34.job => Moved successfully.
C:\Windows\Tasks\At36.job => Moved successfully.
C:\Windows\Tasks\At38.job => Moved successfully.
C:\Windows\Tasks\At4.job => Moved successfully.
C:\Windows\Tasks\At40.job => Moved successfully.
C:\Windows\Tasks\At42.job => Moved successfully.
C:\Windows\Tasks\At44.job => Moved successfully.
C:\Windows\Tasks\At46.job => Moved successfully.
C:\Windows\Tasks\At48.job => Moved successfully.
C:\Windows\Tasks\At49.job => Moved successfully.
C:\Windows\Tasks\At50.job => Moved successfully.
C:\Windows\Tasks\At51.job => Moved successfully.
C:\Windows\Tasks\At52.job => Moved successfully.
C:\Windows\Tasks\At53.job => Moved successfully.
C:\Windows\Tasks\At54.job => Moved successfully.
C:\Windows\Tasks\At55.job => Moved successfully.
C:\Windows\Tasks\At56.job => Moved successfully.
C:\Windows\Tasks\At57.job => Moved successfully.
C:\Windows\Tasks\At58.job => Moved successfully.
C:\Windows\Tasks\At59.job => Moved successfully.
C:\Windows\Tasks\At6.job => Moved successfully.
C:\Windows\Tasks\At60.job => Moved successfully.
C:\Windows\Tasks\At61.job => Moved successfully.
C:\Windows\Tasks\At62.job => Moved successfully.
C:\Windows\Tasks\At63.job => Moved successfully.
C:\Windows\Tasks\At64.job => Moved successfully.
C:\Windows\Tasks\At65.job => Moved successfully.
C:\Windows\Tasks\At66.job => Moved successfully.
C:\Windows\Tasks\At67.job => Moved successfully.
C:\Windows\Tasks\At68.job => Moved successfully.
C:\Windows\Tasks\At69.job => Moved successfully.
C:\Windows\Tasks\At70.job => Moved successfully.
C:\Windows\Tasks\At71.job => Moved successfully.
C:\Windows\Tasks\At72.job => Moved successfully.
C:\Windows\Tasks\At73.job => Moved successfully.
C:\Windows\Tasks\At74.job => Moved successfully.
C:\Windows\Tasks\At75.job => Moved successfully.
C:\Windows\Tasks\At76.job => Moved successfully.
C:\Windows\Tasks\At77.job => Moved successfully.
C:\Windows\Tasks\At78.job => Moved successfully.
C:\Windows\Tasks\At79.job => Moved successfully.
C:\Windows\Tasks\At8.job => Moved successfully.
C:\Windows\Tasks\At80.job => Moved successfully.
C:\Windows\Tasks\At81.job => Moved successfully.
C:\Windows\Tasks\At82.job => Moved successfully.
C:\Windows\Tasks\At83.job => Moved successfully.
C:\Windows\Tasks\At84.job => Moved successfully.
C:\Windows\Tasks\At85.job => Moved successfully.
C:\Windows\Tasks\At86.job => Moved successfully.
C:\Windows\Tasks\At87.job => Moved successfully.
C:\Windows\Tasks\At88.job => Moved successfully.
C:\Windows\Tasks\At89.job => Moved successfully.
C:\Windows\Tasks\At90.job => Moved successfully.
C:\Windows\Tasks\At91.job => Moved successfully.
C:\Windows\Tasks\At92.job => Moved successfully.
C:\Windows\Tasks\At93.job => Moved successfully.
C:\Windows\Tasks\At94.job => Moved successfully.
C:\Windows\Tasks\At95.job => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\FixMyRegistry.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\FreeMouseAutoClickerSetup-clean.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\GURC239.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\install_flashplayer11x32_mssa_aaa_aih.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\mktbrwsp.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\pcDesktopAlertNotifierX.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SpeedUpMyComputer.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uttB4D9.tmp.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00B3B6EF-8CB1-451E-842E-8824C40036D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00B3B6EF-8CB1-451E-842E-8824C40036D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At46 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At46" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01EAFAA8-C7AD-4D43-BC7E-0CB95638BBC8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01EAFAA8-C7AD-4D43-BC7E-0CB95638BBC8}" => Key deleted successfully.
C:\Windows\System32\Tasks\At70 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At70" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088F7A37-1633-49EB-9F38-C68A6013129D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088F7A37-1633-49EB-9F38-C68A6013129D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At32 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At32" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C84D4CF-DB9B-4DF6-BB94-1D3A4420BADB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C84D4CF-DB9B-4DF6-BB94-1D3A4420BADB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At87 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At87" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11D79CE1-1A14-42A4-8C31-55BB7D731C5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11D79CE1-1A14-42A4-8C31-55BB7D731C5A}" => Key deleted successfully.
C:\Windows\System32\Tasks\At79 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At79" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{127EBFE8-ADB9-4E17-BA70-06A5CDAA0F55}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{127EBFE8-ADB9-4E17-BA70-06A5CDAA0F55}" => Key deleted successfully.
