Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups won't stop


  • This topic is locked This topic is locked
5 replies to this topic

#1 moselbee

moselbee

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 04 March 2015 - 11:14 AM

I have scanned with malwarez bytes.. it says no virus

I have ran house call several times... it shows threats, and that it removes them but the pop ups won't stop.

 

I am at a loss what to do .. surfing to find info is extremely difficult because of the popups. 

 

Moved from AII to MRL, log - Hamluis.

Attached Files


Edited by hamluis, 04 March 2015 - 11:52 AM.
Moved to 'Am I infected?'


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:40 PM

Posted 04 March 2015 - 12:00 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 moselbee

moselbee
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 PM

Posted 05 March 2015 - 11:19 PM

THANK YOU! 
 
there is an ad on that keeps enabling it's self all by itsself in my chrome I know forsure but deleting or disabling it is only a momentary fix... just a fyi.. 
Here are both of the logs
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Mariam (administrator) on MARIAM-PC on 05-03-2015 23:14:20
Running from C:\Users\Mariam\Downloads
Loaded Profiles: Mariam (Available profiles: UpdatusUser & Mariam & Brailley)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Dell) C:\Users\Mariam\AppData\Local\Apps\2.0\OZX4TAKT.BDB\OQPYTB7T.VMN\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2010-08-24] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\Run: [881F1976821F29C34790AB10E70E46494D706409._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\Run: [Google Update] => C:\Users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-09] (Google Inc.)
HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\Run: [DellSystemDetect] => C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\Run: [GoogleChromeAutoLaunch_B340163B838F9E96D256A003B69BD6AD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-2956428168-404915347-396044097-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)
Startup: C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mariam\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Setup_195514.lnk
ShortcutTarget: Setup_195514.lnk -> C:\ProgramData\{35ca3f02-2364-865a-35ca-a3f02236fc08}\Setup_195514.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2956428168-404915347-396044097-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [HKLM] => http=127.0.0.1:51741;https=127.0.0.1:51741
ProxyServer: [HKLM-x32] => http=127.0.0.1:51741;https=127.0.0.1:51741
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2956428168-404915347-396044097-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0FC81F71-F60D-4C98-9F29-D2905FD74C62} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {20CC3833-BB4E-4914-87CC-117DA9D4F7AF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0FC81F71-F60D-4C98-9F29-D2905FD74C62} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {FDD1BA80-49D1-4815-AE74-524DADA993A7} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2956428168-404915347-396044097-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2956428168-404915347-396044097-1002 -> DefaultScope {DED08BEC-6011-452B-9FE8-9E8F7F1DD5E8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2956428168-404915347-396044097-1002 -> {0FC81F71-F60D-4C98-9F29-D2905FD74C62} URL = 
SearchScopes: HKU\S-1-5-21-2956428168-404915347-396044097-1002 -> {20CC3833-BB4E-4914-87CC-117DA9D4F7AF} URL = 
SearchScopes: HKU\S-1-5-21-2956428168-404915347-396044097-1002 -> {DED08BEC-6011-452B-9FE8-9E8F7F1DD5E8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2956428168-404915347-396044097-1002 -> {FDD1BA80-49D1-4815-AE74-524DADA993A7} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2956428168-404915347-396044097-1002 -> No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
Toolbar: HKU\S-1-5-21-2956428168-404915347-396044097-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://76.236.90.16:88/DVRemoteAx.cab
DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} https://h50203.www5.hp.com/WCLWEB/cabs/HPISWebManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} 
DPF: HKLM-x32 {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 72.240.13.7 72.240.13.5 156.154.70.43
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2956428168-404915347-396044097-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Mariam\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2956428168-404915347-396044097-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Mariam\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2956428168-404915347-396044097-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Mariam\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2956428168-404915347-396044097-1002: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Mariam\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPCltInst121.dll (BroadSoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll (Caminova, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-10-02]
FF HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\Firefox\Extensions: [{01C9294F-E923-F725-A112-A8D0FBBF3A23}] - C:\Program Files (x86)\ver8SpeeditUp\187.xpi
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (HelloSign for Gmail) - C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil [2014-03-06]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-10-01]
CHR Extension: (Facebook Invite/Select All Friends 2015) - C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkifjigoeilijkcnpfdjbpdjgnbfibec [2014-03-06]
CHR Extension: (Google Wallet) - C:\Users\Mariam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKU\S-1-5-21-2956428168-404915347-396044097-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Mariam\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [pkpcdceijednnilobgleblmagjchmofe] - C:\Users\Mariam\AppData\Local\Temp\ccex.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2012-10-05] (Apple Inc.)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 4ef60154; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.38\OptProMon.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 HtcUsbMdmV64; C:\Windows\System32\DRIVERS\HtcUsbMdmV64.sys [111616 2007-02-08] (HTC Incorporated)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-03-14] (http://libusb-win32.sourceforge.net)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-24] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2011-01-31] ()
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2013-06-05] (Identive)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [50808 2012-09-10] (Cristalink Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
S4 gfiark; system32\drivers\gfiark.sys [X]
S4 lmimirr; system32\DRIVERS\lmimirr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 23:14 - 2015-03-05 23:14 - 00027710 _____ () C:\Users\Mariam\Downloads\FRST.txt
2015-03-05 23:14 - 2015-03-05 23:14 - 00000000 ____D () C:\FRST
2015-03-05 23:13 - 2015-03-05 23:13 - 02092544 _____ (Farbar) C:\Users\Mariam\Downloads\FRST64.exe
2015-03-05 23:10 - 2015-03-05 23:10 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
2015-03-04 11:09 - 2015-03-04 11:09 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mariam\Downloads\HijackThis.exe
2015-03-03 20:11 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 20:11 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 20:11 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 20:11 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-02 21:15 - 2015-03-02 21:26 - 00000010 _____ () C:\Users\Mariam\AppData\Local\sponge.last.runtime.cache
