Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep seeing pop-ups and links are redirected!


  • This topic is locked This topic is locked
11 replies to this topic

#1 84xads

84xads

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 13 July 2015 - 12:36 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Kim Mortensen (administrator) on KIMM-LAPTOP on 13-07-2015 12:29:43
Running from C:\Users\Kim Mortensen\Documents\FRST
Loaded Profiles: Kim Mortensen (Available Profiles: Kim Mortensen)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
() C:\Windows\dvf.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\SYSTEM.SAV\Util\ibtsiva.exe
() C:\Program Files\015\lxqvbcbiws32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
() C:\Windows\mdvf.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(drms media group) C:\Windows\Updatesvc.exe
() C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\hnspDBEE.tmp
() C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\jnslC660.tmp
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
() C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}\Download.exe
(Dropbox, Inc.) C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\Navigate.exe
(WS) C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe
() C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
(ShopperPro) C:\Program Files\Common Files\ShopperPro\spbiu.exe
(Goobzo) C:\Program Files (x86)\YTDownloader\BrowserHelper.exe
(YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
(ObjectB) C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.exe
(Webby) C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-6.exe
() C:\Users\Kim Mortensen\AppData\Local\WikiUpdate.exe
(The WikiBrowser Authors) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
(The WikiBrowser Authors) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
(The WikiBrowser Authors) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
(The WikiBrowser Authors) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
(The WikiBrowser Authors) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
(The WikiBrowser Authors) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
(The WikiBrowser Authors) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\SysWOW64\First Verify\afirstsvc.exe
() C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\PluginContainer.exe
() C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\Updater.exe
() C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2\Plugin.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\Plugin.exe
() C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3\Plugin.exe
() C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\Plugin.exe
() C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3\Plugin.exe
() C:\Windows\Temp\uo124.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\knsa359F.tmp
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5\Plugin.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\Temp\uo124.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\SysWOW64\First Verify\afirst.exe
() C:\Windows\Temp\uo124.exe
(AF, INC                                                     ) C:\Windows\Temp\AF\AF.exe
() C:\Users\Kim Mortensen\AppData\Local\Temp\is-QFEBC.tmp\AF.tmp
() C:\Windows\SysWOW64\First Verify\afirst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-09-02] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [643064 2015-02-09] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-12-09] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [gmsd_us_002010026] => [X]
HKLM-x32\...\Run: [gmsd_us_005010026] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe [3225088 2015-07-10] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-07-09] (YTDownloader)
HKLM-x32\...\RunOnce: [Update] => C:\Users\Kim Mortensen\AppData\Roaming\ASPackage\ASPackage.exe [715015 2015-07-09] ()
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\Run: [Dropbox Update] => C:\Users\Kim Mortensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe [3225088 2015-07-10] ()
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-07-09] (YTDownloader)
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-03-23]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-03-23]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-03-23]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk [2015-07-09]
ShortcutTarget: Download.lnk -> C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}\Download.exe ()
Startup: C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:56457;https=127.0.0.1:56457
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://hp13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp13.msn.com
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=MF5F3BEA0-6C65-4DDF-821C-CD0599738E94&SearchSource=55&CUI=&UM=8&UP=SP2746FDFE-C7F3-4028-A3B0-A9E0EA7F359C&D=070915&SSPV=SP30339TA_sp_ie
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp13.msn.com
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {92225390-02BB-4D6E-9F45-0CE3B327CE20} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MDC7FD2AB-402D-4E0C-B6B7-BB5BE716DA1D&SearchSource=58&CUI=&UM=8&UP=SPDDECFD95-0867-43A7-BCFB-15C1CAFFAB01&D=070915&q={searchTerms}&SSPV=SP30339TA_sp_ie
SearchScopes: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001 -> {92225390-02BB-4D6E-9F45-0CE3B327CE20} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} ->  No File
BHO: youtubeadblocker -> {449D8677-4FDF-439C-A7BB-CEAB464423AE} -> C:\Program Files (x86)\youtubeadblocker\rqZtVm1mBqRfhi.x64.dll [2015-07-10] ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-07-10] (Goobzo Ltd.)
BHO: PriicceLess -> {B9BADDCF-8640-454A-9E1A-91E49483ECB5} -> C:\Program Files (x86)\PriicceLess\0YfujZLHtd9q1S.x64.dll [2015-07-10] ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-12] (Microsoft Corporation)
BHO-x32: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} ->  No File
BHO-x32: youtubeadblocker -> {449D8677-4FDF-439C-A7BB-CEAB464423AE} -> C:\Program Files (x86)\youtubeadblocker\rqZtVm1mBqRfhi.dll [2015-07-10] ()
BHO-x32: Gravity Space -> {8788dd2d-bed5-4071-8439-c822cef57bc8} -> C:\Program Files (x86)\Gravity Space\Extensions\8788dd2d-bed5-4071-8439-c822cef57bc8.dll [2015-07-13] ()
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-07-10] (Goobzo Ltd.)
BHO-x32: On Stage -> {aff87634-f4a9-42bc-b2dc-be240584d095} -> C:\Program Files (x86)\On Stage\Extensions\aff87634-f4a9-42bc-b2dc-be240584d095.dll No File
BHO-x32: PriicceLess -> {B9BADDCF-8640-454A-9E1A-91E49483ECB5} -> C:\Program Files (x86)\PriicceLess\0YfujZLHtd9q1S.dll [2015-07-10] ()
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-17] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-02-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-02-27] (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 05 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 06 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 07 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 08 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 09 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 10 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 11 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 12 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 13 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 14 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 26 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 27 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 05 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 06 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 07 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 08 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 09 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 10 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 11 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 12 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 13 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 14 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 26 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 27 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{56D9557F-B89D-4AFE-A135-53CE6201CFC8}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Trovi
FF SelectedSearchEngine: Trovi
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-02-27] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-16] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-10] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-10] (globalUpdate)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\user.js [2015-07-13]
FF SearchPlugin: C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\searchplugins\trovi.xml [2015-07-09]
FF Extension: iWebar - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [2015-07-10]
FF Extension: PriicceLess - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\2g@U.edu [2015-07-10]
FF Extension: Object Browser - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2015-07-10]
FF Extension: CouponsPlus - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\o61@djavZ2x.edu [2015-07-09]
FF Extension: youtubeadblocker - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\UrnD8sK8h@k.org [2015-07-10]
FF Extension: Shopper-Pro - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-07-10]
FF Extension: Gravity Space - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{057eedd3-cf0f-4f5c-b9c6-4b7986e812fd}.xpi [2015-07-13]
FF Extension: On Stage - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{abd24c81-a6f3-4092-82a2-bbebfc21a3f6}.xpi [2015-07-09]
FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-18]
FF HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-07-09] ()
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
R2 d25e9d9d; c:\Program Files (x86)\StatFoobar\StatFoobar.dll [2601984 2015-07-10] () [File not signed]
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4259808 2014-08-13] (Nuance Communications, Inc.)
R2 dvf; c:\windows\dvf.exe [417792 2015-07-09] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-25] (WildTangent)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-10] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-10] (globalUpdate) [File not signed] <==== ATTENTION
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 iBtSiva; C:\system.sav\util\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
R2 lxqvbcbiws32; C:\Program Files\015\lxqvbcbiws32.exe [622392 2015-04-07] ()
