Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus has infected my laptop - Gamesdesktop, RinoReader, Local Temp, and more


  • This topic is locked This topic is locked
12 replies to this topic

#1 stirfry

stirfry

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 29 March 2015 - 11:04 PM

Hi -

 

I got a virus that has installed the following on my laptop: Gamesdesktop, RinoReader, Local Temp, MixVideo Player, and Obrona Cleaner.  Not only has it installed the following mentioned but there are many more that its asking to be install and also it redirects my browser to another page everytime I open a tab or browser.

 

Below is my FRST log.txt but for some reason i cannot attach my addition.txt.  I did paste it after the FRST log.

 

Please help.

 

Cheers,

TK

-----------------------------------------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by skhen (administrator) on SKHEN-PC on 29-03-2015 22:46:28
Running from C:\Users\skhen\Downloads
Loaded Profiles: skhen &  (Available profiles: skhen)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\Crossbrowse.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
() C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(LENOVO) C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.3.336.0\McCSPServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Core Systems) C:\Users\skhen\AppData\Local\LocalTemperature\LT_Updater.exe
(Local Temperature, LLC) C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe
(Download Sp. z o. o.) C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(WebWatcher) C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe
() C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe
() C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe
(Small Island Development) C:\ProgramData\WSpEPYm\HgUmpYtm.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe
() C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe
() C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe
(                                                            ) C:\Users\skhen\AppData\Local\gmsd_us_357\Download\majmp_gentleeeuu.exe
() C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp\majmp_gentleeeuu.tmp
(                                                            ) C:\Users\skhen\AppData\Local\Temp\is-PD9L2.tmp\gentlemjmp_ieeuu.exe
() C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp\gentlemjmp_ieeuu.tmp
() C:\ProgramData\NetEngine\bin\D2\netengine.exe
() C:\ProgramData\NetEngine\bin\D2\netengine.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789856 2012-05-14] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-05-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2012-05-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-05-14] (Lenovo)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-14] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-09] (LENOVO)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [533872 2015-01-13] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe [2391040 2015-03-29] ()
HKLM-x32\...\Run: [gmsd_us_357] => C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe [3982504 2015-03-26] ()
HKLM-x32\...\Run: [CrashMon] => C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe [440320 2015-03-29] ()
HKLM-x32\...\RunOnce: [upgmsd_us_357.exe] => C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe [3310760 2015-03-26] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-14] (Google Inc.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [Obrona Cleaner] => C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe [1380632 2015-02-25] (Download Sp. z o. o.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-04] (Crossbrowse)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\RunOnce: [Adobe Speed Launcher] => 1427420952
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\MountPoints2: {faad7cf1-eb88-11e3-a085-047d7b8dd13e} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-14] (Google Inc.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Obrona Cleaner] => C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe [1380632 2015-02-25] (Download Sp. z o. o.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-04] (Crossbrowse)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Adobe Speed Launcher] => 1427420952
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {faad7cf1-eb88-11e3-a085-047d7b8dd13e} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [{90140000-0011-0000-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-0018-0409-1000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-03-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk
ShortcutTarget: WebBrowserMixVideoPlayer.lnk -> C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe ()
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local Temperature.lnk
ShortcutTarget: Local Temperature.lnk -> C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe (Local Temperature, LLC)
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV=
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {0B10D96C-709E-40FE-9754-25AE63F5CDB6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS496
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {63DA9927-1960-496A-B415-4F2794DAB9A0} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS496
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {DFBBBEB0-7247-4295-8218-2F1BF4311AD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US714D20120822&p={searchTerms}
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {DFBBBEB0-7247-4295-8218-2F1BF4311AD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US714D20120822&p={searchTerms}
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0B10D96C-709E-40FE-9754-25AE63F5CDB6} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS496
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {63DA9927-1960-496A-B415-4F2794DAB9A0} URL = http://www.bing.com/search?FORM=U079DF&PC=U079&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS496
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DFBBBEB0-7247-4295-8218-2F1BF4311AD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US714D20120822&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-09] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HealthcareGovTool -> {E54A132C-6775-4A03-9803-43563D492B91} -> C:\Program Files (x86)\HealthcareGovTool\ScriptHost64.dll [2015-02-25] (healthcaregovtool)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HealthcareGovTool -> {E54A132C-6775-4A03-9803-43563D492B91} -> C:\Program Files (x86)\HealthcareGovTool\ScriptHost.dll [2015-02-25] (healthcaregovtool)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-09] (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-09] (Google Inc.)
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2015-01-28] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9-x64 01 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 02 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 03 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 04 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 15 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\skhen\AppData\Roaming\Mozilla\Firefox\Profiles\5c34zbnq.default-1411556988775
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV=
FF SelectedSearchEngine: Trovi
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\skhen\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF SearchPlugin: C:\Users\skhen\AppData\Roaming\Mozilla\Firefox\Profiles\5c34zbnq.default-1411556988775\searchplugins\trovi.xml [2015-03-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-09-21]
FF Extension: Healthcare Gov Tool - C:\Program Files (x86)\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
FF Extension: Healthcare Gov Tool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-08-22]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV="
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-01]
CHR Extension: (SiteAdvisor) - C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-12-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-09]
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\skhen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-26]
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\skhen\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-05-26]
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-03-16] (Client Connect LTD)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 HgUmpYtm; C:\ProgramData\WSpEPYm\HgUmpYtm.exe [2733552 2015-03-29] (Small Island Development)
S2 hnv; c:\windows\hnv.exe [521216 2015-03-29] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [346696 2013-07-30] (Verizon) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 LTUpdater; C:\Users\skhen\AppData\Local\LocalTemperature\LT_Updater.exe [493480 2015-03-27] (Core Systems)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-02-19] (McAfee, Inc.)
R3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S2 mhnv; c:\windows\mhnv.exe [458240 2015-03-29] () [File not signed]
S2 MixVideoPlayerUpdaterService; C:\Program Files (x86)\MixVideoPlayer\MixVideoPlayerUpdaterService.exe [11776 2015-03-24] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [711168 2015-03-29] () [File not signed]
R2 WebWatcherProxy; C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe [1526000 2015-03-16] (WebWatcher)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-29] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 mwiynzm4ndy1yjz; C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys [50504 2015-01-15] (Windows ® Win 7 DDK provider)
R0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
R1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 22:46 - 2015-03-29 22:47 - 00042485 _____ () C:\Users\skhen\Downloads\FRST.txt
2015-03-29 22:46 - 2015-03-29 22:46 - 00000000 ____D () C:\FRST
2015-03-29 22:45 - 2015-03-29 22:45 - 02095616 _____ (Farbar) C:\Users\skhen\Downloads\FRST64.exe
2015-03-29 22:38 - 2015-03-29 22:38 - 00003466 _____ () C:\Windows\System32\Tasks\avaavxvyex
2015-03-29 22:38 - 2015-03-29 22:38 - 00000000 ____D () C:\Users\skhen\AppData\Local\avaavxvyex
2015-03-29 22:37 - 2015-03-29 22:38 - 00000000 ____D () C:\Users\skhen\AppData\Local\SearchProtect
2015-03-29 22:37 - 2015-03-29 22:38 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2015-03-29 22:34 - 2015-03-29 22:34 - 00003436 _____ () C:\Windows\System32\Tasks\NetEngine
2015-03-29 22:34 - 2015-03-29 22:34 - 00000000 ____D () C:\ProgramData\NetEngine
2015-03-29 22:30 - 2015-03-29 22:37 - 00000000 ____D () C:\Users\skhen\AppData\Local\MovieWizard
2015-03-29 22:30 - 2015-03-29 22:31 - 00000000 ____D () C:\Users\skhen\AppData\Local\mixvideoplayer
2015-03-29 22:30 - 2015-03-29 22:30 - 00001972 _____ () C:\Users\skhen\Desktop\MixVideoPlayer.lnk
2015-03-29 22:30 - 2015-03-29 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixVideoPlayer
2015-03-29 22:29 - 2015-03-29 22:32 - 00000000 ____D () C:\Users\skhen\AppData\Local\gmsd_us_357
2015-03-29 22:29 - 2015-03-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Umtayyznhndq1ntz
2015-03-29 22:29 - 2015-03-29 22:29 - 00000000 ____D () C:\Program Files (x86)\Salus
2015-03-29 22:29 - 2015-03-29 22:29 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_357
2015-03-29 22:28 - 2015-03-29 22:29 - 00004082 _____ () C:\Windows\System32\Tasks\Crossbrowse
2015-03-29 22:28 - 2015-03-29 22:29 - 00000000 ____D () C:\Users\skhen\AppData\Local\Crossbrowse
2015-03-29 22:28 - 2015-03-29 22:29 - 00000000 ____D () C:\ProgramData\WSpEPYm
2015-03-29 22:28 - 2015-03-29 22:29 - 00000000 ____D () C:\Program Files (x86)\Smwyyntm1ndi1zdz
2015-03-29 22:28 - 2015-03-29 22:28 - 00001056 _____ () C:\Windows\Tasks\Crossbrowse.job
2015-03-29 22:27 - 2015-03-29 22:27 - 00009704 _____ () C:\Windows\SysWOW64\WebWatcherProxyOff.ini
2015-03-29 22:27 - 2015-03-29 22:27 - 00009704 _____ () C:\Windows\system32\WebWatcherProxyOff.ini
2015-03-29 22:27 - 2015-03-29 22:27 - 00004086 _____ () C:\Windows\System32\Tasks\SysHealth_Controller_Mon
2015-03-29 22:27 - 2015-03-29 22:27 - 00002405 _____ () C:\Users\Public\Desktop\Crossbrowse.lnk
2015-03-29 22:27 - 2015-03-29 22:27 - 00000000 ____D () C:\Users\skhen\AppData\Local\WebWatcherProxy
2015-03-29 22:27 - 2015-03-29 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-03-29 22:27 - 2015-03-29 22:27 - 00000000 ____D () C:\Program Files (x86)\HealthcareGovTool
2015-03-29 22:26 - 2015-03-29 22:30 - 00000000 ____D () C:\Program Files (x86)\MixVideoPlayer
2015-03-29 22:26 - 2015-03-29 22:26 - 00003020 _____ () C:\Windows\System32\Tasks\Startup Time Check
2015-03-29 22:26 - 2015-03-29 22:26 - 00002994 _____ () C:\Windows\System32\Tasks\ObronaCleanerUacSkip
2015-03-29 22:26 - 2015-03-29 22:26 - 00001131 _____ () C:\Users\skhen\Desktop\OBRONA Cleaner.lnk
2015-03-29 22:26 - 2015-03-29 22:26 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OBRONA Cleaner
2015-03-29 22:26 - 2015-03-29 22:26 - 00000000 ____D () C:\Users\skhen\AppData\Local\Obrona Cleaner
2015-03-29 22:26 - 2015-03-29 22:26 - 00000000 ____D () C:\Program Files (x86)\Crossbrowse
2015-03-29 22:26 - 2015-03-12 17:50 - 00372472 _____ (WebWatcher) C:\Windows\system32\WebWatcherLSP64.dll
2015-03-29 22:26 - 2015-03-12 17:50 - 00326000 _____ (WebWatcher) C:\Windows\SysWOW64\WebWatcherLSP.dll