2015-03-02 21:06 - 2015-03-02 21:06 - 02494944 _____ (Trend Micro Inc.) C:\Users\Mariam\Downloads\HousecallLauncher64.exe
2015-03-02 21:06 - 2013-09-27 21:56 - 00285208 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-03-02 20:34 - 2015-03-02 20:48 - 00000000 ____D () C:\AdwCleaner
2015-03-02 20:32 - 2015-03-02 20:32 - 02126848 _____ () C:\Users\Mariam\Downloads\AdwCleaner.exe
2015-03-02 20:25 - 2015-03-02 20:27 - 00000000 ____D () C:\Program Files (x86)\Super Notifier
2015-03-01 18:34 - 2015-03-05 03:00 - 00000020 _____ () C:\Users\Mariam\AppData\Roaming\appdataFr3.bin
2015-02-28 12:27 - 2015-02-28 12:27 - 00015205 _____ () C:\Users\Mariam\Downloads\msg0011 (2).WAV
2015-02-26 11:35 - 2015-03-05 23:09 - 00000504 _____ () C:\Windows\setupact.log
2015-02-26 11:35 - 2015-02-26 11:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 13:02 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 13:02 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 23:22 - 2015-02-24 23:22 - 03115986 _____ () C:\immudebug.log
2015-02-24 17:12 - 2015-02-24 17:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\479B5917.sys
2015-02-24 12:59 - 2015-02-24 13:02 - 00000000 ____D () C:\Program Files (x86)\Wunderlist Panel
2015-02-24 10:58 - 2015-02-24 11:22 - 4062361391 _____ () C:\Users\Mariam\Downloads\All prego pics.zip
2015-02-23 16:28 - 2015-02-23 16:28 - 00024825 _____ () C:\Users\Mariam\Downloads\msg0011.WAV
2015-02-21 20:05 - 2015-02-21 20:05 - 00003622 _____ () C:\Windows\System32\Tasks\gtaUpt
2015-02-17 22:02 - 2015-02-17 22:02 - 00019627 _____ () C:\Users\Mariam\Downloads\Spreadsheet (1).csv
2015-02-12 03:07 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 03:07 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 03:07 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 03:07 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 22:54 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 22:54 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 22:54 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 22:54 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 22:54 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 22:54 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 22:54 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 22:54 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 22:54 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 22:54 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 22:54 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 22:54 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 22:54 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 22:54 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 22:54 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 22:54 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 22:54 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 22:54 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 22:54 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 22:54 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 22:54 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 22:54 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 22:54 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 22:54 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 22:54 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 22:54 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 22:54 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 22:54 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 22:54 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 22:54 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 22:54 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 22:54 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 22:54 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 22:54 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 22:54 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 22:54 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 22:54 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 22:54 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 22:54 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 22:54 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 22:54 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 22:54 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 22:54 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 22:54 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 22:54 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 22:54 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 22:54 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 22:54 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 22:54 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 22:54 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 22:54 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 22:54 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 22:54 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 22:54 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 22:54 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 22:54 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 22:54 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 22:54 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 22:54 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 22:54 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 22:54 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 22:54 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 22:54 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 22:54 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 22:54 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 22:54 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 22:54 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 22:54 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 22:54 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 22:54 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 22:54 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 22:54 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 22:54 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 22:54 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 22:54 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 22:53 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 22:53 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 22:53 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 22:53 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 22:53 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 22:53 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 22:53 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 22:53 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 22:53 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 22:53 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 22:53 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 22:53 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 22:53 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 22:53 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 22:53 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 22:53 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 22:53 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 22:53 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 22:53 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 22:53 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 22:53 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 22:53 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 22:53 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 22:53 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 22:53 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 22:53 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 22:53 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 22:53 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 22:53 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 22:53 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 22:53 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 22:53 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 22:52 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-08 15:00 - 2015-02-08 15:00 - 00000088 _____ () C:\Users\Mariam\AppData\Local\d9ca2c6ca89717a3c0998e66f515e5d6