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-02-27] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe [422632 2015-01-22] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-02-27] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mdvf; c:\windows\mdvf.exe [408576 2015-07-09] () [File not signed]
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-12-09] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-12-09] (Intuit Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
R2 Service Mgr GravitySpace; C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe [654608 2015-07-13] ()
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-07-10] (ShopperPro)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-09-02] (Synaptics Incorporated)
R2 Update Mgr GravitySpace; C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe [574224 2015-07-13] ()
R2 UpdateSvc; C:\Windows\Updatesvc.exe [221184 2015-07-08] (drms media group) [File not signed]
R4 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [100768 2015-04-20] () [File not signed]
R2 vicoqudu; C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\hnspDBEE.tmp [165376 2015-07-09] () [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WikiBrowserUpdateService; C:\Users\Kim Mortensen\AppData\Local\WikiUpdate.exe [364032 2015-06-30] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 wssvc_1.10.0.20; C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe [300120 2015-07-06] (WS)
R2 zejytose; C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\jnslC660.tmp [199168 2015-07-09] () [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation)
R2 zikovoty; C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\knsa359F.tmp [262656 2015-07-13] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [199112 2014-05-30] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3488744 2014-07-22] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [552152 2014-09-09] (Realsil Semiconductor Corporation)
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-07-09] (YTDownloader)
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [32496 2014-09-02] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-09-02] (Synaptics Incorporated)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-07-10] ()
R2 SPDRIVER_1.42.1.2104; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.sys [52384 2015-07-10] ()
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2014-08-14] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R1 wsfd_vw_1_10_0_20; C:\Windows\System32\drivers\wsfd_vw_1_10_0_20.sys [57728 2015-07-06] (WS)
S1 cherimoya; system32\drivers\cherimoya.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 12:28 - 2015-07-13 12:29 - 00000000 ____D C:\Users\Kim Mortensen\Documents\FRST
2015-07-13 12:24 - 2015-07-13 12:29 - 00000000 ____D C:\FRST
2015-07-13 12:20 - 2015-07-13 12:20 - 00000135 _____ C:\Windows\version.ini
2015-07-13 10:20 - 2015-07-13 10:20 - 00000346 _____ C:\Windows\ads.js
2015-07-13 09:42 - 2015-07-13 09:43 - 00000000 ____D C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb
2015-07-13 09:42 - 2015-07-13 09:42 - 00000000 ____D C:\Program Files (x86)\Gravity Space
2015-07-13 09:41 - 2015-07-13 12:22 - 00000000 ____D C:\Windows\SysWOW64\First Verify
2015-07-13 09:24 - 2015-07-13 09:24 - 00000000 ____D C:\Program Files\Coupoon
2015-07-13 09:24 - 2015-07-13 09:24 - 00000000 ____D C:\Program Files (x86)\coupoon
2015-07-10 13:20 - 2015-07-10 13:20 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\One System Care
2015-07-10 13:15 - 2015-07-10 13:15 - 00003348 _____ C:\Windows\System32\Tasks\One System Care Run Delay
2015-07-10 13:15 - 2015-07-10 13:15 - 00003282 _____ C:\Windows\System32\Tasks\One System Care Monitor
2015-07-10 13:15 - 2015-07-10 13:15 - 00002882 _____ C:\Windows\System32\Tasks\One System CarePeriod
2015-07-10 13:15 - 2015-07-10 13:15 - 00002586 _____ C:\Windows\System32\Tasks\One System CareStartUp
2015-07-10 13:15 - 2015-07-10 13:15 - 00002452 _____ C:\Users\Kim Mortensen\Desktop\WikiBrowser.lnk
2015-07-10 13:15 - 2015-07-10 13:15 - 00001090 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-07-10 13:15 - 2015-07-10 13:15 - 00000316 _____ C:\Windows\Tasks\One System CareStartUp.job
2015-07-10 13:15 - 2015-07-10 13:15 - 00000316 _____ C:\Windows\Tasks\One System CarePeriod.job
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WikiBrowser
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\WikiBrowser
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-07-10 13:10 - 2015-07-13 12:10 - 00003484 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6.job
2015-07-10 13:10 - 2015-07-13 12:10 - 00003164 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.job
2015-07-10 13:10 - 2015-07-10 13:15 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\BrowserHelper
2015-07-10 13:10 - 2015-07-10 13:10 - 00006832 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7
2015-07-10 13:10 - 2015-07-10 13:10 - 00006488 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6
2015-07-10 13:10 - 2015-07-10 13:10 - 00006168 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7
2015-07-10 13:10 - 2015-07-10 13:10 - 00006168 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6
2015-07-10 13:10 - 2015-07-10 13:10 - 00005804 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5
2015-07-10 13:10 - 2015-07-10 13:10 - 00005476 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5
2015-07-10 13:10 - 2015-07-10 13:10 - 00003828 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00003744 _____ C:\Windows\System32\Tasks\SMupdate1
2015-07-10 13:10 - 2015-07-10 13:10 - 00003164 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002800 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002800 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002472 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002472 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5.job
2015-07-10 13:09 - 2015-07-10 13:10 - 00000000 ____D C:\Program Files (x86)\Object Browser
2015-07-10 13:09 - 2015-07-10 13:10 - 00000000 ____D C:\Program Files (x86)\iWebar
2015-07-10 13:09 - 2015-07-10 13:09 - 00007524 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4
2015-07-10 13:09 - 2015-07-10 13:09 - 00007508 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4
2015-07-10 13:09 - 2015-07-10 13:09 - 00004534 _____ C:\Windows\System32\Tasks\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00004520 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4.job
2015-07-10 13:09 - 2015-07-10 13:09 - 00004504 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4.job
2015-07-10 13:09 - 2015-07-10 13:09 - 00004272 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3634323133313839352d504a2d414534372a5a6c785a
2015-07-10 13:09 - 2015-07-10 13:09 - 00003926 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
2015-07-10 13:09 - 2015-07-10 13:09 - 00003604 _____ C:\Windows\System32\Tasks\YTDownloader
2015-07-10 13:09 - 2015-07-10 13:09 - 00003590 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-07-10 13:09 - 2015-07-10 13:09 - 00003516 _____ C:\Windows\System32\Tasks\SPDriver
2015-07-10 13:09 - 2015-07-10 13:09 - 00001972 _____ C:\Users\Kim Mortensen\Desktop\YTDownloader.lnk
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\CrashRpt
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\ProgramData\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-07-10 13:04 - 2015-07-10 13:10 - 00003996 _____ C:\Windows\System32\Tasks\amiupdaterExi
2015-07-10 13:04 - 2015-07-10 13:04 - 00004170 _____ C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update
2015-07-10 13:04 - 2015-07-10 13:04 - 00004164 _____ C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Core
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\youtubeadblocker
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\WordShark_1.10.0.20
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\The Camelizer
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\StatFoobar
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\PriicceLess
2015-07-10 13:03 - 2015-07-10 13:03 - 00003274 _____ C:\Windows\System32\Tasks\EasyResize
2015-07-10 13:03 - 2015-07-10 13:03 - 00000372 _____ C:\Windows\Tasks\EasyResize.job
2015-07-10 13:03 - 2015-07-10 13:03 - 00000000 ____D C:\ProgramData\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}
2015-07-10 09:42 - 2015-07-10 09:42 - 00000000 ____D C:\ProgramData\e513ecb0000005fb
2015-07-10 09:39 - 2015-07-10 09:39 - 00000000 _____ C:\Users\Kim Mortensen\AppData\Local\Temp.dat
2015-07-09 17:10 - 2015-07-09 17:10 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 998209.crdownload
2015-07-09 17:09 - 2015-07-09 17:09 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 295947.crdownload
2015-07-09 17:03 - 2015-07-09 17:03 - 00000384 _____ C:\Users\Kim Mortensen\Downloads\seg=SHOP1515
2015-07-09 16:30 - 2015-07-09 16:30 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 689433.crdownload
2015-07-09 16:29 - 2015-07-09 16:29 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 754244.crdownload
2015-07-09 16:21 - 2015-07-09 16:21 - 00102912 _____ (drms media group) C:\Windows\Installer.exe
2015-07-09 15:50 - 2015-07-09 15:51 - 01091979 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 908889.crdownload
2015-07-09 15:49 - 2015-07-09 15:49 - 01091979 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 271186.crdownload
2015-07-09 15:19 - 2015-07-10 13:15 - 00002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-09 15:09 - 2015-07-09 16:25 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-07-09 15:09 - 2015-07-09 15:09 - 00613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nss2FDF.tmp
2015-07-09 15:08 - 2015-07-10 09:34 - 00001070 _____ C:\Windows\Tasks\pQKgsIpLyFSTegD3Mri27.job
2015-07-09 15:08 - 2015-07-09 15:08 - 00004100 _____ C:\Windows\System32\Tasks\pQKgsIpLyFSTegD3Mri27
2015-07-09 15:07 - 2015-07-09 15:12 - 00000000 ____D C:\Program Files\shopperz
2015-07-09 15:07 - 2015-07-09 15:07 - 00004784 _____ C:\Windows\SysWOW64\Oexufafono.ini
2015-07-09 15:07 - 2015-07-09 15:07 - 00002504 _____ C:\Windows\SysWOW64\OexufafonoOff.ini
2015-07-09 15:07 - 2015-07-09 15:07 - 00002504 _____ C:\Windows\system32\OexufafonoOff.ini
2015-07-09 15:07 - 2015-06-23 15:47 - 00348672 _____ C:\Windows\system32\Oexufafono64.dll
2015-07-09 15:07 - 2015-06-23 15:46 - 00278016 _____ C:\Windows\SysWOW64\Oexufafono.dll
2015-07-09 15:05 - 2015-07-09 15:05 - 00000000 ____D C:\ProgramData\60fc76ae00007c5a