2015-03-29 22:25 - 2015-03-29 22:29 - 00000000 ____D () C:\ProgramData\MovieWizard
2015-03-29 22:25 - 2015-03-29 22:27 - 00000000 ____D () C:\Program Files (x86)\SysFiles
2015-03-29 22:25 - 2015-03-29 22:25 - 00742912 _____ () C:\Windows\hnv.dat
2015-03-29 22:25 - 2015-03-29 22:25 - 00521216 _____ () C:\Windows\hnv.exe
2015-03-29 22:25 - 2015-03-29 22:25 - 00458240 _____ () C:\Windows\mhnv.exe
2015-03-29 22:25 - 2015-03-29 22:25 - 00000000 ____D () C:\Windows\SysHealthController
2015-03-29 22:25 - 2015-03-29 22:25 - 00000000 ____D () C:\Windows\SysFilesController
2015-03-29 22:25 - 2015-03-29 22:25 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RinoReader
2015-03-29 22:25 - 2015-03-29 22:25 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Local Temperature
2015-03-29 22:25 - 2015-03-29 22:25 - 00000000 ____D () C:\Users\skhen\AppData\Local\LocalTemperature
2015-03-29 22:25 - 2015-03-29 22:25 - 00000000 ____D () C:\Program Files (x86)\RinoReader
2015-03-29 22:24 - 2015-03-29 22:24 - 00563104 _____ () C:\Users\skhen\Downloads\Setup.exe
2015-03-27 23:13 - 2015-03-29 22:10 - 00011010 _____ () C:\Users\skhen\Desktop\Case Study - Milk Shake.xlsx
2015-03-26 19:43 - 2015-03-28 11:37 - 00000336 _____ () C:\Windows\setupact.log
2015-03-26 19:43 - 2015-03-26 19:43 - 00000304 _____ () C:\Windows\PFRO.log
2015-03-26 19:43 - 2015-03-26 19:43 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-24 19:39 - 2015-03-10 23:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 19:39 - 2015-03-10 23:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 19:39 - 2015-03-10 23:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 19:39 - 2015-03-10 23:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 19:39 - 2015-03-10 23:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 19:39 - 2015-03-10 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 19:39 - 2015-03-10 23:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 19:39 - 2015-03-10 23:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-21 20:38 - 2015-03-29 22:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-13 17:43 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-03-11 07:33 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 07:33 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 07:33 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 07:33 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 07:33 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 07:33 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 07:33 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 07:33 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 07:33 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 07:33 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 07:32 - 2015-02-02 22:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 07:32 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 07:32 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 07:32 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 07:32 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 07:32 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 07:32 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 07:32 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 07:32 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 07:32 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 07:32 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 07:32 - 2015-02-02 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 07:32 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 07:32 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 07:32 - 2015-02-02 22:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 07:32 - 2015-02-02 22:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 07:32 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 07:32 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 07:32 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 07:32 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 07:32 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 07:32 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 07:32 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 07:32 - 2015-02-02 22:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 07:32 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 07:32 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 07:32 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 07:32 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 07:31 - 2015-03-06 00:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 07:31 - 2015-03-06 00:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 07:31 - 2015-03-06 00:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 07:31 - 2015-03-06 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 07:31 - 2015-03-06 00:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 07:31 - 2015-03-06 00:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 07:31 - 2015-03-06 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 07:31 - 2015-03-06 00:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 07:31 - 2015-03-06 00:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 07:31 - 2015-03-06 00:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 07:31 - 2015-03-06 00:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 07:31 - 2015-03-06 00:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 07:31 - 2015-03-06 00:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 07:31 - 2015-03-06 00:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 07:31 - 2015-03-06 00:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 07:31 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 07:31 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 07:31 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 07:31 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 07:31 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 07:31 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 07:31 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 07:31 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 07:31 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 07:30 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 07:30 - 2015-02-23 22:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 07:30 - 2015-02-23 21:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 07:30 - 2015-02-20 20:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 07:30 - 2015-02-20 19:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 07:30 - 2015-02-20 19:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 07:30 - 2015-02-20 19:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 07:30 - 2015-02-20 19:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 07:30 - 2015-02-20 18:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 07:30 - 2015-02-20 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 07:30 - 2015-02-19 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 07:30 - 2015-02-19 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 07:30 - 2015-02-19 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 07:30 - 2015-02-19 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 07:30 - 2015-02-19 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 07:30 - 2015-02-19 21:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 07:30 - 2015-02-19 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 07:30 - 2015-02-19 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 07:30 - 2015-02-19 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 07:30 - 2015-02-19 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 07:30 - 2015-02-19 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 07:30 - 2015-02-19 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 07:30 - 2015-02-19 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 07:30 - 2015-02-19 21:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 07:30 - 2015-02-19 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 07:30 - 2015-02-19 21:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 07:30 - 2015-02-19 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 07:30 - 2015-02-19 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 07:30 - 2015-02-19 21:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 07:30 - 2015-02-19 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 07:30 - 2015-02-19 21:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 07:30 - 2015-02-19 21:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 07:30 - 2015-02-19 21:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 07:30 - 2015-02-19 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 07:30 - 2015-02-19 21:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 07:30 - 2015-02-19 21:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 07:30 - 2015-02-19 21:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 07:30 - 2015-02-19 20:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 07:30 - 2015-02-19 20:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 07:30 - 2015-02-19 20:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 07:30 - 2015-02-19 20:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 07:30 - 2015-02-19 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 07:30 - 2015-02-19 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 07:30 - 2015-02-19 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 07:30 - 2015-02-19 20:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 07:30 - 2015-02-19 20:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 07:30 - 2015-02-19 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 07:30 - 2015-02-19 20:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 07:30 - 2015-02-19 20:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 07:30 - 2015-02-19 20:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 07:30 - 2015-02-19 20:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 07:30 - 2015-02-19 20:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 07:30 - 2015-02-19 20:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 07:30 - 2015-02-19 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 07:30 - 2015-02-19 20:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 07:30 - 2015-02-19 19:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 07:30 - 2015-02-19 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 07:30 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 07:30 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 17:23 - 2015-03-10 17:23 - 00994424 _____ () C:\Users\skhen\Downloads\VzSpeedOptimizer100.exe
2015-03-09 17:49 - 2015-03-09 17:50 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
2015-03-09 17:46 - 2015-03-09 17:47 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2015-03-09 17:42 - 2015-03-09 17:42 - 00000000 ____D () C:\Users\skhen\Desktop\OpenOffice.org 3.4 (en-US) Installation Files
2015-03-09 16:11 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-09 16:11 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-09 16:10 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-09 16:10 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-09 16:10 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-09 16:10 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-09 15:48 - 2015-03-26 19:41 - 00000000 ____D () C:\Users\skhen\Documents\CC Cleaner Backup
2015-03-09 15:45 - 2015-03-26 19:40 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-09 15:45 - 2015-03-26 19:40 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-09 15:45 - 2015-03-09 15:45 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-09 15:44 - 2015-03-09 15:44 - 05325696 _____ (Piriform Ltd) C:\Users\skhen\Downloads\ccsetup503.exe
2015-03-09 15:31 - 2015-03-09 15:31 - 00001764 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-09 15:31 - 2015-03-09 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-09 15:30 - 2015-03-09 15:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-09 15:30 - 2015-03-09 15:31 - 00000000 ____D () C:\Program Files\iTunes
2015-03-09 15:30 - 2015-03-09 15:30 - 00000000 ____D () C:\Program Files\iPod
2015-03-09 15:30 - 2015-03-09 15:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-09 15:24 - 2015-03-09 15:24 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\ooVoo Details
2015-03-09 14:57 - 2015-03-09 14:58 - 00000256 _____ () C:\lxdx.log
2015-03-07 17:59 - 2015-03-07 17:59 - 00000000 ____D () C:\Users\skhen\AppData\Local\{2ED91697-7FCD-4E8C-9926-7E77B8EBA22E}
2015-03-07 17:55 - 2015-03-07 17:55 - 00000000 ____D () C:\Users\skhen\AppData\Local\{5304DB86-4BC3-4940-B8AA-1FDAB6047E43}
2015-03-07 17:49 - 2015-03-07 17:49 - 00000000 ____D () C:\Users\skhen\AppData\Local\{21FF81F4-BB4C-4D83-9B45-E4D6C2672384}
2015-03-07 17:48 - 2015-03-07 17:48 - 00000000 ____D () C:\Users\skhen\AppData\Local\{4073C27D-EA8D-4913-9B67-B5CA3D0956CB}
2015-03-05 11:25 - 2015-03-05 11:25 - 00000000 ____D () C:\Users\skhen\Documents\My Meeting Files
2015-03-05 11:18 - 2015-03-09 14:39 - 00000000 ____D () C:\Program Files (x86)\InterCall Unified Meeting
2015-03-05 11:16 - 2015-03-09 14:39 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\Meeting Center
2015-03-01 21:14 - 2015-03-01 21:14 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\Verizon