C:\Windows\System32\Tasks\At2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1354D887-A7CF-4748-A4E7-E6117E48F4FC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1354D887-A7CF-4748-A4E7-E6117E48F4FC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At14 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At14" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15179A27-E668-4A75-9FBB-44E89359D741}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15179A27-E668-4A75-9FBB-44E89359D741}" => Key deleted successfully.
C:\Windows\System32\Tasks\At81 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At81" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17A0286E-1185-4ED2-8078-11D851E4AF0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17A0286E-1185-4ED2-8078-11D851E4AF0B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At69 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At69" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18EB2811-82EE-453A-AA40-B290A212A82E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18EB2811-82EE-453A-AA40-B290A212A82E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At49 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At49" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E7E5380-3B96-4657-AE7D-6F77BC24CF58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E7E5380-3B96-4657-AE7D-6F77BC24CF58}" => Key deleted successfully.
C:\Windows\System32\Tasks\At68 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At68" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24088B6B-552F-45E7-809E-D5E83A5342F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24088B6B-552F-45E7-809E-D5E83A5342F5}" => Key deleted successfully.
C:\Windows\System32\Tasks\At75 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At75" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33386A2A-BE28-4457-9ABC-77B234F1DED1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33386A2A-BE28-4457-9ABC-77B234F1DED1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At56 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At56" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D91A590-4E73-4305-BFB3-F63810240289}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D91A590-4E73-4305-BFB3-F63810240289}" => Key deleted successfully.
C:\Windows\System32\Tasks\At93 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At93" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E9619A5-A76C-41C8-91B3-2C44AE9515C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E9619A5-A76C-41C8-91B3-2C44AE9515C9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At26 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At26" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40B87139-8F6D-4365-88A9-535914079106}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40B87139-8F6D-4365-88A9-535914079106}" => Key deleted successfully.
C:\Windows\System32\Tasks\At51 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At51" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40CBE27F-181F-47C7-8A81-9533057BBECC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40CBE27F-181F-47C7-8A81-9533057BBECC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At72 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At72" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4923DD0E-672C-45B8-BF6F-D13F961F9812}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4923DD0E-672C-45B8-BF6F-D13F961F9812}" => Key deleted successfully.
C:\Windows\System32\Tasks\At57 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At57" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A30CE90-8DED-4F87-A541-BACC61F2343D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A30CE90-8DED-4F87-A541-BACC61F2343D}" => Key deleted successfully.
C:\Windows\System32\Tasks\At6 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BB9F7A4-329B-4197-8ACD-DC1435A93861}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB9F7A4-329B-4197-8ACD-DC1435A93861}" => Key deleted successfully.
C:\Windows\System32\Tasks\At94 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At94" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EA843A9-6CA9-4345-844C-77CDD7D216A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EA843A9-6CA9-4345-844C-77CDD7D216A0}" => Key deleted successfully.
C:\Windows\System32\Tasks\At71 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At71" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51F90F88-0E83-4126-8B52-154974BAF59C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F90F88-0E83-4126-8B52-154974BAF59C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At28 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C71A209-18B7-4CFA-890D-2B238C53E746}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C71A209-18B7-4CFA-890D-2B238C53E746}" => Key deleted successfully.
C:\Windows\System32\Tasks\At30 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D27F3CC-6C16-4C71-8CDD-1271D4D3A5B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D27F3CC-6C16-4C71-8CDD-1271D4D3A5B2}" => Key deleted successfully.
C:\Windows\System32\Tasks\At22 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DAB1FFA-07AC-4997-8CCD-A6C8E5AB39E1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DAB1FFA-07AC-4997-8CCD-A6C8E5AB39E1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At52 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At52" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{608FB0E9-6C5A-4BC7-83B7-C870A90160A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{608FB0E9-6C5A-4BC7-83B7-C870A90160A8}" => Key deleted successfully.