2015-07-09 15:03 - 2015-07-09 15:03 - 00002135 _____ C:\Users\Kim Mortensen\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-07-09 15:01 - 2015-07-09 15:01 - 00002157 _____ C:\Users\Kim Mortensen\Desktop\Continue MaxComputerCleaner Uninstaller.lnk
2015-07-09 14:58 - 2015-07-09 15:31 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-09 14:58 - 2015-07-09 15:21 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-09 14:58 - 2015-07-09 15:21 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-09 14:58 - 2015-07-09 15:11 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-07-09 14:58 - 2015-07-09 15:11 - 00002822 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-07-09 14:58 - 2015-07-09 15:11 - 00002822 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-07-09 14:54 - 2015-07-09 14:54 - 00613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nsoABBE.tmp
2015-07-09 14:54 - 2015-07-09 14:54 - 00000000 __SHD C:\Users\Kim Mortensen\AppData\Roaming\AnyProtectEx
2015-07-09 14:52 - 2015-07-09 14:52 - 00000000 ____D C:\ProgramData\350bdab00003d0b
2015-07-09 14:50 - 2015-07-10 09:34 - 00001048 _____ C:\Windows\Tasks\9jnSQTpF3k.job
2015-07-09 14:50 - 2015-07-09 14:50 - 00004076 _____ C:\Windows\System32\Tasks\9jnSQTpF3k
2015-07-09 14:50 - 2015-07-09 14:50 - 00001949 _____ C:\Windows\patsearch.bin
2015-07-09 14:50 - 2015-07-09 14:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-07-09 14:50 - 2015-07-09 14:50 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\Google
2015-07-09 14:49 - 2015-07-10 13:04 - 00000000 ____D C:\ProgramData\13757504707023941631
2015-07-09 14:49 - 2015-07-09 14:49 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-09 14:48 - 2015-07-09 16:02 - 00000000 ____D C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}
2015-07-09 14:48 - 2015-07-09 14:48 - 00000000 ____D C:\Windows\Provider32
2015-07-09 14:48 - 2015-07-08 17:23 - 00221184 _____ (drms media group) C:\Windows\Updatesvc.exe
2015-07-09 14:48 - 2015-07-08 17:22 - 00271360 _____ (drms media group) C:\Windows\Provider.dll
2015-07-09 14:47 - 2015-07-09 15:16 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\SmartWeb
2015-07-09 14:45 - 2015-07-09 14:45 - 01387800 _____ C:\Users\Public\ASR.dat
2015-07-09 14:43 - 2015-07-10 09:34 - 00001060 _____ C:\Windows\Tasks\YiNSjCcSp6TnPjB7.job
2015-07-09 14:43 - 2015-07-09 14:43 - 00004088 _____ C:\Windows\System32\Tasks\YiNSjCcSp6TnPjB7
2015-07-09 14:43 - 2015-07-09 14:43 - 00000000 ____D C:\Users\Kim Mortensen\Documents\Optimizer Pro
2015-07-09 14:42 - 2015-07-09 15:21 - 00000380 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-07-09 14:42 - 2015-07-09 14:42 - 00003282 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
2015-07-09 14:42 - 2015-07-09 14:42 - 00000000 ____D C:\ProgramData\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}
2015-07-09 14:41 - 2015-07-10 12:37 - 00001070 _____ C:\Windows\Tasks\S9FcFJhAGbXtlX1Sf5D6c.job
2015-07-09 14:41 - 2015-07-10 09:40 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C
2015-07-09 14:41 - 2015-07-09 14:41 - 00004100 _____ C:\Windows\System32\Tasks\S9FcFJhAGbXtlX1Sf5D6c
2015-07-09 14:40 - 2015-07-10 13:14 - 00000954 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-07-09 14:40 - 2015-07-10 13:14 - 00000950 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-09 14:40 - 2015-07-10 13:09 - 00003926 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-07-09 14:40 - 2015-07-10 13:09 - 00003690 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-07-09 14:40 - 2015-07-09 15:08 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-09 14:40 - 2015-07-09 14:40 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\globalUpdate
2015-07-09 14:40 - 2015-07-09 14:40 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-07-09 14:39 - 2015-07-13 12:27 - 00000112 _____ C:\ProgramData\6d8h22C0.dat
2015-07-09 14:39 - 2015-07-09 14:39 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\ASPackage
2015-07-09 14:39 - 2015-07-09 14:39 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470767-3536-5247-D0BF9C8E3DC6
2015-07-09 14:38 - 2015-07-10 13:15 - 00000000 ___HD C:\ProgramData\dvf
2015-07-09 14:38 - 2015-07-09 14:44 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\35444335-1436452733-3536-5247-D0BF9C8E3DC6
2015-07-09 14:36 - 2015-07-09 14:36 - 00000000 ____D C:\BreakingNewsAlert
2015-07-09 14:36 - 2013-08-22 08:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-09 14:35 - 2015-07-13 11:23 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6
2015-07-09 14:35 - 2015-07-09 15:13 - 00000000 ____D C:\Program Files\13
2015-07-09 14:35 - 2015-07-09 15:08 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-07-09 14:35 - 2015-07-09 14:38 - 00000000 ____D C:\Program Files\015
2015-07-09 14:35 - 2015-07-09 14:35 - 00631808 _____ C:\Windows\dvf.dat
2015-07-09 14:35 - 2015-07-09 14:35 - 00417792 _____ C:\Windows\dvf.exe
2015-07-09 14:35 - 2015-07-09 14:35 - 00408576 _____ C:\Windows\mdvf.exe
2015-07-09 14:35 - 2015-07-09 14:35 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-07-09 14:35 - 2015-07-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-07-09 14:31 - 2015-07-09 14:31 - 00693968 _____ ( ) C:\Users\Kim Mortensen\Downloads\Free%20Screensavers.exe
2015-07-09 09:32 - 2015-07-09 15:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-08 15:55 - 2015-07-08 15:55 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-08 11:32 - 2015-07-08 11:32 - 00000000 ____D C:\Users\Kim Mortensen\Documents\Pharmacy
2015-07-06 14:11 - 2015-07-06 14:11 - 00061312 _____ (WS) C:\Windows\system32\Drivers\wsfd_vt_1_10_0_20.sys
2015-07-06 14:11 - 2015-07-06 14:11 - 00057728 _____ (WS) C:\Windows\system32\Drivers\wsfd_vw_1_10_0_20.sys
2015-06-30 07:23 - 2015-06-30 07:23 - 00364032 _____ C:\Users\Kim Mortensen\AppData\Local\WikiUpdate.exe
2015-06-29 11:46 - 2015-06-29 11:46 - 00015497 _____ C:\Users\Kim Mortensen\Documents\Medreps Provider Activity.xlsx
2015-06-25 16:02 - 2015-06-25 16:02 - 00000000 ____D C:\Users\Kim Mortensen\Documents\Michael
2015-06-25 15:33 - 2015-07-06 14:55 - 00000000 ____D C:\Users\Kim Mortensen\Desktop\New folder
2015-06-22 15:51 - 2015-07-10 09:56 - 00005016 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for KimM-Laptop-Kim Mortensen KimM-Laptop
2015-06-18 09:19 - 2015-07-13 09:44 - 00000388 _____ C:\Windows\Tasks\HPCeeScheduleForKim Mortensen.job
2015-06-18 09:19 - 2015-07-01 09:44 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKim Mortensen
2015-06-17 09:41 - 2015-07-13 11:46 - 00000974 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001UA.job
2015-06-17 09:41 - 2015-07-13 09:46 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001Core.job
2015-06-17 09:41 - 2015-06-17 09:41 - 00003936 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001UA
2015-06-17 09:41 - 2015-06-17 09:41 - 00003556 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001Core
2015-06-17 09:41 - 2015-06-17 09:41 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\Dropbox
2015-06-17 09:41 - 2015-06-17 09:41 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-16 15:20 - 2015-06-16 15:20 - 00000000 ____D C:\ProgramData\Samsung
2015-06-16 15:20 - 2015-06-16 15:20 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2015-06-15 13:13 - 2015-06-15 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-15 13:13 - 2015-06-15 13:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-15 13:13 - 2015-06-15 13:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-15 13:12 - 2015-06-15 13:12 - 13095136 _____ (Microsoft Corporation) C:\Users\Kim Mortensen\Downloads\Silverlight_x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-13 12:29 - 2015-03-16 20:14 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3709960815-1272476127-4158410570-1001
2015-07-13 12:10 - 2015-03-20 15:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 12:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-13 11:16 - 2015-03-16 20:02 - 01995855 _____ C:\Windows\WindowsUpdate.log
2015-07-13 09:33 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-13 09:26 - 2015-03-16 20:13 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4F71B523-8E5F-4E3E-9ED8-85C5331D1432}
2015-07-13 09:22 - 2014-11-18 02:25 - 00022234 _____ C:\Windows\SysWOW64\Gms.log
2015-07-13 09:22 - 2013-08-22 09:46 - 00098015 _____ C:\Windows\setupact.log
2015-07-10 13:18 - 2015-04-28 09:37 - 00000000 ____D C:\Users\Kim Mortensen\Documents\Scanned
2015-07-10 13:15 - 2015-03-16 20:09 - 00002573 _____ C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-10 13:09 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-10 09:37 - 2015-03-16 20:12 - 00000000 ____D C:\Users\Kim Mortensen\Documents\Youcam
2015-07-10 09:35 - 2015-03-23 12:40 - 00000000 ___RD C:\Users\Kim Mortensen\Dropbox
2015-07-10 09:35 - 2015-03-23 12:38 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Dropbox
2015-07-09 15:22 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-09 15:21 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-09 15:20 - 2015-03-16 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 15:20 - 2014-03-18 04:44 - 00042780 _____ C:\Windows\PFRO.log
2015-07-09 15:19 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-09 14:36 - 2015-03-23 15:02 - 00000000 __SHD C:\Users\Kim Mortensen\AppData\Local\EmieBrowserModeList
2015-07-09 14:36 - 2015-03-16 20:13 - 00000000 __SHD C:\Users\Kim Mortensen\AppData\Local\EmieUserList
2015-07-09 14:36 - 2015-03-16 20:13 - 00000000 __SHD C:\Users\Kim Mortensen\AppData\Local\EmieSiteList
2015-07-09 10:07 - 2015-03-16 20:08 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\Packages
2015-07-09 09:47 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 13:10 - 2015-03-20 15:01 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-06 16:24 - 2013-08-22 10:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 16:24 - 2013-08-22 10:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 05:08 - 2015-05-13 09:26 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-01 16:09 - 2015-03-16 20:08 - 00000000 ____D C:\Users\Kim Mortensen
2015-07-01 09:43 - 2015-04-09 09:26 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-06-30 11:14 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-29 11:10 - 2015-03-16 20:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-25 12:09 - 2015-04-06 09:07 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-18 09:19 - 2015-03-16 20:10 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\Hewlett-Packard