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 22:46 - 2014-02-15 07:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2a49182d66c4.job
2015-03-29 22:36 - 2015-01-18 11:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-29 22:35 - 2013-08-17 21:08 - 00000000 _____ () C:\END
2015-03-29 22:33 - 2013-12-07 10:17 - 00003122 _____ () C:\Users\skhen\Desktop\Rkill.txt
2015-03-29 22:31 - 2013-12-07 10:17 - 00000000 ____D () C:\Users\skhen\Desktop\rkill
2015-03-29 22:29 - 2012-10-26 19:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 22:10 - 2012-05-14 02:22 - 01919981 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 22:04 - 2012-08-10 06:55 - 07276630 _____ () C:\FaceProv.log
2015-03-29 22:04 - 2012-05-14 02:54 - 00000000 ____D () C:\ProgramData\VeriFace
2015-03-29 21:33 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 21:33 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 21:27 - 2012-05-14 02:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-29 00:04 - 2015-02-17 20:48 - 00000000 ____D () C:\Users\skhen\AppData\Local\Popcorn-Time
2015-03-26 20:49 - 2014-05-26 10:14 - 00000000 ___RD () C:\Users\skhen\Google Drive
2015-03-26 20:49 - 2012-05-14 03:01 - 00311376 _____ () C:\Windows\system32\fastboot.set
2015-03-26 20:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 19:43 - 2009-07-14 00:08 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 19:40 - 2014-06-03 20:39 - 00000000 ____D () C:\Windows\Minidump
2015-03-26 19:40 - 2012-09-14 21:01 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\Media Player Classic
2015-03-25 19:24 - 2012-08-09 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-25 19:22 - 2014-12-10 09:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 19:22 - 2014-05-07 20:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-23 06:51 - 2013-06-27 18:04 - 00000000 ____D () C:\Users\skhen\Documents\4621 Palm Valley
2015-03-20 20:36 - 2012-10-26 19:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-20 20:36 - 2012-08-09 19:24 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-20 20:36 - 2012-08-09 19:24 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-17 20:50 - 2009-07-14 00:13 - 00006210 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-13 20:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 17:43 - 2012-05-14 02:55 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-13 16:48 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-11 08:08 - 2009-07-13 23:45 - 00453880 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 07:54 - 2012-10-16 20:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 07:44 - 2013-08-15 06:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 07:38 - 2012-08-10 08:17 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 07:36 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-03-09 19:56 - 2012-08-10 07:01 - 00118552 _____ () C:\Users\skhen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-09 19:46 - 2014-05-26 10:13 - 00001972 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-03-09 19:46 - 2014-05-26 10:13 - 00001960 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-03-09 19:46 - 2014-05-26 10:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-09 19:46 - 2014-05-26 10:12 - 00001970 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-03-09 17:53 - 2012-10-16 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-09 15:47 - 2011-02-24 12:03 - 00000000 ____D () C:\Windows\Panther
2015-03-09 15:40 - 2012-08-10 06:55 - 00000000 ____D () C:\Users\skhen
2015-03-09 15:30 - 2012-08-23 06:19 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-09 15:14 - 2012-12-19 18:30 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\AVS4YOU
2015-03-09 15:11 - 2012-12-09 21:05 - 00000000 ____D () C:\Seagate
2015-03-09 14:59 - 2014-02-13 07:25 - 00000205 _____ () C:\Windows\wininit.ini
2015-03-09 14:58 - 2014-03-02 17:21 - 00000000 ____D () C:\Program Files\EpsonNet
2015-03-09 14:58 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-09 14:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-09 14:46 - 2014-06-04 22:07 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\LG Electronics
2015-03-09 14:46 - 2014-06-04 22:06 - 00000000 ____D () C:\Users\skhen\AppData\Local\LG Electronics
2015-03-09 14:39 - 2015-01-21 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-09 14:39 - 2012-08-22 19:44 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2015-03-09 14:39 - 2012-08-10 06:56 - 00000000 ____D () C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-03-09 14:39 - 2012-05-14 02:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-09 14:39 - 2012-05-14 02:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-09 14:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-03-09 14:38 - 2012-08-09 19:14 - 00000000 ____D () C:\Users\skhen\AppData\Local\Google
2015-03-09 14:37 - 2012-10-16 20:48 - 00000000 __RHD () C:\MSOCache
2015-03-04 08:33 - 2012-08-25 21:52 - 00000000 ____D () C:\Users\skhen\Documents\TK Khen
2015-02-28 10:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing

==================== Files in the root of some directories =======

2014-02-25 21:02 - 2014-02-25 21:02 - 0893239 _____ () C:\Users\skhen\AppData\Local\a.zip
2014-02-25 21:02 - 2014-02-25 21:02 - 2162416 _____ (Catalina Marketing Corp) C:\Users\skhen\AppData\Local\BcsKtYcHW.dll
2013-08-23 20:24 - 2013-08-23 20:24 - 0003584 _____ () C:\Users\skhen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-19 07:14 - 2015-01-04 11:32 - 0007611 _____ () C:\Users\skhen\AppData\Local\Resmon.ResmonCfg
2014-03-24 13:37 - 2014-03-24 13:37 - 0000057 _____ () C:\ProgramData\Ament.ini

Some content of TEMP:
====================
C:\Users\skhen\AppData\Local\Temp\3235.exe
C:\Users\skhen\AppData\Local\Temp\localtemp_installer.exe
C:\Users\skhen\AppData\Local\Temp\SpOrder.dll
C:\Users\skhen\AppData\Local\Temp\uobnyv04ydl6.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 21:34

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by skhen at 2015-03-29 22:48:53
Running from C:\Users\skhen\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2201.41622 - ABBYY Software House)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
Crossbrowse (HKLM-x32\...\Crossbrowse) (Version: 39.4.2171.95 - The Crossbrowse Authors)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 7.0.3.9 - Lenovo)
Energy Management (x32 Version: 7.0.3.9 - Lenovo) Hidden
GamesDesktop 025.357 (HKLM-x32\...\gmsd_us_357_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HealthcareGovTool (HKLM-x32\...\HealthcareGovTool) (Version: 1.0.0.0 - healthcaregovtool)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\HP Photo Creations) (Version: 1.0.0.17422 - HP)
HP Photo Creations (HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HP Photo Creations) (Version: 1.0.0.17422 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
IHA_MessageCenter (HKLM-x32\...\{834265C4-CDF4-44D3-BD24-31531617EFB8}) (Version: 1.8.70 - Verizon)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2626 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7FCB8D5D-9396-4D17-8CFA-349D6D49CD32}) (Version: 3.0.13.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{FDB0A81A-1173-4B15-BEA4-89FEA0474F17}) (Version: 1.00.0108 - Lenovo)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
jZip (HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\jZip) (Version: 2.0.0.130920 - Bandoo Media Inc) <==== ATTENTION
jZip (HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\jZip) (Version: 2.0.0.130920 - Bandoo Media Inc) <==== ATTENTION
K-Lite Codec Pack 9.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Lenovo CAPOSD (HKLM-x32\...\InstallShield_{48F851E7-DD0C-4A35-AD7A-57878023E987}) (Version: 1.0.0.6 - Lenovo)
Lenovo CAPOSD (x32 Version: 1.0.0.6 - Lenovo) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.1206.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.9 - Lenovo)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.3712 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.3712 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Local Temperature (HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Local Temperature) (Version: 1.0.0.2 - Local Temperature LLC)
Local Temperature (HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Local Temperature) (Version: 1.0.0.2 - Local Temperature LLC)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MixVideoPlayer (HKLM-x32\...\MixVideoPlayer) (Version: v1.0.0.9 - SoftForce LLC)
Movie Wizard (HKLM-x32\...\MovieWizard) (Version: 2.7.63 - Small Island Development) <==== ATTENTION
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nsd (HKLM-x32\...\{4677B88C-CE16-4CBB-A2CB-B76E9D456C7F}) (Version: 1.0.1.7 - Lenovo)
OBRONA Cleaner (HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\ObronaCleaner) (Version: 1.1.22 - Download Sp. z o. o.)
OBRONA Cleaner (HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ObronaCleaner) (Version: 1.1.22 - Download Sp. z o. o.)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.9 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.9 - Lenovo) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Popcorn Time (HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Popcorn Time) (Version:  - Popcorn Official)
Popcorn Time (HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Popcorn Time) (Version:  - Popcorn Official)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39015 - Realtek Semiconductor Corp.)
RinoReader (HKLM-x32\...\RinoReader) (Version: 0.1 - RinoReader)
Salus (HKLM-x32\...\Salus) (Version: 2.03.29.0 - Salus) <==== ATTENTION!
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.22.0.160 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.33.0 - Synaptics Incorporated)
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.1.1230 - Lenovo)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.35.0 - Verizon)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/15/2011 7.1.0.1) (HKLM\...\99841829BE839365AA67B2AD0E50D371F59F8A1E) (Version: 12/15/2011 7.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPrograms (HKLM-x32\...\WebWatcherInstall) (Version:  - )
WinPrograms (HKLM-x32\...\WinPrograms) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-03-2015 07:34:29 Windows Update
19-03-2015 21:04:28 Scheduled Checkpoint
20-03-2015 20:33:35 McAfee Vulnerability Scanner
25-03-2015 06:05:27 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {067C247A-F9D7-4457-B7AC-8475CCCEFDF2} - System32\Tasks\SysHealth_Controller_Mon => C:\Windows\SysFilesController\SysFiles_backup.exe [2015-03-17] ()
Task: {1706E1C0-75D2-4EF7-913D-DB8453A0BEF2} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1A075C76-774B-4134-BCC5-5F441E879A37} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2a49182d66c4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {20AC5538-CAFB-474D-B996-F048BCF8BA88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {3AEC476F-F057-4595-994D-5B56BDE422DE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {3D6EA8AF-8892-4C19-B8DB-1021156B9553} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29] (CyberLink)
Task: {43986174-68FE-4C13-88A2-72FC5D843F56} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {49FE51C2-898B-4391-8AFD-A9B4A97BDE63} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
Task: {717C25EA-FF41-4081-AF85-72467F4F20ED} - System32\Tasks\ObronaCleanerUacSkip => C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe [2015-02-25] (Download Sp. z o. o.)
Task: {7CC1EC98-5259-4DEF-98F6-9631744DF582} - System32\Tasks\Startup Time Check => C:\Users\skhen\AppData\Local\Obrona Cleaner\startupTime.exe [2015-02-25] ()
Task: {96BCEB16-D815-4CC7-82EC-BE686BCA8B9D} - System32\Tasks\avaavxvyex => C:\Users\skhen\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ATTENTION
Task: {A5686C95-A290-4C7B-813C-35CFF4EAB36E} - System32\Tasks\{2031CF44-B993-4478-AA47-EF0C054BD815} => pcalua.exe -a C:\Users\skhen\Downloads\NetFx20SP2_ia64.exe -d C:\Users\skhen\Downloads
Task: {AF0948A7-9B6E-4855-BB9A-BFD989A6A2B8} - System32\Tasks\NetEngine => C:\ProgramData\NetEngine\bin\D2\netengine.exe [2015-03-29] ()
Task: {B9C967FD-7935-46CF-B81B-32FBB64D9755} - System32\Tasks\{EB599F76-D93A-4AC9-981A-C1EA84984ED9} => pcalua.exe -a C:\Users\skhen\Downloads\wlsetup-web.exe -d C:\Users\skhen\Downloads
Task: {C151866E-45FB-488F-B6FE-7A4A715FA61D} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-03-29] ()
Task: {DA325D40-222C-4F02-8B13-B5000A744510} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
Task: {FBB79C7B-F513-468E-9C7E-DB1BA046980C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2a49182d66c4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-05-14 02:38 - 2012-02-07 21:03 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-04-13 11:04 - 2008-06-13 10:04 - 00045568 _____ () C:\Windows\System32\LXF3PMON.DLL
2014-04-13 11:03 - 2008-06-13 10:06 - 00053248 _____ () C:\Windows\System32\LXF3OEM.DLL
2014-04-13 11:03 - 2008-06-13 10:04 - 00003584 _____ () C:\Windows\System32\LXF3PMRC.DLL
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-06-02 15:58 - 2011-06-02 15:58 - 00201568 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2011-06-02 15:59 - 2011-06-02 15:59 - 00156000 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2008-12-20 05:20 - 2012-05-14 03:01 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-03-28 16:34 - 2012-05-14 03:01 - 01509936 _____ () C:\Program Files (x86)\Lenovo\Energy Management\EMWpfUI.dll
2008-12-20 05:20 - 2012-05-14 03:01 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-05-14 02:52 - 2012-05-14 02:52 - 00099680 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2012-05-14 02:52 - 2011-12-08 13:12 - 00291272 _____ () C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe
2012-02-06 03:57 - 2012-01-18 18:48 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-03-29 22:29 - 2015-03-26 14:46 - 03982504 _____ () C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe
2015-03-29 22:29 - 2015-03-26 14:46 - 03310760 _____ () C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe
2015-03-29 00:06 - 2015-03-29 00:06 - 02391040 _____ () C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe
2015-03-29 00:04 - 2015-03-29 00:04 - 00711168 _____ () C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
2015-03-29 00:03 - 2015-03-29 00:03 - 00440320 _____ () C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe
2015-03-24 06:22 - 2015-03-24 06:22 - 00114688 _____ () C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe
2015-03-29 22:33 - 2015-03-29 22:33 - 00708096 _____ () C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp\majmp_gentleeeuu.tmp
2015-03-29 22:33 - 2015-03-29 22:33 - 00708096 _____ () C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp\gentlemjmp_ieeuu.tmp
2015-03-29 22:34 - 2015-03-29 22:34 - 00082408 _____ () C:\ProgramData\NetEngine\bin\D2\netengine.exe
2011-06-02 15:57 - 2011-06-02 15:57 - 00161120 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2011-06-02 15:58 - 2011-06-02 15:58 - 00132448 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2012-05-14 02:54 - 2012-05-14 02:54 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2011-06-28 01:28 - 2011-06-28 01:28 - 00042496 _____ () C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\QTKB.dll
2012-05-14 02:38 - 2012-02-07 20:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-08 08:03 - 2014-10-08 08:03 - 00879104 _____ () C:\Users\skhen\AppData\Local\Obrona Cleaner\platforms\qwindows.dll
2014-10-08 08:01 - 2014-10-08 08:01 - 00021504 _____ () C:\Users\skhen\AppData\Local\Obrona Cleaner\imageformats\qico.dll
2014-10-08 08:01 - 2014-10-08 08:01 - 00021504 _____ () C:\Users\skhen\AppData\Local\Obrona Cleaner\imageformats\qgif.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-29 22:27 - 2015-03-04 11:31 - 01070592 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.4.2171.95\libglesv2.dll
2015-03-29 22:27 - 2015-03-04 11:31 - 00204800 _____ () C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.4.2171.95\libegl.dll
2015-03-29 22:33 - 2014-11-13 08:16 - 00205312 _____ () C:\Users\skhen\AppData\Local\Temp\is-QGPH9.tmp\itdownload.dll
2015-03-29 22:33 - 2014-11-13 08:22 - 00873472 _____ () C:\Users\skhen\AppData\Local\Temp\is-QGPH9.tmp\w8white.cjstyles