C:\Windows\System32\Tasks\At62 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At62" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61BF34BA-0264-4D34-B484-0C563EB07DDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61BF34BA-0264-4D34-B484-0C563EB07DDC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At16 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{654C489B-2791-4559-BCD6-084D7E7381CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{654C489B-2791-4559-BCD6-084D7E7381CD}" => Key deleted successfully.
C:\Windows\System32\Tasks\At36 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6979A356-F15E-4FC6-BAF5-EB61F594F3E8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6979A356-F15E-4FC6-BAF5-EB61F594F3E8}" => Key deleted successfully.
C:\Windows\System32\Tasks\At80 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At80" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69EF35D5-90E3-4D1D-8FF1-96E34FC3E3B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69EF35D5-90E3-4D1D-8FF1-96E34FC3E3B1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At48 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6AC61FA1-B516-414C-B1AF-7D28D8BD5771}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AC61FA1-B516-414C-B1AF-7D28D8BD5771}" => Key deleted successfully.
C:\Windows\System32\Tasks\At55 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At55" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71C75CD4-9F81-4805-AEE7-8C3741A104BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71C75CD4-9F81-4805-AEE7-8C3741A104BF}" => Key deleted successfully.
C:\Windows\System32\Tasks\At4 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7624165C-3A61-41CE-A1A1-A38C65496AB9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7624165C-3A61-41CE-A1A1-A38C65496AB9}" => Key deleted successfully.
C:\Windows\System32\Tasks\At84 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At84" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76C08E9D-52A6-42CE-89B1-7F3C0EF00EEC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76C08E9D-52A6-42CE-89B1-7F3C0EF00EEC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At91 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At91" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C259DC3-E047-4B4A-9B5E-414BAC923A62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C259DC3-E047-4B4A-9B5E-414BAC923A62}" => Key deleted successfully.
C:\Windows\System32\Tasks\At65 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At65" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80B51227-D790-4B27-93D6-5B237E61979C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80B51227-D790-4B27-93D6-5B237E61979C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At82 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At82" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8465C92D-B0CB-41BA-8E71-45BBBE17AB69}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8465C92D-B0CB-41BA-8E71-45BBBE17AB69}" => Key deleted successfully.
C:\Windows\System32\Tasks\At24 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C920B3E-2508-47EF-B032-F05758106B9C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C920B3E-2508-47EF-B032-F05758106B9C}" => Key deleted successfully.
C:\Windows\System32\Tasks\At76 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At76" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91B9E9F0-BCF7-4ED4-ACA1-9295DC9FA3C4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91B9E9F0-BCF7-4ED4-ACA1-9295DC9FA3C4}" => Key deleted successfully.
C:\Windows\System32\Tasks\At8 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96636CF8-D425-479D-863D-3693A3172165}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96636CF8-D425-479D-863D-3693A3172165}" => Key deleted successfully.
C:\Windows\System32\Tasks\At78 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At78" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9761C003-06BE-45F1-98AF-A932C9C79F77}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9761C003-06BE-45F1-98AF-A932C9C79F77}" => Key deleted successfully.
C:\Windows\System32\Tasks\At77 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At77" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{996B6530-5429-4E9E-8B5C-21F5C74FE549}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{996B6530-5429-4E9E-8B5C-21F5C74FE549}" => Key deleted successfully.
C:\Windows\System32\Tasks\At20 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EA5FE0B-DA27-4527-B214-3EEF624D5EBC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EA5FE0B-DA27-4527-B214-3EEF624D5EBC}" => Key deleted successfully.
C:\Windows\System32\Tasks\At1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0AEEEA1-4859-4173-AF87-2BB44A60237B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0AEEEA1-4859-4173-AF87-2BB44A60237B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At88 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At88" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BB9F7A4-329B-4197-8ACD-DC1435A93861} => Key not found. 