2015-02-08 14:59 - 2015-02-08 14:59 - 00000000 ____D () C:\Program Files (x86)\GUM4364.tmp
2015-02-08 14:58 - 2015-03-05 23:09 - 00001342 _____ () C:\Windows\Tasks\UOEKDB.job
2015-02-08 14:58 - 2015-02-08 14:58 - 00004372 _____ () C:\Windows\System32\Tasks\UOEKDB
2015-02-08 14:55 - 2015-02-09 15:37 - 00000000 ____D () C:\ProgramData\{35ca3f02-2364-865a-35ca-a3f02236fc08}
2015-02-07 12:04 - 2015-02-07 12:04 - 00301608 _____ (VuuPC Limited) C:\Users\Mariam\AppData\Local\nsiAD80.tmp
2015-02-07 11:56 - 2015-02-07 11:56 - 00003760 _____ () C:\Windows\System32\Tasks\JZXIRNMDN
2015-02-07 11:56 - 2015-01-27 17:31 - 00344440 _____ (CartCrunch Israel Ltd.) C:\Windows\system32\ColorMedia64.dll
2015-02-07 11:55 - 2015-02-21 20:05 - 00000045 _____ () C:\user.js
2015-02-07 02:18 - 2015-02-07 02:20 - 00034317 _____ () C:\Users\Mariam\Downloads\expenses 2014 lacey.xlsx
2015-02-07 02:17 - 2015-02-07 02:18 - 00032695 _____ () C:\Users\Mariam\Downloads\deposits 2014 laceys.xlsx
2015-02-04 17:42 - 2015-02-04 17:42 - 00000020 ___SH () C:\Users\Mariam\ntuser.ini
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-05 23:11 - 2011-11-18 20:59 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-03-05 23:11 - 2011-11-18 20:59 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-03-05 23:11 - 2011-11-18 20:54 - 00000000 ____D () C:\Temp
2015-03-05 23:11 - 2011-11-18 20:54 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-03-05 23:10 - 2011-12-25 00:58 - 00000000 ____D () C:\Users\Mariam\AppData\Local\Deployment
2015-03-05 23:09 - 2013-01-25 23:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-05 23:09 - 2011-11-18 22:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-05 23:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 23:07 - 2014-03-04 13:53 - 01824961 _____ () C:\Windows\WindowsUpdate.log
2015-03-05 22:42 - 2012-05-10 18:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-05 22:21 - 2013-01-25 23:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-05 22:17 - 2013-10-09 13:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002UA.job
2015-03-05 22:17 - 2013-10-09 13:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002Core.job
2015-03-05 03:05 - 2013-09-08 16:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-05 03:05 - 2013-09-08 16:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-03-05 03:05 - 2013-05-02 15:18 - 00002113 _____ () C:\Windows\epplauncher.mif
2015-03-04 18:49 - 2010-08-30 19:01 - 00000000 ____D () C:\Users\Mariam\Documents\Misc
2015-03-04 11:11 - 2009-07-13 23:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 11:11 - 2009-07-13 23:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 03:22 - 2014-02-26 16:08 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2956428168-404915347-396044097-1002.job
2015-03-04 03:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 20:16 - 2013-07-02 02:35 - 08492544 ___SH () C:\Users\Mariam\Downloads\Thumbs.db
2015-03-03 08:17 - 2010-11-20 22:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 03:51 - 2012-02-25 03:16 - 08195252 _____ () C:\Users\Mariam\AppData\Local\census.cache
2015-03-03 03:50 - 2012-02-25 03:13 - 00124064 _____ () C:\Users\Mariam\AppData\Local\ars.cache
2015-03-02 20:51 - 2012-12-27 23:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-28 12:46 - 2013-08-29 20:12 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-28 02:50 - 2015-01-23 20:23 - 00000973 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-28 02:50 - 2015-01-23 20:23 - 00000961 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-02-25 13:16 - 2013-10-05 19:58 - 00437760 ___SH () C:\Users\Mariam\Desktop\Thumbs.db
2015-02-24 23:42 - 2014-07-19 16:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 23:23 - 2009-07-13 21:34 - 00449994 ____R () C:\Windows\system32\Drivers\etc\hosts.20150302-205309.backup
2015-02-22 09:31 - 2011-12-13 19:35 - 00000000 ____D () C:\Windows\Sun
2015-02-21 13:44 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-20 16:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-20 16:42 - 2013-09-03 17:03 - 00000000 ____D () C:\Users\Mariam\AppData\Roaming\TeamViewer
2015-02-19 20:26 - 2013-10-09 12:54 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-17 10:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system
2015-02-16 18:02 - 2012-03-28 16:35 - 00000000 ____D () C:\Users\Mariam\AppData\Roaming\Apple Computer
2015-02-13 18:58 - 2012-03-28 16:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-13 13:41 - 2014-12-01 22:28 - 00000000 ____D () C:\Users\Public\Documents\System
2015-02-13 13:41 - 2014-12-01 22:28 - 00000000 ____D () C:\Users\Mariam\Documents\VCheck
2015-02-13 13:41 - 2014-12-01 22:17 - 00000000 ____D () C:\Users\Public\Documents\G7PS
2015-02-11 03:35 - 2009-07-13 23:45 - 05032872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:31 - 2014-12-11 03:22 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:31 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:13 - 2012-01-01 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 03:10 - 2013-07-19 13:23 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:03 - 2011-11-25 20:20 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 13:35 - 2013-08-10 18:05 - 00000000 ____D () C:\Program Files (x86)\A-PDF Image to PDF
2015-02-09 12:11 - 2009-07-14 00:13 - 00818482 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-09 11:49 - 2013-05-22 18:56 - 00003246 _____ () C:\Windows\wininit.ini
2015-02-09 11:08 - 2009-07-13 21:34 - 00449994 ____R () C:\Windows\system32\Drivers\etc\hosts.20150224-232340.backup
2015-02-07 12:54 - 2010-12-28 00:32 - 00000000 ____D () C:\Users\Mariam\Documents\Work
2015-02-06 11:16 - 2013-01-25 23:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 11:16 - 2013-01-25 23:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 22:12 - 2013-10-09 13:09 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002UA
2015-02-05 22:12 - 2013-10-09 13:09 - 00003492 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002Core
2015-02-04 20:43 - 2012-05-10 18:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 20:43 - 2012-05-10 18:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 20:43 - 2011-11-18 20:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 19:49 - 2013-01-07 22:15 - 00000000 ____D () C:\Windows\Minidump
2015-02-04 19:49 - 2011-12-25 00:29 - 00000000 ____D () C:\Users\Mariam\AppData\Roaming\uTorrent
2015-02-04 17:42 - 2011-11-25 19:12 - 00000000 ____D () C:\Users\Mariam
 