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WebWatcherProxy => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\skhen\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\skhen\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-612915989-2409368463-2658966652-500 - Administrator - Disabled)
Guest (S-1-5-21-612915989-2409368463-2658966652-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-612915989-2409368463-2658966652-1002 - Limited - Enabled)
skhen (S-1-5-21-612915989-2409368463-2658966652-1000 - Administrator - Enabled) => C:\Users\skhen

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/29/2015 10:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x6128
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (03/29/2015 01:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031

Error: (03/29/2015 01:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031

Error: (03/29/2015 01:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 01:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017

Error: (03/29/2015 01:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017

Error: (03/29/2015 01:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 01:10:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (03/29/2015 01:10:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019

Error: (03/29/2015 01:10:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (03/29/2015 10:31:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The mhnv service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/29/2015 10:31:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hnv service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/29/2015 09:20:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/29/2015 09:20:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/29/2015 09:20:07 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/29/2015 09:20:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/29/2015 09:20:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (03/29/2015 09:20:06 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (03/29/2015 09:38:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (03/29/2015 09:38:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535


Microsoft Office Sessions:
=========================
Error: (03/29/2015 10:25:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.4.5557550d0883mozalloc.dll36.0.4.5557550cfa828000000300001e02612801d06a991ef7e0a8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll750ab1ed-d68c-11e4-8001-047d7b8dd13e

Error: (03/29/2015 01:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031

Error: (03/29/2015 01:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031

Error: (03/29/2015 01:10:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 01:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9017

Error: (03/29/2015 01:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9017

Error: (03/29/2015 01:10:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/29/2015 01:10:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019

Error: (03/29/2015 01:10:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019

Error: (03/29/2015 01:10:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-12-07 09:22:40.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 09:22:40.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-07 09:22:40.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2370M CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 6004.11 MB
Available physical RAM: 2929.25 MB
Total Pagefile: 12006.4 MB
Available Pagefile: 8145.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:653.44 GB) (Free:565.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.47 GB) (Free:21.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5208914F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.5 GB) - (Type=12)

==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 stirfry

stirfry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 29 March 2015 - 11:26 PM

More stuff being installed: Cross Browse, WinPrograms, Search Protect, Movie Wizzard, Healthcare Gov Tool, Local Temperature.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 30 March 2015 - 10:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using the Add/Remove programs applet delete these programs in bold.

Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
GamesDesktop 025.357 (HKLM-x32\...\gmsd_us_357_is1) (Version: - GAMESDESKTOP) <==== ATTENTION
jZip (HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\jZip) (Version: 2.0.0.130920 - Bandoo Media Inc) <==== ATTENTION
jZip (HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\jZip) (Version: 2.0.0.130920 - Bandoo Media Inc) <==== ATTENTION
Movie Wizard (HKLM-x32\...\MovieWizard) (Version: 2.7.63 - Small Island Development) <==== ATTENTION
Salus (HKLM-x32\...\Salus) (Version: 2.03.29.0 - Salus) <==== ATTENTION!
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.22.0.160 - Client Connect LTD) <==== ATTENTION
Uninstall Helper (HKLM-x32\...\Uninstall Helper 2.0.1.0) (Version: 2.0.1.0 - InstallX, LLC) <==== ATTENTION
Uninstall Helper (x32 Version: 2.0.1.0 - InstallX, LLC) Hidden <==== ATTENTION


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CreateRestorePoint:
CloseProcesses:

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Core Systems) C:\Users\skhen\AppData\Local\LocalTemperature\LT_Updater.exe
(Local Temperature, LLC) C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe
(Download Sp. z o. o.) C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe
(WebWatcher) C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe
() C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe
() C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe
(Small Island Development) C:\ProgramData\WSpEPYm\HgUmpYtm.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe
() C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe
() C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe
(                                                            ) C:\Users\skhen\AppData\Local\gmsd_us_357\Download\majmp_gentleeeuu.exe
() C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp\majmp_gentleeeuu.tmp
(                                                            ) C:\Users\skhen\AppData\Local\Temp\is-PD9L2.tmp\gentlemjmp_ieeuu.exe
() C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp\gentlemjmp_ieeuu.tmp
() C:\ProgramData\NetEngine\bin\D2\netengine.exe
() C:\ProgramData\NetEngine\bin\D2\netengine.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe [2391040 2015-03-29] ()
HKLM-x32\...\Run: [gmsd_us_357] => C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe [3982504 2015-03-26] ()
HKLM-x32\...\Run: [CrashMon] => C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe [440320 2015-03-29] ()
HKLM-x32\...\RunOnce: [upgmsd_us_357.exe] => C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe [3310760 2015-03-26] ()
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [Obrona Cleaner] => C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe [1380632 2015-02-25] (Download Sp. z o. o.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-04] (Crossbrowse)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Obrona Cleaner] => C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe [1380632 2015-02-25] (Download Sp. z o. o.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-04] (Crossbrowse)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-03-16] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk
ShortcutTarget: WebBrowserMixVideoPlayer.lnk -> C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe ()
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local Temperature.lnk
ShortcutTarget: Local Temperature.lnk -> C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe (Local Temperature, LLC)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV=
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV=
BHO: HealthcareGovTool -> {E54A132C-6775-4A03-9803-43563D492B91} -> C:\Program Files (x86)\HealthcareGovTool\ScriptHost64.dll [2015-02-25] (healthcaregovtool)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HealthcareGovTool -> {E54A132C-6775-4A03-9803-43563D492B91} -> C:\Program Files (x86)\HealthcareGovTool\ScriptHost.dll [2015-02-25] (healthcaregovtool)
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9-x64 01 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 02 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 03 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 04 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 15 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV=
FF SelectedSearchEngine: Trovi
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF SearchPlugin: C:\Users\skhen\AppData\Roaming\Mozilla\Firefox\Profiles\5c34zbnq.default-1411556988775\searchplugins\trovi.xml [2015-03-29]
FF Extension: Healthcare Gov Tool - C:\Program Files (x86)\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
FF Extension: Healthcare Gov Tool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV="
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-03-16] (Client Connect LTD)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 HgUmpYtm; C:\ProgramData\WSpEPYm\HgUmpYtm.exe [2733552 2015-03-29] (Small Island Development)
S2 hnv; c:\windows\hnv.exe [521216 2015-03-29] () [File not signed]
R2 LTUpdater; C:\Users\skhen\AppData\Local\LocalTemperature\LT_Updater.exe [493480 2015-03-27] (Core Systems)
S2 mhnv; c:\windows\mhnv.exe [458240 2015-03-29] () [File not signed]
S2 MixVideoPlayerUpdaterService; C:\Program Files (x86)\MixVideoPlayer\MixVideoPlayerUpdaterService.exe [11776 2015-03-24] () [File not signed]
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [711168 2015-03-29] () [File not signed]
R2 WebWatcherProxy; C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe [1526000 2015-03-16] (WebWatcher)
R1 mwiynzm4ndy1yjz; C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys [50504 2015-01-15] (Windows ® Win 7 DDK provider)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U3 SQLWriter; No ImagePath
C:\Users\skhen\AppData\Local\Temp\3235.exe
C:\Users\skhen\AppData\Local\Temp\localtemp_installer.exe
C:\Users\skhen\AppData\Local\Temp\SpOrder.dll
C:\Users\skhen\AppData\Local\Temp\uobnyv04ydl6.exe
Task: {96BCEB16-D815-4CC7-82EC-BE686BCA8B9D} - System32\Tasks\avaavxvyex => C:\Users\skhen\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <==== ATTENTION
C:\Users\skhen\AppData\Local\avaavxvyex
C:\Program Files (x86)\Coupons
C:\Users\skhen\AppData\Local\LocalTemperature
C:\Users\skhen\AppData\Local\Obrona Cleaner
C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe
C:\Program Files (x86)\gmsd_us_357
C:\ProgramData\WSpEPYm
C:\Program Files (x86)\Crossbrowse
C:\Program Files (x86)\Smwyyntm1ndi1zdz
C:\Program Files (x86)\MixVideoPlayer
C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp
C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp
C:\ProgramData\NetEngine
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\HealthcareGovTool

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 stirfry

stirfry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 30 March 2015 - 07:47 PM

Hi -

 

Completed all the instructions.  The computer is running good but for some reason my browser home page keeps going to a different homepage even when I default it to google.com.

 

Below is the Fixlog. txt and AdsCleaner report:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by skhen at 2015-03-30 19:21:12 Run:1
Running from C:\Users\skhen\Downloads
Loaded Profiles: skhen (Available profiles: skhen)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CreateRestorePoint:
CloseProcesses:

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Core Systems) C:\Users\skhen\AppData\Local\LocalTemperature\LT_Updater.exe
(Local Temperature, LLC) C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe
(Download Sp. z o. o.) C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe
(WebWatcher) C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe
() C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe
() C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe
(Small
Island Development) C:\ProgramData\WSpEPYm\HgUmpYtm.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe
(Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe
() C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe
() C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe
() C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe
(                                                            ) C:\Users\skhen\AppData\Local\gmsd_us_357\Download\majmp_gentleeeuu.exe
() C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp\majmp_gentleeeuu.tmp
(                                                            ) C:\Users\skhen\AppData\Local\Temp\is-PD9L2.tmp\gentlemjmp_ieeuu.exe
() C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp\gentlemjmp_ieeuu.tmp
()
C:\ProgramData\NetEngine\bin\D2\netengine.exe
() C:\ProgramData\NetEngine\bin\D2\netengine.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [mwyyntm1ndi1zdz] => C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe [2391040 2015-03-29] ()
HKLM-x32\...\Run: [gmsd_us_357] => C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe [3982504 2015-03-26] ()
HKLM-x32\...\Run: [CrashMon] => C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe [440320 2015-03-29] ()
HKLM-x32\...\RunOnce: [upgmsd_us_357.exe] => C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe [3310760 2015-03-26] ()
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [Obrona Cleaner] => C:\Users\skhen\AppData\Local\Obrona
Cleaner\ObronaCleaner.exe [1380632 2015-02-25] (Download Sp. z o. o.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\...\Run: [GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-04] (Crossbrowse)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Obrona Cleaner] => C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe [1380632 2015-02-25] (Download Sp. z o. o.)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-03-04] (Crossbrowse)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [263952 2015-03-16] (Client Connect
LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [223504 2015-03-16] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk
ShortcutTarget: WebBrowserMixVideoPlayer.lnk -> C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe ()
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
Startup: C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local Temperature.lnk
ShortcutTarget: Local Temperature.lnk -> C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe (Local Temperature, LLC)
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV=
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
http://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV=
BHO: HealthcareGovTool -> {E54A132C-6775-4A03-9803-43563D492B91} -> C:\Program Files (x86)\HealthcareGovTool\ScriptHost64.dll [2015-02-25] (healthcaregovtool)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HealthcareGovTool -> {E54A132C-6775-4A03-9803-43563D492B91} -> C:\Program Files
(x86)\HealthcareGovTool\ScriptHost.dll [2015-02-25] (healthcaregovtool)
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Winsock: Catalog9 01 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 02 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 03 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 04 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9 15 C:\Windows\SysWOW64\WebWatcherLSP.dll [326000] (WebWatcher)
Winsock: Catalog9-x64 01 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 02 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 03
C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 04 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
Winsock: Catalog9-x64 15 C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV=
FF SelectedSearchEngine: Trovi
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator ->
C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF SearchPlugin: C:\Users\skhen\AppData\Roaming\Mozilla\Firefox\Profiles\5c34zbnq.default-1411556988775\searchplugins\trovi.xml [2015-03-29]
FF Extension: Healthcare Gov Tool - C:\Program Files (x86)\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
FF Extension: Healthcare Gov Tool - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi [2015-02-25]
CHR StartupUrls: Default ->
"hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV="
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3251472 2015-03-16] (Client Connect LTD)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13]
(Coupons.com Inc.)
R2 HgUmpYtm; C:\ProgramData\WSpEPYm\HgUmpYtm.exe [2733552 2015-03-29] (Small Island Development)
S2 hnv; c:\windows\hnv.exe [521216 2015-03-29] () [File not signed]
R2 LTUpdater; C:\Users\skhen\AppData\Local\LocalTemperature\LT_Updater.exe [493480 2015-03-27] (Core Systems)
S2 mhnv; c:\windows\mhnv.exe [458240 2015-03-29] () [File not signed]
S2 MixVideoPlayerUpdaterService; C:\Program Files (x86)\MixVideoPlayer\MixVideoPlayerUpdaterService.exe [11776 2015-03-24] () [File not signed]
R2 UniversalUpdater; C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe [711168 2015-03-29] () [File not signed]
R2 WebWatcherProxy; C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe [1526000 2015-03-16] (WebWatcher)
R1 mwiynzm4ndy1yjz; C:\Windows\System32\drivers\mwiynzm4ndy1yjz.sys [50504 2015-01-15] (Windows ® Win 7 DDK provider)
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3
BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
U3 SQLWriter; No ImagePath
C:\Users\skhen\AppData\Local\Temp\3235.exe
C:\Users\skhen\AppData\Local\Temp\localtemp_installer.exe
C:\Users\skhen\AppData\Local\Temp\SpOrder.dll
C:\Users\skhen\AppData\Local\Temp\uobnyv04ydl6.exe
Task: {96BCEB16-D815-4CC7-82EC-BE686BCA8B9D} - System32\Tasks\avaavxvyex => C:\Users\skhen\AppData\Local\avaavxvyex\avaavxvyex.exe [2015-03-16] () <====
ATTENTION
C:\Users\skhen\AppData\Local\avaavxvyex
C:\Program Files (x86)\Coupons
C:\Users\skhen\AppData\Local\LocalTemperature
C:\Users\skhen\AppData\Local\Obrona Cleaner
C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe
C:\Program Files (x86)\gmsd_us_357
C:\ProgramData\WSpEPYm
C:\Program Files (x86)\Crossbrowse
C:\Program Files (x86)\Smwyyntm1ndi1zdz
C:\Program Files (x86)\MixVideoPlayer
C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp
C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp
C:\ProgramData\NetEngine
C:\Program Files (x86)\SearchProtect
C:\Program Files (x86)\HealthcareGovTool