C:\Windows\System32\Tasks\At94 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At94 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EA843A9-6CA9-4345-844C-77CDD7D216A0} => Key not found. 
C:\Windows\System32\Tasks\At71 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At71 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F90F88-0E83-4126-8B52-154974BAF59C} => Key not found. 
C:\Windows\System32\Tasks\At28 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At28 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C71A209-18B7-4CFA-890D-2B238C53E746} => Key not found. 
C:\Windows\System32\Tasks\At30 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At30 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D27F3CC-6C16-4C71-8CDD-1271D4D3A5B2} => Key not found. 
C:\Windows\System32\Tasks\At22 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At22 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DAB1FFA-07AC-4997-8CCD-A6C8E5AB39E1} => Key not found. 
C:\Windows\System32\Tasks\At52 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At52 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{608FB0E9-6C5A-4BC7-83B7-C870A90160A8} => Key not found. 
C:\Windows\System32\Tasks\At62 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At62 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61BF34BA-0264-4D34-B484-0C563EB07DDC} => Key not found. 
C:\Windows\System32\Tasks\At16 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At16 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{654C489B-2791-4559-BCD6-084D7E7381CD} => Key not found. 
C:\Windows\System32\Tasks\At36 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At36 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6979A356-F15E-4FC6-BAF5-EB61F594F3E8} => Key not found. 
C:\Windows\System32\Tasks\At80 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At80 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69EF35D5-90E3-4D1D-8FF1-96E34FC3E3B1} => Key not found. 
C:\Windows\System32\Tasks\At48 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At48 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AC61FA1-B516-414C-B1AF-7D28D8BD5771} => Key not found. 
C:\Windows\System32\Tasks\At55 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At55 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71C75CD4-9F81-4805-AEE7-8C3741A104BF} => Key not found. 
C:\Windows\System32\Tasks\At4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At4 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7624165C-3A61-41CE-A1A1-A38C65496AB9} => Key not found. 
C:\Windows\System32\Tasks\At84 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At84 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76C08E9D-52A6-42CE-89B1-7F3C0EF00EEC} => Key not found. 
C:\Windows\System32\Tasks\At91 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At91 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C259DC3-E047-4B4A-9B5E-414BAC923A62} => Key not found. 
C:\Windows\System32\Tasks\At65 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At65 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80B51227-D790-4B27-93D6-5B237E61979C} => Key not found. 
C:\Windows\System32\Tasks\At82 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At82 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8465C92D-B0CB-41BA-8E71-45BBBE17AB69} => Key not found. 
C:\Windows\System32\Tasks\At24 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At24 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C920B3E-2508-47EF-B032-F05758106B9C} => Key not found. 
C:\Windows\System32\Tasks\At76 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At76 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91B9E9F0-BCF7-4ED4-ACA1-9295DC9FA3C4} => Key not found. 
C:\Windows\System32\Tasks\At8 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At8 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96636CF8-D425-479D-863D-3693A3172165} => Key not found. 
C:\Windows\System32\Tasks\At78 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At78 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9761C003-06BE-45F1-98AF-A932C9C79F77} => Key not found. 
C:\Windows\System32\Tasks\At77 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At77 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{996B6530-5429-4E9E-8B5C-21F5C74FE549} => Key not found. 
C:\Windows\System32\Tasks\At20 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At20 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EA5FE0B-DA27-4527-B214-3EEF624D5EBC} => Key not found. 
C:\Windows\System32\Tasks\At1 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1 => Key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0AEEEA1-4859-4173-AF87-2BB44A60237B} => Key not found. 
C:\Windows\System32\Tasks\At88 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At88 => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A26ECF96-7A72-463E-882E-0A05E42EDA42}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A26ECF96-7A72-463E-882E-0A05E42EDA42}" => Key deleted successfully.