==================== Files in the root of some directories =======

2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe
2015-07-09 14:54 - 2015-07-09 14:54 - 0613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nsoABBE.tmp
2015-07-09 15:09 - 2015-07-09 15:09 - 0613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nss2FDF.tmp
2015-07-10 09:39 - 2015-07-10 09:39 - 0000000 _____ () C:\Users\Kim Mortensen\AppData\Local\Temp.dat
2015-06-30 07:23 - 2015-06-30 07:23 - 0364032 _____ () C:\Users\Kim Mortensen\AppData\Local\WikiUpdate.exe
2015-07-09 14:39 - 2015-07-13 12:27 - 0000112 _____ () C:\ProgramData\6d8h22C0.dat

Files to move or delete:
====================
C:\ProgramData\6d8h22C0.dat
C:\Users\Public\ASR.dat


Some files in TEMP:
====================
C:\Users\Kim Mortensen\AppData\Local\Temp\1429.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\1446.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\266.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\3274.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\3555.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\3755.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\63C3CE09-06B1-2F43-7D6E-7E26F3451458.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\63C3CE09-06B1-2F43-7D6E-7E26F3451458.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\6A773DF0-427C-6E45-25AB-4E05D20A0DD8.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\7700.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\7743.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\941.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\Abspdf.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\acfpdfu.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\acfpdfui.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\cdintf.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\Download.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqtsoan.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\fsd33D3.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\fsd4327.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\fsdAF11.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\Launcher__10979.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\Launcher__12695.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\Launcher__13761.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\Launcher__13889.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\Launcher__13945.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\mVOD1F1.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\nsj86F4.tmp.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\oprun11570.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\optprosetup.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\setup_418.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\setup_668.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\SpOrder.dll
C:\Users\Kim Mortensen\AppData\Local\Temp\supoptsetup.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\Uninstall.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\UninstallModule.exe
C:\Users\Kim Mortensen\AppData\Local\Temp\xmllite.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-07 10:27