==================== Files in the root of some directories =======
 
2014-10-18 02:01 - 2014-10-18 02:01 - 6000640 _____ () C:\Program Files (x86)\GUT3612.tmp
2014-10-19 02:02 - 2014-10-19 02:02 - 6000640 _____ () C:\Program Files (x86)\GUTEF7C.tmp
2013-10-22 21:29 - 2013-10-22 21:29 - 0000288 _____ () C:\Users\Mariam\AppData\Roaming\.backup.dm
2015-03-01 18:34 - 2015-03-05 03:00 - 0000020 _____ () C:\Users\Mariam\AppData\Roaming\appdataFr3.bin
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Users\Mariam\AppData\Roaming\UOEKDB
2014-02-24 18:00 - 2014-02-24 18:00 - 0893239 _____ () C:\Users\Mariam\AppData\Local\a.zip
2012-02-25 03:13 - 2015-03-03 03:50 - 0124064 _____ () C:\Users\Mariam\AppData\Local\ars.cache
2014-02-24 18:00 - 2014-02-24 18:00 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Mariam\AppData\Local\BcsKtYcHW.dll
2012-02-25 03:16 - 2015-03-03 03:51 - 8195252 _____ () C:\Users\Mariam\AppData\Local\census.cache
2015-02-08 15:00 - 2015-02-08 15:00 - 0000088 _____ () C:\Users\Mariam\AppData\Local\d9ca2c6ca89717a3c0998e66f515e5d6
2013-08-27 23:52 - 2013-09-18 19:33 - 0004608 _____ () C:\Users\Mariam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-22 17:24 - 2012-10-22 17:24 - 0000094 _____ () C:\Users\Mariam\AppData\Local\fusioncache.dat
2012-02-25 02:58 - 2012-02-25 02:58 - 0000036 _____ () C:\Users\Mariam\AppData\Local\housecall.guid.cache
2015-02-07 12:04 - 2015-02-07 12:04 - 0301608 _____ (VuuPC Limited) C:\Users\Mariam\AppData\Local\nsiAD80.tmp
2013-05-15 12:02 - 2013-05-15 12:02 - 0000856 _____ () C:\Users\Mariam\AppData\Local\recently-used.xbel
2013-11-29 20:41 - 2013-12-14 17:17 - 0007601 _____ () C:\Users\Mariam\AppData\Local\resmon.resmoncfg
2013-12-23 21:39 - 2013-12-23 21:39 - 0000000 _____ () C:\Users\Mariam\AppData\Local\rx_image32.Cache
2015-03-02 21:15 - 2015-03-02 21:26 - 0000010 _____ () C:\Users\Mariam\AppData\Local\sponge.last.runtime.cache
2014-01-08 01:34 - 2013-02-18 17:24 - 0000002 _____ () C:\ProgramData\test.txt
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\MSVBVM60.DLL
C:\Windows\System32\olepro32.DLL
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 16:55
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Mariam at 2015-03-05 23:15:34
Running from C:\Users\Mariam\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Algebra 2 Solved! (HKLM-x32\...\{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}) (Version: 20.08.0074 - Bagatrix)
A-PDF Image Converter Pro (HKLM-x32\...\A-PDF Image to PDF_is1) (Version:  - A-PDF Solution)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
Ashampoo ClipFinder HD v.2.2.3 (HKLM-x32\...\Ashampoo ClipFinder HD_is1) (Version: 2.2.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Converter v.1.0.1 (HKLM-x32\...\Ashampoo Photo Converter_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 3 v.3.13 (HKLM-x32\...\Ashampoo Photo Optimizer 3_is1) (Version: 3.1.3 - Ashampoo Technology GmbH & Co. KG)
Ashampoo Registry Cleaner v.1.00 (HKLM-x32\...\Ashampoo Registry Cleaner_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
BlackBerry App World Browser Plugin (HKLM-x32\...\{A21CC8D4-7BA8-4AA9-9F2E-EEF54D5F7E71}) (Version: 4.2.1.12 - Research In Motion Limited)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bullzip PDF Printer 9.3.0.1516 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.3.0.1516 - Bullzip)
calibre (HKLM-x32\...\{D14AAC37-38FC-4454-9CEC-B3CD081632C4}) (Version: 0.8.38 - Kovid Goyal)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.02 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell System Detect (HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1719 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1719 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Document Express DjVu Plug-in (HKLM-x32\...\{EB1534A9-7C4F-49A6-B0D9-74D955FB7AF1}) (Version: 6.1.31219 - Caminova, Inc.)
Duplicate Cleaner 2.1b (HKLM-x32\...\Duplicate Cleaner) (Version: 2.1b - DigitalVolcano)
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
FCTAgent.2.1.17 (HKLM-x32\...\FCTAgent_is1) (Version:  - PalmAgent)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Geometry Solved! (HKLM-x32\...\{33B5B641-7843-48A9-A8FE-4501869D0B92}) (Version: 20.08.0074 - Bagatrix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.0.1.1796 (HKU\S-1-5-21-2956428168-404915347-396044097-1002\...\GoToMeeting) (Version: 7.0.1.1796 - CitrixOnline)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 12.0.13351.1658 - Hewlett-Packard)
HP FWUpdateEDO3 (HKLM-x32\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP IDF Software (HKLM-x32\...\{974025B1-769B-49E9-817C-C638ABE8F372}) (Version: 11.15.1000 - Hewlett-Packard Company)
HP LaserJet Professional M1530 MFP Series (HKLM-x32\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version:  - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (HKLM-x32\...\{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppFaxDrvM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityM1530 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