C:\Windows\System32\Tasks\At92 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At92" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B236C38D-B55B-4A12-BC90-0825F25E37AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B236C38D-B55B-4A12-BC90-0825F25E37AB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At38 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At38" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2AB86FE-BC49-4FFD-BA99-769D9BDF42FA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2AB86FE-BC49-4FFD-BA99-769D9BDF42FA}" => Key deleted successfully.
C:\Windows\System32\Tasks\At61 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At61" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B50C6A3A-76CB-43CF-930D-32A488CD9582}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B50C6A3A-76CB-43CF-930D-32A488CD9582}" => Key deleted successfully.
C:\Windows\System32\Tasks\At83 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At83" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DF1A94-45CE-4D3A-842C-D7577552A2EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DF1A94-45CE-4D3A-842C-D7577552A2EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At54 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At54" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B87F86C4-63D5-4713-81E9-2EDAAFEEF1AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B87F86C4-63D5-4713-81E9-2EDAAFEEF1AB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At86 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At86" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8AC4D81-BCE6-426F-9992-387F4AA2CBC1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8AC4D81-BCE6-426F-9992-387F4AA2CBC1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At74 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At74" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8C57730-4A66-4B35-9199-B48AC52CA6EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8C57730-4A66-4B35-9199-B48AC52CA6EE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At18 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At18" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8F3E846-770B-405D-BC70-EC1B529D27B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8F3E846-770B-405D-BC70-EC1B529D27B6}" => Key deleted successfully.
C:\Windows\System32\Tasks\At34 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At34" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8F91403-51E2-4F2A-9726-20D310C4826B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8F91403-51E2-4F2A-9726-20D310C4826B}" => Key deleted successfully.
C:\Windows\System32\Tasks\At73 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At73" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB7A2138-246A-4E3B-9D8B-F636DF0526F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB7A2138-246A-4E3B-9D8B-F636DF0526F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At58 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At58" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD21D776-7BAF-49BE-A73F-D04645630ECE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD21D776-7BAF-49BE-A73F-D04645630ECE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At59 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At59" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE22A851-95BF-4801-B457-2D388D2317A1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE22A851-95BF-4801-B457-2D388D2317A1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At89 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At89" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C0CFC51C-B5BE-436F-9426-B8AACADDFE43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C0CFC51C-B5BE-436F-9426-B8AACADDFE43}" => Key deleted successfully.
C:\Windows\System32\Tasks\At40 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At40" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C114803B-01A1-409E-8E66-A373C9FB01F1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C114803B-01A1-409E-8E66-A373C9FB01F1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At44 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At44" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C38A49D7-FD2F-43FC-9C3F-BE1B61281683}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C38A49D7-FD2F-43FC-9C3F-BE1B61281683}" => Key deleted successfully.
C:\Windows\System32\Tasks\At60 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At60" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4F7D1CE-638F-4612-A7AB-0AF45222FDBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4F7D1CE-638F-4612-A7AB-0AF45222FDBA}" => Key deleted successfully.
C:\Windows\System32\Tasks\At66 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At66" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C67CA7EE-95DC-438C-AABC-A94CDB12EBE4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C67CA7EE-95DC-438C-AABC-A94CDB12EBE4}" => Key deleted successfully.
C:\Windows\System32\Tasks\At64 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At64" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDC7845F-23F9-467F-BAFA-0112FDDABFEE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDC7845F-23F9-467F-BAFA-0112FDDABFEE}" => Key deleted successfully.