==================== End of log ============================



BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 14 July 2015 - 03:44 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Please post the addition.txt as well.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 14 July 2015 - 08:46 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Kim Mortensen at 2015-07-13 12:30:11
Running from C:\Users\Kim Mortensen\Documents\FRST
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3709960815-1272476127-4158410570-500 - Administrator - Disabled)
Guest (S-1-5-21-3709960815-1272476127-4158410570-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3709960815-1272476127-4158410570-1003 - Limited - Enabled)
Kim Mortensen (S-1-5-21-3709960815-1272476127-4158410570-1001 - Administrator - Enabled) => C:\Users\Kim Mortensen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 3.0.2.59 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.3.5419 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.3.5715 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.2.3324 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4523 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.2.44 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.2.44 - Nuance Communications, Inc.)
Dropbox (HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
First Verify version 2.0 (HKLM-x32\...\{7AF56C9C-F827-41A9-9998-047116F688A4}_is1) (Version: 2.0 - AF, INC)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - Foxit Corporation)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Gravity Space (HKLM-x32\...\Gravity Space) (Version: 2.0.5672.5145 - Gravity Space)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{584F92FE-C0E6-4E18-A219-18C728BBCDBB}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{ac7ad2d7-04b3-460c-b370-07e3d3e3aa4e}) (Version: 17.01.0000.1697 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.17 - Intel Corporation)
Intel® WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{C9324B6F-FC2B-4CA0-8C42-793D7099BDA1}) (Version: 17.0.1422.02 - Intel Corporation)
iWebar (HKLM-x32\...\iWebar) (Version: 1.36.01.22 - Webby) <==== ATTENTION
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1599 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Object Browser (HKLM-x32\...\Object Browser) (Version: 1.36.01.22 - ObjectB) <==== ATTENTION!
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.00.00.1 - OneSystemCare)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PriicceLess (HKLM-x32\...\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}) (Version:  - ) <==== ATTENTION
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Premier Edition 2014 (HKLM-x32\...\{44A280D0-A6E4-46A7-8FC6-EFA6E94FEACE}) (Version: 24.0.4008.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.62 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - )
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version:  - ) <==== ATTENTION
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Support PL 1.1 (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{d25e9d9d}) (Version:  - riceLes) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.19 - Synaptics Incorporated)
The Camelizer (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WikiBrowser (HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\WikiBrowser) (Version: 39.0.2132.33 - WikiBrowser) <==== ATTENTION!
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden
WordShark 1.10.0.20 (HKLM-x32\...\WordShark_1.10.0.20) (Version: 1.10.0.20 - WordShark) <==== ATTENTION
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden
youtubeadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION
YTDownloader (HKLM-x32\...\YTDownloader) (Version:  - YTDownloader) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