hppM1530LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppSendFaxM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1530 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.3.0.001 - HTC Corporation)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCare Data Recovery Professional 4.6.3.3 (HKLM-x32\...\iCare Data Recovery Professional_is1) (Version:  - iCare Software)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Jawbone Updater (HKLM-x32\...\Jawbone Updater) (Version: 0.1 - Jawbone)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KONICA MINOLTA Universal PCL (HKLM\...\KONICA MINOLTA Universal PCL) (Version:  - KONICA MINOLTA)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaPlayerLite 0.4.1 (HKLM-x32\...\MediaPlayerLite) (Version: 0.4.1 - MediaPlayerLite)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MotoHelper 2.1.40 Driver 5.5.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.40 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.5.0 (Version: 5.5.0 - Motorola Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6308.28 - PC-Doctor, Inc.)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Ohio Real Estate Salesperson CompuCram  (HKLM-x32\...\Ohio Real Estate Salesperson CompuCram ) (Version:  - )
Ohio Real Estate Salesperson CompuCram (HKLM-x32\...\Ohio Real Estate Salesperson CompuCram) (Version:  - )
OSForensics (HKLM\...\OSForensics_is1) (Version:  - PassMark Software)
PhoneClean 2.2.0 (HKLM-x32\...\{E980ED1F-AOF8-PF7E-B174-59POS2BOIUVB}}_is1) (Version: 2.2.0 - iMobie Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Portrait Professional 11.3 (HKLM-x32\...\PortraitProfessional11_is1) (Version: 11.3 - Anthropics Technology Ltd.)
Publish to Photo Frame (HKLM-x32\...\{6E6D21BA-82D7-451A-8B2C-465B3AC9824E}) (Version: 1.0.3.0 - Roger Lipscombe)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RSDLite (HKLM-x32\...\{EAC93E1D-4807-43E2-B39A-8170B731B7D0}) (Version: 5.6 - Motorola)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Scratch Live 2.4.3 (21) (HKLM-x32\...\{1173F828-08FB-4C84-A7F5-B3222757A926}) (Version: 2.4.3 - Serato Inc LP)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
SentriCard Utility (HKLM-x32\...\{14B8F58C-4BD8-4122-9FE6-827527626392}_is1) (Version: 4.0.0 - SentriLock, LLC)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
TIFF Combiner 1.1 (HKLM-x32\...\TIFF Combiner) (Version: 1.1 - )
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VersaCheck Platinum 2010 (HKLM-x32\...\{086026D0-B765-4C19-8654-43D0E110F5E5}) (Version: 10.0.1.0 - G7 Productivity Systems, Inc.)
VLC media player 1.0.1 (HKLM-x32\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wondershare Dr.Fone for Android(Build 2.1.0.21) (HKLM-x32\...\{1DB91A95-C548-4BA5-9D4C-18C7DEAAC39F}_is1) (Version: 2.1.0.21 - Wondershare Software Co.,Ltd.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2956428168-404915347-396044097-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1312\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2956428168-404915347-396044097-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mariam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2956428168-404915347-396044097-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mariam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
27-02-2015 03:00:12 Windows Update
28-02-2015 03:00:11 Windows Update
01-03-2015 17:59:58 Windows Update
02-03-2015 19:51:04 Windows Update
03-03-2015 03:00:20 Windows Update
04-03-2015 03:00:46 Windows Update
05-03-2015 03:01:02 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-03-02 20:53 - 00449994 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03AAD8DB-16F1-40C5-A521-D84458EBAB73} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {052E8F46-8DE0-4DF4-B351-3578B4B6AA7D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {05C26363-FC74-40F4-87F2-B602632CD706} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {0CEC79EE-6C82-4B98-84DA-93506AFEFCDD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002UA => C:\Users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {13653A5B-8EAA-486D-B5CD-CD1F37EBC257} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: {16509091-09F9-4B12-860E-82787983A228} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {19BC3C37-1270-4EAF-83B2-0478F124B0CA} - System32\Tasks\{874401AB-D82C-4002-B3BF-CFBE8E353E4C} => pcalua.exe -a C:\ubuntu\uninstall-wubi.exe -d C:\ubuntu
Task: {1A91C614-310C-480D-BE3E-6EEF78E3D481} - System32\Tasks\{F2A5E16B-DC31-45EC-9A8B-7CCBF4042AF3} => pcalua.exe -a "C:\Program Files (x86)\MSConfig CleanUp\UninsHs.exe" -d "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSConfig CleanUp"
Task: {1F9C4CE2-F325-4B17-8735-37EF72710D3F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002Core => C:\Users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {212553B2-E57B-4F52-95B6-21158161D4BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {2300C72C-4CF7-4D6C-9ABE-EF316C9A17B6} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {235E0297-8235-418E-B7DF-FE883FA71C68} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {25192E13-2CBE-4E82-83F9-34C5F63E02A7} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {2A16E119-22C3-4427-8512-9CBC9467D033} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2012-02-01] ()