C:\Windows\System32\Tasks\At67 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At67" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA900EC6-51B3-4026-8131-68B15EB3184E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA900EC6-51B3-4026-8131-68B15EB3184E}" => Key deleted successfully.
C:\Windows\System32\Tasks\At85 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At85" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAC97C0C-AFC7-426F-8FCB-7E18F89E8EF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAC97C0C-AFC7-426F-8FCB-7E18F89E8EF0}" => Key deleted successfully.
C:\Windows\System32\Tasks\At63 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At63" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F13858D3-DF9F-4DA2-910A-CD72DEF77E27}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F13858D3-DF9F-4DA2-910A-CD72DEF77E27}" => Key deleted successfully.
C:\Windows\System32\Tasks\At12 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At12" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1F15267-BB51-4093-830B-6C37B2951085}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1F15267-BB51-4093-830B-6C37B2951085}" => Key deleted successfully.
C:\Windows\System32\Tasks\At90 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At90" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F39AC07D-9791-4D13-A3C6-5CDA0EB9EC24}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F39AC07D-9791-4D13-A3C6-5CDA0EB9EC24}" => Key deleted successfully.
C:\Windows\System32\Tasks\At10 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At10" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3AC7E5B-3436-4DE4-86A7-2A9035EC7BBB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3AC7E5B-3436-4DE4-86A7-2A9035EC7BBB}" => Key deleted successfully.
C:\Windows\System32\Tasks\At42 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At42" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6184ED1-96DD-4128-AAD6-2B7AB45FB1D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6184ED1-96DD-4128-AAD6-2B7AB45FB1D6}" => Key deleted successfully.
C:\Windows\System32\Tasks\At53 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At53" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD1E901B-B283-4DD7-9DF1-9E902AAC16D1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD1E901B-B283-4DD7-9DF1-9E902AAC16D1}" => Key deleted successfully.
C:\Windows\System32\Tasks\At95 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At95" => Key deleted successfully.
C:\Windows\Tasks\At1.job not found.
C:\Windows\Tasks\At10.job not found.
C:\Windows\Tasks\At12.job not found.
C:\Windows\Tasks\At14.job not found.
C:\Windows\Tasks\At16.job not found.
C:\Windows\Tasks\At18.job not found.
C:\Windows\Tasks\At2.job not found.
C:\Windows\Tasks\At20.job not found.
C:\Windows\Tasks\At22.job not found.
C:\Windows\Tasks\At24.job not found.
C:\Windows\Tasks\At26.job not found.
C:\Windows\Tasks\At28.job not found.
C:\Windows\Tasks\At30.job not found.
C:\Windows\Tasks\At32.job not found.
C:\Windows\Tasks\At34.job not found.
C:\Windows\Tasks\At36.job not found.
C:\Windows\Tasks\At38.job not found.
C:\Windows\Tasks\At4.job not found.
C:\Windows\Tasks\At40.job not found.
C:\Windows\Tasks\At42.job not found.
C:\Windows\Tasks\At44.job not found.
C:\Windows\Tasks\At46.job not found.
C:\Windows\Tasks\At48.job not found.
C:\Windows\Tasks\At49.job not found.
C:\Windows\Tasks\At50.job not found.
C:\Windows\Tasks\At51.job not found.
C:\Windows\Tasks\At52.job not found.
C:\Windows\Tasks\At53.job not found.
C:\Windows\Tasks\At54.job not found.
C:\Windows\Tasks\At55.job not found.
C:\Windows\Tasks\At56.job not found.
C:\Windows\Tasks\At57.job not found.
C:\Windows\Tasks\At58.job not found.
C:\Windows\Tasks\At59.job not found.
C:\Windows\Tasks\At6.job not found.
C:\Windows\Tasks\At60.job not found.
C:\Windows\Tasks\At61.job not found.
C:\Windows\Tasks\At62.job not found.
C:\Windows\Tasks\At63.job not found.
C:\Windows\Tasks\At64.job not found.
C:\Windows\Tasks\At65.job not found.
C:\Windows\Tasks\At66.job not found.
C:\Windows\Tasks\At67.job not found.
C:\Windows\Tasks\At68.job not found.
C:\Windows\Tasks\At69.job not found.
C:\Windows\Tasks\At70.job not found.
C:\Windows\Tasks\At71.job not found.
C:\Windows\Tasks\At72.job not found.
C:\Windows\Tasks\At73.job not found.
C:\Windows\Tasks\At74.job not found.
C:\Windows\Tasks\At75.job not found.
C:\Windows\Tasks\At76.job not found.
C:\Windows\Tasks\At77.job not found.
C:\Windows\Tasks\At78.job not found.
C:\Windows\Tasks\At79.job not found.
C:\Windows\Tasks\At8.job not found.
C:\Windows\Tasks\At80.job not found.
C:\Windows\Tasks\At81.job not found.
C:\Windows\Tasks\At82.job not found.
C:\Windows\Tasks\At83.job not found.
C:\Windows\Tasks\At84.job not found.
C:\Windows\Tasks\At85.job not found.
C:\Windows\Tasks\At86.job not found.
C:\Windows\Tasks\At87.job not found.
C:\Windows\Tasks\At88.job not found.
C:\Windows\Tasks\At89.job not found.
C:\Windows\Tasks\At90.job not found.
C:\Windows\Tasks\At91.job not found.
C:\Windows\Tasks\At92.job not found.
C:\Windows\Tasks\At93.job not found.
C:\Windows\Tasks\At94.job not found.
C:\Windows\Tasks\At95.job not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:03:37 ====