22-06-2015 09:53:59 Scheduled Checkpoint
29-06-2015 13:06:35 Scheduled Checkpoint
07-07-2015 13:46:01 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02CEE620-A286-48FB-A6C7-B05ADCDCFC8E} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {02E5E89E-DCE1-4EDD-96A2-292653A2338B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-10] (globalUpdate) <==== ATTENTION
Task: {0A706A17-3B9A-47EF-B68D-C216B2278AE5} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-6.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {11D051AE-A6E3-4F6E-A8C3-AAE713CF6059} - System32\Tasks\EasyResize => c:\programdata\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}\setup_668.exe [2014-07-10] () <==== ATTENTION
Task: {1CAD9229-AFD5-4586-BD80-70B63B54E6D0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {1CAF36EE-26BE-499E-A55D-FFE2A12EAA49} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001Core => C:\Users\Kim Mortensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {20BC9DD1-6CAE-45A4-9B76-AF0510F6F849} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001UA => C:\Users\Kim Mortensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {22751F80-3AF0-470C-9118-D8F29869DB5E} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {2A91E585-5964-4DC0-A4C5-1AA1418E0F73} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-07-09] (Goobzo) <==== ATTENTION
Task: {2F5B6F6B-4C0D-4907-BF33-376D578DD7AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {34A02D34-2475-4420-8944-F790114259F4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {382D51D7-A679-4E1F-883F-076BEC4348AD} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {38DF5F52-2AD0-4A50-AAEE-BB1CCACDFE2D} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {3D3DE41A-E715-4DB6-86F9-3220E2EDEC41} - System32\Tasks\Microsoft Office 15 Sync Maintenance for KimM-Laptop-Kim Mortensen KimM-Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-05-28] (Microsoft Corporation)
Task: {3EB58F08-EDCC-4B05-A819-EEA1C1F44AF1} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-05-12] ()
Task: {41A57214-EBEB-4EFD-9F3D-F5D386C91471} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2015-07-10] (Goobzo LTD) <==== ATTENTION
Task: {44EF8AEA-9876-4B1A-BE66-D3F727B38403} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4583FC74-EF7E-455D-88D6-28F1F7A48227} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {48E336F0-AA4D-4935-BFAB-46E845F73B75} - System32\Tasks\HPCeeScheduleForKim Mortensen => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {51B17520-FFC9-4823-8B20-8F8AD2B31478} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {5B3AA173-6E2F-4729-A8B1-0C9C3D681E08} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {6D78CAD6-DF2C-4231-A349-F5E1E6222E61} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {75633532-B345-45F7-AC06-62D1149D0A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {7B3EBBF8-37D2-4220-A1FE-2BA64CB50F5B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {85E772FC-C7CA-4D45-960A-4583DDA337C8} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {88925C8F-957B-4CE5-927E-0791300B9364} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {8BA0EBDC-6E68-483C-A464-753D9149313A} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {8CF6CFA5-788D-4DD9-BA39-F067C0B8AC21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {90A93B73-C8BC-4E51-9F40-0170DE64013C} - System32\Tasks\One System CareStartUp => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {93C7AB6C-EBFF-4E10-88AD-3DA422427101} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-28] (Microsoft Corporation)
Task: {9AEE570A-0E76-4761-B89D-57EFC117C407} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {9AF026C7-F660-4529-8436-8ACEC893168A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {A17B8D4B-264B-44D8-83DF-74095B98DB22} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {A23E57E1-A67B-4F66-99A5-B8E136A04F2E} - System32\Tasks\S9FcFJhAGbXtlX1Sf5D6c => C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe [2015-04-20] () <==== ATTENTION
Task: {A58F15F0-513A-4EA4-863A-3799ADDFA0F8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {AD40D16E-B1FD-4159-885A-983A61CFB96F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {B3943AFD-0492-468D-9F19-557B0C9E60D2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-07-09] (YTDownloader) <==== ATTENTION
Task: {BAAC0460-6E47-41C3-BA9F-F1C2F35D9057} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Core => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {BC11022C-BE28-4748-B2FF-B6E5D25BE54A} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()
Task: {C43875FE-0B47-4A47-A18C-C611E1B1AB0E} - System32\Tasks\SPBIW_UpdateTask_Time_3634323133313839352d504a2d414534372a5a6c785a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {C6E90C00-3A3D-4BBA-99AD-EB3E430DCC2D} - System32\Tasks\9jnSQTpF3k => C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe [2015-04-20] () <==== ATTENTION
Task: {D3867AA5-E973-47D7-BC0E-CB907A536227} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-23] (CyberLink Corp.)
Task: {D3EA33E6-F83F-40AD-B900-4FC41A32561C} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-7.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {DC4EC3A1-43DC-4CD1-BB81-FA2D7ACA4F8C} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2015-07-10] (Goobzo) <==== ATTENTION
Task: {DF9E9707-840C-46B0-9BC4-BD78DCAAC562} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {E14AEDA2-1526-46C0-9965-31C0C2CB36F0} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe [2015-07-10] () <==== ATTENTION
Task: {E5D9DA37-89E5-4321-A92D-113EC16B7A24} - System32\Tasks\pQKgsIpLyFSTegD3Mri27 => C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe [2015-04-20] () <==== ATTENTION
Task: {E70F74D8-9C54-4FA6-BAD9-E5693BB91070} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}\hqghumeaylnlf.exe [2014-07-09] (PC Utilities Software Limited) <==== ATTENTION
Task: {E82FECA5-745F-46EF-ABA6-8085D3B97BA0} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-4.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {EB58C1BB-4B88-480B-9363-41AA3B41A26B} - System32\Tasks\YiNSjCcSp6TnPjB7 => C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe [2015-04-20] () <==== ATTENTION
Task: {ECDBC767-9D14-40F9-941E-B76DA73B0EA2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-10] (globalUpdate) <==== ATTENTION
Task: {F012993C-0B45-4ABC-8E9A-45F17291D4D8} - System32\Tasks\amiupdaterExi => C:\Users\KIMMOR~1\AppData\Local\Temp\amiupdater1321.exe <==== ATTENTION
Task: {F05889F4-858D-4878-BB33-F0280CF71D75} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {F2B7A2F9-5BA0-4DE2-BD20-880B0368D887} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-4.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {F6427F86-0B6F-437F-8286-48ED61E51110} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe [2015-07-10] (Webby) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\9jnSQTpF3k.job => C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001Core.job => C:\Users\Kim Mortensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3709960815-1272476127-4158410570-1001UA.job => C:\Users\Kim Mortensen\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EasyResize.job => c:\programdata\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}\setup_668.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\HPCeeScheduleForKim Mortensen.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\One System CarePeriod.job => 0x030601009FA9FCF4DAB97049AD2CEDBC1A2151A846000A0100000000A0050500200000000014730F000000000313040010208001000000000000000000000000000000000000370043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004F006E006500530079007300740065006D0043006100720065005C004F006E006500530079007300740065006D0043006100720065002E00650078006500000006002D007300630061006E00000000001A004B0069006D004D002D004C006100700074006F0070005C004B0069006D0020004D006F007200740065006E00730065006E00000000000000080003130400000000000100300000006C07010001000000000000000B000000B4000000000000000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\One System CareStartUp.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
Task: C:\Windows\Tasks\pQKgsIpLyFSTegD3Mri27.job => C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe <==== ATTENTION
Task: C:\Windows\Tasks\S9FcFJhAGbXtlX1Sf5D6c.job => C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe <==== ATTENTION
Task: C:\Windows\Tasks\YiNSjCcSp6TnPjB7.job => C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-09 15:07 - 2015-06-23 15:47 - 00348672 _____ () C:\Windows\system32\Oexufafono64.dll
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-12-02 13:52 - 2014-12-02 13:52 - 00029184 _____ () C:\Windows\System32\ssm4mlm.dll
2015-03-16 20:17 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-09 14:35 - 2015-07-09 14:35 - 00417792 _____ () c:\windows\dvf.exe
2015-04-07 04:12 - 2015-04-07 04:12 - 00622392 _____ () C:\Program Files\015\lxqvbcbiws32.exe
2015-07-09 14:35 - 2015-07-09 14:35 - 00408576 _____ () c:\windows\mdvf.exe
2014-11-18 02:52 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-07-09 14:36 - 2015-07-09 14:36 - 00165376 _____ () C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\hnspDBEE.tmp
2015-07-09 14:36 - 2015-07-09 14:36 - 00199168 _____ () C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\jnslC660.tmp
2015-03-16 20:18 - 2015-03-17 10:06 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-07-09 14:48 - 2015-07-09 14:48 - 01048064 _____ () C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}\Download.exe
2015-07-10 13:09 - 2015-07-10 00:12 - 03225088 _____ () C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe
2015-07-09 04:57 - 2015-07-09 04:57 - 00112560 _____ () C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe
2015-06-30 07:23 - 2015-06-30 07:23 - 00364032 _____ () C:\Users\Kim Mortensen\AppData\Local\WikiUpdate.exe
2015-07-13 09:24 - 2015-07-13 09:24 - 01170432 _____ () c:\windows\temp\uo124.exe
2015-07-13 09:41 - 2015-04-20 20:13 - 00100768 _____ () C:\Windows\SysWOW64\First Verify\afirstsvc.exe
2015-07-13 06:53 - 2015-07-13 06:53 - 00654608 ____N () C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe
2015-07-13 06:53 - 2015-07-13 06:53 - 00574224 ____N () C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe
2015-07-13 09:43 - 2015-07-13 09:43 - 01174288 _____ () C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\2\plugin.exe
2015-07-13 05:54 - 2015-07-13 05:54 - 00459536 _____ () C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\7\plugin.exe
2015-07-13 10:43 - 2015-07-13 10:43 - 00614672 _____ () C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\3\plugin.exe
2015-07-13 11:11 - 2015-07-13 11:11 - 00262656 _____ () C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\knsa359F.tmp
2015-07-13 11:43 - 2015-07-13 11:43 - 00785168 _____ () C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugins\5\plugin.exe
2015-07-13 09:41 - 2015-04-20 20:07 - 51334048 _____ () C:\Windows\SysWOW64\First Verify\afirst.exe
2015-07-13 12:29 - 2015-07-13 12:29 - 01178112 _____ () C:\Users\Kim Mortensen\AppData\Local\Temp\is-QFEBC.tmp\AF.tmp
2014-09-03 14:03 - 2014-09-03 14:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-10 09:34 - 2015-07-10 09:34 - 00043008 _____ () c:\Users\Kim Mortensen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqtsoan.dll
2015-03-04 16:45 - 2015-03-19 02:15 - 00750080 _____ () C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 16:45 - 2015-03-19 02:15 - 00047616 _____ () C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-05-22 16:11 - 2015-03-19 02:15 - 00865280 _____ () C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-22 16:11 - 2015-03-19 02:15 - 00200704 _____ () C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-05-22 16:11 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-05-22 16:11 - 2015-03-19 02:15 - 00726016 _____ () C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-05-22 16:11 - 2015-03-19 02:15 - 00010240 _____ () C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-07-09 14:43 - 2015-03-26 09:14 - 00880128 _____ () C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\ffmpegsumo.dll
2015-07-09 14:43 - 2014-09-22 23:07 - 14891848 _____ () C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\PepperFlash\pepflashplayer.dll
2015-07-09 14:43 - 2015-03-26 09:39 - 08569856 _____ () C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\pdf.dll
2015-07-09 14:43 - 2015-03-26 09:18 - 00324608 _____ () C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\ppGoogleNaClPluginChrome.dll
2015-07-09 14:43 - 2015-03-26 09:13 - 01091584 _____ () C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\libglesv2.dll
2015-07-09 14:43 - 2015-03-26 09:13 - 00167936 _____ () C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C\Navigate\libEGL.dll
2015-07-10 13:04 - 2015-07-10 13:04 - 02601984 _____ () c:\Program Files (x86)\StatFoobar\StatFoobar.dll
2015-03-16 20:17 - 2015-03-17 10:06 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-07-10 13:15 - 2015-06-24 18:29 - 01037768 _____ () C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\39.0.2132.33\libglesv2.dll
2015-07-10 13:15 - 2015-06-24 18:29 - 00210888 _____ () C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\39.0.2132.33\libegl.dll
2015-07-10 13:15 - 2015-06-24 18:29 - 08874952 _____ () C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\39.0.2132.33\pdf.dll
2015-07-10 13:15 - 2015-06-24 18:29 - 01679816 _____ () C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\39.0.2132.33\ffmpegsumo.dll
2015-03-16 20:17 - 2015-03-17 10:02 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-05-04 09:38 - 2015-05-04 09:38 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2015-06-26 09:08 - 2015-05-12 12:27 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\sharepoint.com -> hxxps://medreps.sharepoint.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E6A3FBDB-1E6A-404D-86F9-F0E5A50BE60C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{70AA78EB-F810-4DCF-B4AA-61120C724EAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{197CB089-BDB7-417A-8F1A-9987E4FAB05E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3FF189C-5ED1-461C-BD6F-BC2997B628F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BFB079EB-F577-4CF0-B698-B63B7096E408}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E1746AF-4510-4C3A-BFF1-935036E94FD2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B6791E10-703D-4E72-8F74-4EACE8DB04C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{BA5C554D-478B-402B-AA16-750DDE959BA0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{9D92B543-BC2F-4E8B-8ADD-A7509ABF0897}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{AD04B9EA-8F18-4F7E-8B35-E33478C7CAA6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{69A93537-1B28-4B21-BD1F-1A9AC59BEAD2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{96A6097D-6F02-4CAA-B9C9-F1E6D6F051AD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4D5537C6-B649-434E-8992-6478586D3FD4}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{BA72A515-B387-4C78-AC1C-8A04CA894A39}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{9F1BE039-629A-4D4B-9F0A-FB910BD168D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A78B28A9-30CE-4448-B803-174C4D1A54BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1815B105-0E01-45F1-9B80-750688A6314D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{07766820-EB63-4BC3-BB2A-1425D4C0A0CE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{B0C84160-D1C4-42CA-800E-77B5E9A41E6D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{45893F61-2834-4900-BD1A-C3C84C3AEE67}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{9F4EF70D-E89D-4A77-B52D-2D284FF0E768}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{79A90AF4-CA01-433D-9476-F94012880188}] => (Allow) C:\Users\Kim Mortensen\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{D675E9E4-1464-47DB-B23C-A1441C6C6881}] => (Allow) C:\Users\Kim Mortensen\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{DDF54D76-3FD4-4D63-930F-4DD53E2672F1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E3FF326B-EF02-4F4D-9C04-EF962704464D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{10A82C78-A9BA-45BB-BF19-174F6764751E}] => (Allow) C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4AE6BD37-76BA-4E50-B88D-93EA4A31E4FF}] => (Allow) C:\Users\Kim Mortensen\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A7AE13F9-4222-44F6-B537-A64A5A9B70D9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{54263736-C8A5-4B42-AA92-BC6FB91D38F2}] => (Allow) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2015 11:38:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:38:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:38:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:21:38 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Premier Edition 2014":
V24.0D R8 (M=1066, L=335, C=249, V=0 (0))