Task: {2F3E3B8D-B327-42A9-A100-B9E761BE2D8B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {35EA29F7-1B29-4281-9108-937DB6CD6370} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3A07B5E9-3D50-4592-B94A-5ADE111CAC6A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4345DE26-CEFE-4D73-B91D-11F4F5039646} - System32\Tasks\{3935CCD6-DD47-4332-BDA7-09E4F74FF2AE} => pcalua.exe -a "C:\Program Files (x86)\AirPrint\AirPrint_Installer.exe" -d "C:\Program Files (x86)\AirPrint"
Task: {43F20F78-DBC7-4B24-8191-E5BE82AA40DF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {57FDC702-B41A-40DB-80B4-ECE6DF3E61F9} - System32\Tasks\{F635F070-A836-430C-9B94-7399E7A70CDC} => pcalua.exe -a C:\Users\Mariam\Downloads\rescue2usb.exe -d C:\Users\Mariam\Downloads
Task: {5F52D6C9-C3D6-4720-AC39-AF13D4488B2A} - System32\Tasks\UOEKDB => C:\Users\Mariam\AppData\Roaming\UOEKDB.exe <==== ATTENTION
Task: {7303ADD8-479A-4EA3-A367-EDDAF59E3FE1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {831633DC-059A-4E2C-8F32-3DB8CED80280} - System32\Tasks\G2MUpdateTask-S-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\Citrix\GoToMeeting\1796\g2mupdate.exe [2014-10-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {84B7DCAD-8618-48E4-B1DC-5B058FB73650} - System32\Tasks\JZXIRNMDN => C:\ProgramData\6a114262338742f2a094b22ca1350edb\6a114262338742f2a094b22ca1350edb.exe
Task: {89AB4AFF-9DB5-45C2-AD27-2C86E24D0789} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C0948481-A898-464E-A31D-737E329B925F} - \DonutQuotes No Task File <==== ATTENTION
Task: {C31F283F-CA98-4C65-847E-26649B2E29AE} - System32\Tasks\{2742054C-3D63-4E3B-8580-10281C2E697C} => pcalua.exe -a C:\downloads\7zip.exe -d C:\downloads
Task: {C4F72D6F-32AA-4C4C-A9DB-5B4EF9091916} - System32\Tasks\{0EDDA668-B0A8-450F-AB9E-D5F88B3969AF} => pcalua.exe -a C:\Users\Mariam\Downloads\DroidX2_Root_2012.exe -d C:\Users\Mariam\Downloads
Task: {C98CD269-1C1C-4224-AF07-93A9549366E6} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {D8BCFC1C-4E7E-46E2-8B1C-232AC7A28279} - System32\Tasks\gtaUpt => C:\Program Files\shopperz\zaeed.bat
Task: {E4AC1F69-C857-4C1C-80C8-814FB33ACDB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25] (Google Inc.)
Task: {F057ACBD-26BE-4A5E-A062-227DD08C7A37} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F491C1AB-259C-4DA4-A76D-81798BA57EBA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2956428168-404915347-396044097-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2956428168-404915347-396044097-1002.job => C:\Program Files (x86)\Citrix\GoToMeeting\1796\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002Core.job => C:\Users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2956428168-404915347-396044097-1002UA.job => C:\Users\Mariam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\UOEKDB.job => C:\Users\Mariam\AppData\Roaming\UOEKDB.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-08 16:45 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-02-01 11:50 - 2012-02-01 11:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2011-11-18 21:40 - 2011-07-20 08:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-13 11:14 - 2011-07-25 08:43 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-06-25 23:03 - 2010-06-25 23:03 - 00037888 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOB__J_1.DLL
2013-11-10 22:21 - 2013-11-25 19:22 - 00607744 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2012-02-01 11:50 - 2012-02-01 11:50 - 01850224 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2012-02-01 16:55 - 2012-02-01 16:55 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2012-02-01 16:55 - 2012-02-01 16:55 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2013-09-03 19:06 - 2012-12-07 16:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-11-18 20:54 - 2011-09-22 11:14 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-19 20:26 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-19 20:26 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-19 20:26 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2010-10-25 14:36 - 2010-10-25 14:36 - 00119864 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-05 23:10 - 2015-03-05 23:10 - 00098816 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32api.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00110080 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\pywintypes27.dll
2015-03-05 23:10 - 2015-03-05 23:10 - 00364544 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\pythoncom27.dll
2015-03-05 23:10 - 2015-03-05 23:10 - 00045568 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\_socket.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 01160704 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\_ssl.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00320512 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32com.shell.shell.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00713216 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\_hashlib.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 01175040 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._core_.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00805888 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._gdi_.