AdwCleaner log:

# AdwCleaner v4.111 - Logfile created 24/02/2015 at 14:14:01
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.111.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage
File Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage-journal
Folder Found : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16450
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 


Unfortunately it is still running the same way.  What's odd is that the site eftps.gov has been working again since the time I posted about my problem but other sites like say, soccernet.com are still doing the same thing.  I fiddled with some antivirus software so maybe that helped on a few sites for whatever reason and not the others (I used by all accounts reputable programs that have millions of downloads from good sites) ? I should've taken logs of them and saved them. Blah!

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 AM

Posted 25 February 2015 - 08:22 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===


How is it now?

#5 AlexC1986

AlexC1986
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 February 2015 - 10:56 AM

I think it worked! soccernet.com works, eftps.gov works, across browsers.  fingers crossed!

Here is the RogueKiller report:
 

RogueKiller V10.4.3.0 (x64) [Feb 23 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Administrator]
Mode : Delete -- Date : 02/25/2015  10:48:29
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] SpotifyWebHelper.exe(2192) -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[7] -> Killed [TermProc]
 
¤¤¤ Registry : 22 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [7] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [7][x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Run | Spotify Web Helper : "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Run | uTorrent : "C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED  -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8E661F3A-0BD1-4156-8B94-97F2C7A85FF5} | DhcpNameServer : 168.94.0.14 168.94.0.15 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FD365426-29C5-4234-ABE8-A9F8A0FA5CCB} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8E661F3A-0BD1-4156-8B94-97F2C7A85FF5} | DhcpNameServer : 168.94.0.14 168.94.0.15 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FD365426-29C5-4234-ABE8-A9F8A0FA5CCB} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8E661F3A-0BD1-4156-8B94-97F2C7A85FF5} | DhcpNameServer : 168.94.0.14 168.94.0.15 [UNITED STATES (US)][UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{FD365426-29C5-4234-ABE8-A9F8A0FA5CCB} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-13239763-3604620186-3359948431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] \\alarm -- "C:\Users\Owner\Desktop\IRS thugs\Music\Alligator\09 All The Wine.mp3" -> Deleted
[Suspicious.Path] \\exploding hearts -- "C:\Users\Owner\Desktop\IRS thugs\Music\Guitar Romantic\01 modern kicks.mp3" -> Deleted
[Suspicious.Path] \\jh -- "C:\Users\Owner\Desktop\IRS thugs\Music\Alligator\09 All The Wine.mp3" -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9640320AS +++++
--- User ---
[MBR] 226ab988f4d05b6585fc3c6c0d779336
[BSP] 03d5b24648cc790519fab42e7d0c62b2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 15000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 30926848 | Size: 595378 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_02252015_104547.log


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 AM

Posted 25 February 2015 - 11:07 AM

Good work.

One last scan.

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#7 AlexC1986

AlexC1986
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 February 2015 - 11:27 AM

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 MBAM out of Date!  
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox 35.0.1 Firefox out of Date!  
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.115) 
````````Process Check: objlist.exe by Laurent````````  
 Emsisoft Anti-Malware a2service.exe   
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

Everything looks good so far! 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 AM

Posted 25 February 2015 - 01:49 PM

Java 8 Update 31
Java version 32-bit out of Date

Ignore this, you have the latest version.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 AlexC1986

AlexC1986
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 26 February 2015 - 11:24 AM

Done.  Thank you so much! This had been the most frustrating computer problem ever!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 AM

Posted 26 February 2015 - 02:21 PM

Glad we could help.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,888 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:31 AM

Posted 04 March 2015 - 09:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users