System errors:
=============
Error: (07/13/2015 09:39:51 AM) (Source: DCOM) (EventID: 10010) (User: KimM-Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/13/2015 09:39:21 AM) (Source: DCOM) (EventID: 10010) (User: KimM-Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/13/2015 09:35:12 AM) (Source: DCOM) (EventID: 10010) (User: KimM-Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/13/2015 09:34:42 AM) (Source: DCOM) (EventID: 10010) (User: KimM-Laptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/13/2015 09:27:57 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Peer Name Resolution Protocol service, but this action failed with the following error:
%%1056

Error: (07/13/2015 09:22:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Peer Name Resolution Protocol service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (07/13/2015 09:22:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Peer Networking Grouping service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (07/13/2015 09:22:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Peer Networking Identity Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (07/10/2015 01:15:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WikiBrowserUpdateService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (07/10/2015 10:35:38 AM) (Source: DCOM) (EventID: 10010) (User: KimM-Laptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office:
=========================
Error: (07/13/2015 11:38:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:38:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:38:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:26:01 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))

Error: (07/13/2015 11:21:38 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Premier Edition 2014V24.0D R8 (M=1066, L=335, C=249, V=0 (0))


CodeIntegrity Errors:
===================================
  Date: 2015-07-09 15:08:51.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:51.478
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:51.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:51.181
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:51.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:50.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:50.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:50.232
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:50.037
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-09 15:08:49.691
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 12210.27 MB
Available physical RAM: 7534.91 MB
Total Virtual: 14338.27 MB
Available Virtual: 6619.49 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:904.1 GB) (Free:840.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.39 GB) (Free:2.95 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35ABAEC7)

Partition: GPT Partition Type.

==================== End of log ============================



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 15 July 2015 - 05:42 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Windows Defender or McAfee.

 

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

YTDownloader
youtubeadblocker
WordShark 1.10.0.20
WikiBrowser
The Camelizer
Support PL 1.1
Shopper-Pro
PriicceLess
Object Browser
iWebar
globalupdate Helper


Close the window.

 

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Full System Scan with Malwarebytes Antimalware