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00811008 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._windows_.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 01062400 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._controls_.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00735232 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._misc_.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00557056 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\pysqlite2._sqlite.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00128512 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\_elementtree.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00127488 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\pyexpat.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00087552 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\_ctypes.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00119808 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32file.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00108544 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32security.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00007168 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\hashobjs_ext.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00167936 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32gui.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00018432 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32event.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00038912 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32inet.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00011264 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32crypt.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00070656 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._html2.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00027136 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\_multiprocessing.pyd
2015-03-05 23:09 - 2015-03-05 23:09 - 00035840 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32process.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00686080 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\unicodedata.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00122368 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._wizard.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00024064 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32pipe.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00025600 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32pdh.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00525640 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\windows._lib_cacheinvalidation.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00010240 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\select.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00017408 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32profile.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00022528 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\win32ts.pyd
2015-03-05 23:10 - 2015-03-05 23:10 - 00078336 _____ () C:\Users\Mariam\AppData\Local\Temp\_MEI24282\wx._animate.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:C76EDAC3
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile:  <===== ATTENTION!
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2956428168-404915347-396044097-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Mariam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 72.240.13.7 - 72.240.13.5
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: HTCMonitorService => 2
MSCONFIG\Services: RasMan => 3
MSCONFIG\startupfolder: C:^Users^Mariam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Mariam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Launch Jawbone Updater.lnk => C:\Windows\pss\Launch Jawbone Updater.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: uTorrent => "C:\Users\Mariam\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2956428168-404915347-396044097-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2956428168-404915347-396044097-1013 - Limited - Enabled)
Brailley (S-1-5-21-2956428168-404915347-396044097-1017 - Administrator - Enabled) => C:\Users\Brailley
Guest (S-1-5-21-2956428168-404915347-396044097-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2956428168-404915347-396044097-1016 - Limited - Enabled)
Mariam (S-1-5-21-2956428168-404915347-396044097-1002 - Administrator - Enabled) => C:\Users\Mariam
UpdatusUser (S-1-5-21-2956428168-404915347-396044097-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: ElRawDisk
Description: ElRawDisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ElRawDisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2015 11:11:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.2.0.3, time stamp: 0x4fe8ea02
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xc06d007e
Fault offset: 0x000000000000940d
Faulting process id: 0x6cc
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (03/05/2015 11:11:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/05/2015 11:09:29 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=21, authorId=674, vendorId=0, vendorType=0
 