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Coupons\CouponPrinterService.exe => No running process found
C:\Users\skhen\AppData\Local\LocalTemperature\LT_Updater.exe => No running process found
C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe => No running process found
C:\Users\skhen\AppData\Local\Obrona Cleaner\ObronaCleaner.exe => No running process found
[4268] C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe => Process closed successfully.
C:\Program Files (x86)\gmsd_us_357\gmsd_us_357.exe => No running process found
C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe => No running process found
(Small => Error: No automatic fix found for this entry.
Island Development) C:\ProgramData\WSpEPYm\HgUmpYtm.exe => Error: No automatic fix found for this entry.
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => No running process found
C:\Program Files (x86)\Smwyyntm1ndi1zdz\mwiynzm4ndy1yjz.exe => No running process found
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe => No running process found
C:\Program Files (x86)\Umtayyznhndq1ntz\mwmyzjmzngu1mdy.exe => No running process found
C:\Program Files (x86)\Umtayyznhndq1ntz\mtuyntm5ndy1yjy.exe => No running process found
C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe => No running process found
C:\Users\skhen\AppData\Local\gmsd_us_357\upgmsd_us_357.exe => No running process found
C:\Users\skhen\AppData\Local\gmsd_us_357\Download\majmp_gentleeeuu.exe => No running process found
C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp\majmp_gentleeeuu.tmp => No running process found
C:\Users\skhen\AppData\Local\Temp\is-PD9L2.tmp\gentlemjmp_ieeuu.exe => No running process found
C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp\gentlemjmp_ieeuu.tmp => No running process found
() => Error: No automatic fix found for this entry.
C:\ProgramData\NetEngine\bin\D2\netengine.exe => Moved successfully.
C:\ProgramData\NetEngine\bin\D2\netengine.exe => No running process found
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe => No running process found
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe => No running process found
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mwyyntm1ndi1zdz => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_357 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CrashMon => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_us_357.exe => Value not found.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Obrona Cleaner => Value not found.
Cleaner\ObronaCleaner.exe [1380632 2015-02-25] (Download Sp. z o. o.) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3 => Value not found.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Obrona Cleaner => Value not found.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_33DF5821ED5A7B65ABF6FE34EE86FBF3 => Value not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found.
LTD) => Error: No automatic fix found for this entry.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WebBrowserMixVideoPlayer.lnk not found.
C:\Program Files (x86)\MixVideoPlayer\BrowserWeb.exe not found.
C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk not found.
C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe not found.
C:\Users\skhen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Local Temperature.lnk not found.
C:\Users\skhen\AppData\Local\LocalTemperature\LocalTemperature.exe not found.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value not found.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
http://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV= => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-612915989-2409368463-2658966652-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E54A132C-6775-4A03-9803-43563D492B91}" => Key deleted successfully.
"HKCR\CLSID\{E54A132C-6775-4A03-9803-43563D492B91}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E54A132C-6775-4A03-9803-43563D492B91}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{E54A132C-6775-4A03-9803-43563D492B91}" => Key deleted successfully.
(x86)\HealthcareGovTool\ScriptHost.dll [2015-02-25] (healthcaregovtool) => Error: No automatic fix found for this entry.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
HKCR\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Value not found.
HKCR\CLSID\Toolbar: HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry 000000000003 => Deleted successfully.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Winsock: Catalog entry 000000000001 => Deleted successfully.
Winsock: Catalog entry 000000000002 => Deleted successfully.
Winsock: Catalog entry Winsock: Catalog9-x64 03 => Not found.
"C:\Windows\system32\WebWatcherLSP64.dll [372472] (WebWatcher)" => File/Directory not found.
Winsock: Catalog entry 000000000004 => Deleted successfully.
Winsock: Catalog entry 000000000015 => Deleted successfully.
Firefox homepage deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox newtab deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000\Software\MozillaPlugins\FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> => Key not found.
FF Plugin HKU\S-1-5-21-612915989-2409368463-2658966652-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> not found.
"C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)" => File/Directory not found.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator => Key not found.
C:\Users\skhen\AppData\Roaming\CATALI~1\NPBCSK~1.DLL not found.
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
C:\Users\skhen\AppData\Roaming\Mozilla\Firefox\Profiles\5c34zbnq.default-1411556988775\searchplugins\trovi.xml => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\healthcare@healthcaregovtool.com.xpi => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\healthcare@healthcaregovtool.com.xpi => Moved successfully.
Chrome StartupUrls not detected.
"hxxp://www.trovi.com/?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=55&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&D=033015&SSPV=" => Error: No automatic fix found for this entry.
Chrome DefaultSuggestURL not detected.
"HKU\S-1-5-21-612915989-2409368463-2658966652-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
HKU\S-1-5-21-612915989-2409368463-2658966652-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => Key not found.
CltMngSvc => Service not found.
CouponPrinterService => Service stopped successfully.
CouponPrinterService => Service deleted successfully.
(Coupons.com Inc.) => Error: No automatic fix found for this entry.
HgUmpYtm => Service deleted successfully.
hnv => Service deleted successfully.
LTUpdater => Service not found.
mhnv => Service deleted successfully.
MixVideoPlayerUpdaterService => Service not found.
UniversalUpdater => Service deleted successfully.
WebWatcherProxy => Service deleted successfully.
mwiynzm4ndy1yjz => Service stopped successfully.
mwiynzm4ndy1yjz => Service deleted successfully.
AndNetDiag => Service deleted successfully.
ANDNetModem => Service deleted successfully.
U3 => Error: No automatic fix found for this entry.
BcmSqlStartupSvc; No ImagePath => Error: No automatic fix found for this entry.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
IAStorDataMgrSvc => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
SPPD => Service not found.
SQLWriter => Service deleted successfully.
C:\Users\skhen\AppData\Local\Temp\3235.exe => Moved successfully.
C:\Users\skhen\AppData\Local\Temp\localtemp_installer.exe => Moved successfully.
C:\Users\skhen\AppData\Local\Temp\SpOrder.dll => Moved successfully.
C:\Users\skhen\AppData\Local\Temp\uobnyv04ydl6.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96BCEB16-D815-4CC7-82EC-BE686BCA8B9D} => Key not found.
C:\Windows\System32\Tasks\avaavxvyex not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavxvyex => Key not found.
ATTENTION => Error: No automatic fix found for this entry.
"C:\Users\skhen\AppData\Local\avaavxvyex" => File/Directory not found.
C:\Program Files (x86)\Coupons => Moved successfully.
"C:\Users\skhen\AppData\Local\LocalTemperature" => File/Directory not found.
C:\Users\skhen\AppData\Local\Obrona Cleaner => Moved successfully.
C:\Program Files (x86)\SysFiles\WebWatcherProxy.exe => Moved successfully.
"C:\Program Files (x86)\gmsd_us_357" => File/Directory not found.
C:\ProgramData\WSpEPYm => Moved successfully.
"C:\Program Files (x86)\Crossbrowse" => File/Directory not found.
C:\Program Files (x86)\Smwyyntm1ndi1zdz => Moved successfully.
"C:\Program Files (x86)\MixVideoPlayer" => File/Directory not found.
"C:\Users\skhen\AppData\Local\Temp\is-C3EHL.tmp" => File/Directory not found.
"C:\Users\skhen\AppData\Local\Temp\is-9GRL0.tmp" => File/Directory not found.
C:\ProgramData\NetEngine => Moved successfully.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\HealthcareGovTool" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 19:21:46 ====