Error: (03/05/2015 01:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14992
 
Error: (03/05/2015 01:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14992
 
Error: (03/05/2015 01:24:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 01:24:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13993
 
Error: (03/05/2015 01:24:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13993
 
Error: (03/05/2015 01:24:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/05/2015 01:24:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12995
 
 
System errors:
=============
Error: (03/05/2015 11:12:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/05/2015 11:12:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ElRawDisk
 
Error: (03/05/2015 11:11:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: 
%%1058
 
Error: (03/05/2015 11:10:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/05/2015 11:10:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error: 
%%1053
 
Error: (03/05/2015 11:10:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
 
Error: (03/05/2015 11:10:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (03/05/2015 11:09:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 193
 
Error: (03/05/2015 11:09:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (03/05/2015 03:08:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.7.205.0 (KB2994766).
 
 
Microsoft Office Sessions:
=========================
Error: (12/20/2014 08:53:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 893 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (11/18/2014 08:42:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6707.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 337561 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/28/2014 04:30:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10498 seconds with 2640 seconds of active time.  This session ended with a crash.
 
Error: (10/24/2013 10:42:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 62 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (10/24/2013 10:41:32 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 605 seconds with 240 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-19 17:19:41.203
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-19 17:19:41.003
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-19 17:19:40.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-09-19 17:19:40.604
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-09 01:32:08.863
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-09 01:32:08.832
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-09 01:32:08.816
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-09 01:32:08.785
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-01-04 00:54:34.575
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-01-04 00:54:34.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 3990.17 MB
Available physical RAM: 1849.79 MB
Total Pagefile: 7978.52 MB
Available Pagefile: 5241.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:72.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:40 PM

Posted 06 March 2015 - 07:08 AM

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via  hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.
 
CHR dev: Chrome dev build detected! <======= ATTENTION
You must reinstall google chrome.
https://support.google.com/chrome/answer/96816?hl=en
 
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    google chrome
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2
Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 3

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 4
 
google_chrome.png Install: https://www.google.com/chrome

Step 5

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:40 PM

Posted 09 March 2015 - 02:32 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:40 PM

Posted 12 March 2015 - 01:51 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users