 

 

 

 

 

AdwCleaner Report:

 

 

# AdwCleaner v4.200 - Logfile created 30/03/2015 at 19:38:07
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : skhen - SKHEN-PC
# Running from : C:\Users\skhen\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Salus
Folder Deleted : C:\Windows\Util
Folder Deleted : C:\Users\skhen\AppData\Local\jZip
Folder Deleted : C:\Users\skhen\AppData\Local\Crossbrowse
Folder Deleted : C:\Users\skhen\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\skhen\AppData\LocalLow\visi_coupon
Folder Deleted : C:\Users\skhen\AppData\LocalLow\YahooCouponAddOn

***** [ Scheduled tasks ] *****

Task Deleted : ObronaCleanerUacSkip
Task Deleted : Startup Time Check

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\OBRONA
Key Deleted : HKCU\Software\Crossbrowse
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Salus
Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
Key Deleted : HKLM\SOFTWARE\Crossbrowse
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.7

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.4 (x86 en-US)

[5c34zbnq.default-1411556988775\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename.US", "Trovi");

-\\ Google Chrome v41.0.2272.101

[C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\skhen\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3334642&octid=EB_ORIGINAL_CTID&ISID=MFA676F8C-B3B6-4040-8ECB-110A1392FCC0&SearchSource=58&CUI=&UM=8&UP=SPC4433A30-3702-4BFC-B361-EF5BD691BD84&q={searchTerms}&D=033015&SSPV=

*************************

AdwCleaner[R0].txt - [4510 bytes] - [30/03/2015 19:33:04]
AdwCleaner[S0].txt - [4290 bytes] - [30/03/2015 19:38:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4349  bytes] ##########
 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 31 March 2015 - 08:21 AM

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is it now?

#6 stirfry

stirfry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 31 March 2015 - 07:00 PM

I did the recommended reset of all the browsers but its still when I open all of the browsers its going to the following webpage:

 

http://www-search.info/?src=us

 

The computer is working fine but that is the only thing that is bugging me.

 

Cheers,

TK Khen



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 01 April 2015 - 07:35 AM

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

If that fails to stop the redirection run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#8 stirfry

stirfry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 01 April 2015 - 05:49 PM

Used RougeKiller and it did not fix the browser problem.  Still opening to the following website on all browser when I open it.  The computer is running fine btw.

 

http://www-search.info/?src=us

 

Below is the RougeKiller report:

 

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : skhen [Administrator]
Started from : C:\Users\skhen\Downloads\RogueKiller.exe
Mode : Delete -- Date : 04/01/2015  08:50:11

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0011-0000-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [7][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0011-0000-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0011-0000-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0011-0000-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-1000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0232681427846477mcinstcleanup -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0232681427846477mcinstcleanup -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9185B4A0-49AC-4037-A5B3-1EFB16B32CD9} | DhcpNameServer : 61.12.0.50 61.12.0.99 [INDIA (IN)][INDIA (IN)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9185B4A0-49AC-4037-A5B3-1EFB16B32CD9} | DhcpNameServer : 61.12.0.50 61.12.0.99 [INDIA (IN)][INDIA (IN)]  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9185B4A0-49AC-4037-A5B3-1EFB16B32CD9} | DhcpNameServer : 61.12.0.50 61.12.0.99 [INDIA (IN)][INDIA (IN)]  -> Replaced ()
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Replaced (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Replaced (0)

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\NetEngine -- "C:\ProgramData\NetEngine\bin\D2\netengine.exe" ("/e=L3A9MTk2NTAxXi91PTE4OWNiOTQ0NWVkNzQwZGNhMDlmM2QxZjg0NjdhNjUwXi9kPW9ubGluZW1vdmlld2l6YXJkLmNvbV4vbj1NT1daXi9hPU1vdmllV2l6YXJk") -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 5 ¤¤¤
[IE:Addon] System : McAfee SiteAdvisor Toolbar [{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}] -> Deleted
[IE:Addon] System : Google Toolbar [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] -> Deleted
[FIREFX:Addon] i3j9v9ac.default-1427845593805 : Mozilla Firefox hotfix [firefox-hotfix@mozilla.org] -> Deleted
[FIREFX:Addon] i3j9v9ac.default-1427845593805 : McAfee SiteAdvisor [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] -> Deleted
[PUM.HomePage][FIREFX:Config] i3j9v9ac.default-1427845593805 : user_pref("browser.startup.homepage", "about:newtab"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST750LM022 HN-M750MBB +++++
--- User ---
[MBR] 5e45bc2df83ac2fa9c1e83f97f504078
[BSP] acf02151bdf65688d3a0f59b12191c3f : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04012015_080814.log



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 02 April 2015 - 06:40 AM

Restart the computer normally.

Reset the compromised Browsers again as suggested in post nor 5.

If all fails,

There could be some remnant items.
Run this online scan.
It may take some time. Do it when you know you will not need the computer for a few hours.

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

Keep me posted.

#10 stirfry

stirfry
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 05 April 2015 - 05:21 PM

Hi Happy Easter,

 

Here is the log below.  Still have the browser go to the following site:

 

http://www-search.info/?src=us

 

C:\Program Files (x86)\SysFiles\WebWatcherCert.dll    a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\SysFiles\WebWatcherLSP.dll    a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\SysFiles\WebWatcherLSP.exe    a variant of Win32/Komodia.A potentially unsafe application
C:\Users\skhen\Downloads\ccsetup503.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\WebWatcherLSP.dll    a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\SysWOW64\WebWatcherLSP.dll    a variant of Win32/Komodia.A potentially unsafe application
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 06 April 2015 - 07:25 AM


If you installed this Web Watcher leave the following files alone.
Read about it.
http://www.webwatcher.com/


C:\Program Files (x86)\SysFiles\WebWatcherCert.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\SysFiles\WebWatcherLSP.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Program Files (x86)\SysFiles\WebWatcherLSP.exe a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\System32\WebWatcherLSP.dll a variant of Win32/Komodia.A potentially unsafe application
C:\Windows\SysWOW64\WebWatcherLSP.dll a variant of Win32/Komodia.A potentially unsafe application


This file in bold can be deleted.
C:\Users\skhen\Downloads\ccsetup503.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

===

Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 11 April 2015 - 08:39 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:50 AM

Posted 17 April 2015 - 08:50 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users