  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 15 July 2015 - 02:26 PM

Here is the fixlist.txt file

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Kim Mortensen at 2015-07-15 12:21:35 Run:1
Running from C:\Users\Kim Mortensen\Documents\FRST
Loaded Profiles: Kim Mortensen (Available Profiles: Kim Mortensen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [gmsd_us_002010026] => [X]
HKLM-x32\...\Run: [gmsd_us_005010026] => [X]
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe [3225088 2015-07-10] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-07-09] (YTDownloader)
HKLM-x32\...\RunOnce: [Update] => C:\Users\Kim Mortensen\AppData\Roaming\ASPackage\ASPackage.exe [715015 2015-07-09] ()
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe [3225088 2015-07-10] ()
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988528 2015-07-09] (YTDownloader)
Startup: C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk [2015-07-09]
ShortcutTarget: Download.lnk -> C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}\Download.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:56457;https=127.0.0.1:56457
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com/?gd=&ctid=CT3334822&octid=EB_ORIGINAL_CTID&ISID=MF5F3BEA0-6C65-4DDF-821C-CD0599738E94&SearchSource=55&CUI=&UM=8&UP=SP2746FDFE-C7F3-4028-A3B0-A9E0EA7F359C&D=070915&SSPV=SP30339TA_sp_ie
SearchScopes: HKU\S-1-5-21-3709960815-1272476127-4158410570-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=MDC7FD2AB-402D-4E0C-B6B7-BB5BE716DA1D&SearchSource=58&CUI=&UM=8&UP=SPDDECFD95-0867-43A7-BCFB-15C1CAFFAB01&D=070915&q={searchTerms}&SSPV=SP30339TA_sp_ie
BHO: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} ->  No File
BHO: youtubeadblocker -> {449D8677-4FDF-439C-A7BB-CEAB464423AE} -> C:\Program Files (x86)\youtubeadblocker\rqZtVm1mBqRfhi.x64.dll [2015-07-10] ()
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-07-10] (Goobzo Ltd.)
BHO: PriicceLess -> {B9BADDCF-8640-454A-9E1A-91E49483ECB5} -> C:\Program Files (x86)\PriicceLess\0YfujZLHtd9q1S.x64.dll [2015-07-10] ()
BHO-x32: No Name -> {3c9ce603-44cc-4997-a166-239e6186c6ef} ->  No File
BHO-x32: youtubeadblocker -> {449D8677-4FDF-439C-A7BB-CEAB464423AE} -> C:\Program Files (x86)\youtubeadblocker\rqZtVm1mBqRfhi.dll [2015-07-10] ()
BHO-x32: Gravity Space -> {8788dd2d-bed5-4071-8439-c822cef57bc8} -> C:\Program Files (x86)\Gravity Space\Extensions\8788dd2d-bed5-4071-8439-c822cef57bc8.dll [2015-07-13] ()
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll [2015-07-10] (Goobzo Ltd.)
BHO-x32: On Stage -> {aff87634-f4a9-42bc-b2dc-be240584d095} -> C:\Program Files (x86)\On Stage\Extensions\aff87634-f4a9-42bc-b2dc-be240584d095.dll No File
BHO-x32: PriicceLess -> {B9BADDCF-8640-454A-9E1A-91E49483ECB5} -> C:\Program Files (x86)\PriicceLess\0YfujZLHtd9q1S.dll [2015-07-10] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9 05 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 06 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 07 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 08 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 09 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 10 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 11 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 12 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 13 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 14 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 26 C:\Windows\Provider32\Provider.dll [228352 2015-07-09] (drms media group)
Winsock: Catalog9 27 C:\Windows\SysWOW64\Oexufafono.dll [278016 2015-07-09] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
Winsock: Catalog9-x64 05 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 06 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 07 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 08 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 09 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 10 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 11 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 12 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 13 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 14 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 26 C:\Windows\Provider.dll [271360 2015-07-09] (drms media group)
Winsock: Catalog9-x64 27 C:\Windows\system32\Oexufafono64.dll [348672 2015-07-09] ()
FF DefaultSearchEngine: Trovi
FF DefaultSearchEngine.US: Trovi
FF SelectedSearchEngine: Trovi
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-10] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-07-10] (globalUpdate)
FF SearchPlugin: C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\searchplugins\trovi.xml [2015-07-09]
FF Extension: iWebar - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [2015-07-10]
FF Extension: PriicceLess - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\2g@U.edu [2015-07-10]
FF Extension: Object Browser - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2015-07-10]
FF Extension: CouponsPlus - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\o61@djavZ2x.edu [2015-07-09]
FF Extension: youtubeadblocker - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\UrnD8sK8h@k.org [2015-07-10]
FF Extension: Shopper-Pro - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-07-10]
FF Extension: Gravity Space - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{057eedd3-cf0f-4f5c-b9c6-4b7986e812fd}.xpi [2015-07-13]
FF Extension: On Stage - C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{abd24c81-a6f3-4092-82a2-bbebfc21a3f6}.xpi [2015-07-09]
FF HKLM\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3c9ce603-44cc-4997-a166-239e6186c6ef}] - C:\Program Files\shopperz\Firefox
Task: C:\Windows\Tasks\One System CarePeriod.job => 0x030601009FA9FCF4DAB97049AD2CEDBC1A2151A846000A0100000000A0050500200000000014730F000000000313040010208001000000000000000000000000000000000000370043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C004F006E006500530079007300740065006D0043006100720065005C004F006E006500530079007300740065006D0043006100720065002E00650078006500000006002D007300630061006E00000000001A004B0069006D004D002D004C006100700074006F0070005C004B0069006D0020004D006F007200740065006E00730065006E00000000000000080003130400000000000100300000006C07010001000000000000000B000000B4000000000000000000000001000000010000000000000000000000
Task: C:\Windows\Tasks\One System CareStartUp.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
Task: C:\Windows\Tasks\pQKgsIpLyFSTegD3Mri27.job => C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe <==== ATTENTION
Task: C:\Windows\Tasks\S9FcFJhAGbXtlX1Sf5D6c.job => C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe <==== ATTENTION
Task: C:\Windows\Tasks\YiNSjCcSp6TnPjB7.job => C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe <==== ATTENTION
Task: C:\Windows\Tasks\EasyResize.job => c:\programdata\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}\setup_668.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
FirewallRules: [{54263736-C8A5-4B42-AA92-BC6FB91D38F2}] => (Allow) C:\Users\Kim Mortensen\AppData\Local\WikiBrowser\Application\wikibrowser.exe
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user.job => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\9jnSQTpF3k.job => C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user.job => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe <==== ATTENTION
Task: {02CEE620-A286-48FB-A6C7-B05ADCDCFC8E} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {02E5E89E-DCE1-4EDD-96A2-292653A2338B} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-10] (globalUpdate) <==== ATTENTION
Task: {0A706A17-3B9A-47EF-B68D-C216B2278AE5} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-6.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {11D051AE-A6E3-4F6E-A8C3-AAE713CF6059} - System32\Tasks\EasyResize => c:\programdata\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}\setup_668.exe [2014-07-10] () <==== ATTENTION
Task: {1CAD9229-AFD5-4586-BD80-70B63B54E6D0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {22751F80-3AF0-470C-9118-D8F29869DB5E} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {2A91E585-5964-4DC0-A4C5-1AA1418E0F73} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-07-09] (Goobzo) <==== ATTENTION
Task: {2F5B6F6B-4C0D-4907-BF33-376D578DD7AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {34A02D34-2475-4420-8944-F790114259F4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {38DF5F52-2AD0-4A50-AAEE-BB1CCACDFE2D} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {3EB58F08-EDCC-4B05-A819-EEA1C1F44AF1} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-05-12] ()
Task: {41A57214-EBEB-4EFD-9F3D-F5D386C91471} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2015-07-10] (Goobzo LTD) <==== ATTENTION
Task: {44EF8AEA-9876-4B1A-BE66-D3F727B38403} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4583FC74-EF7E-455D-88D6-28F1F7A48227} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {51B17520-FFC9-4823-8B20-8F8AD2B31478} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {6D78CAD6-DF2C-4231-A349-F5E1E6222E61} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {85E772FC-C7CA-4D45-960A-4583DDA337C8} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {88925C8F-957B-4CE5-927E-0791300B9364} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {8BA0EBDC-6E68-483C-A464-753D9149313A} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {90A93B73-C8BC-4E51-9F40-0170DE64013C} - System32\Tasks\One System CareStartUp => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-05-12] ()
Task: {A23E57E1-A67B-4F66-99A5-B8E136A04F2E} - System32\Tasks\S9FcFJhAGbXtlX1Sf5D6c => C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe [2015-04-20] () <==== ATTENTION
Task: {AD40D16E-B1FD-4159-885A-983A61CFB96F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {B3943AFD-0492-468D-9F19-557B0C9E60D2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-07-09] (YTDownloader) <==== ATTENTION
Task: {BAAC0460-6E47-41C3-BA9F-F1C2F35D9057} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Core => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {C43875FE-0B47-4A47-A18C-C611E1B1AB0E} - System32\Tasks\SPBIW_UpdateTask_Time_3634323133313839352d504a2d414534372a5a6c785a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {C6E90C00-3A3D-4BBA-99AD-EB3E430DCC2D} - System32\Tasks\9jnSQTpF3k => C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe [2015-04-20] () <==== ATTENTION
Task: {D3EA33E6-F83F-40AD-B900-4FC41A32561C} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-1-7.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {DC4EC3A1-43DC-4CD1-BB81-FA2D7ACA4F8C} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2015-07-10] (Goobzo) <==== ATTENTION
Task: {DF9E9707-840C-46B0-9BC4-BD78DCAAC562} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {E14AEDA2-1526-46C0-9965-31C0C2CB36F0} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe [2015-07-10] () <==== ATTENTION
Task: {E5D9DA37-89E5-4321-A92D-113EC16B7A24} - System32\Tasks\pQKgsIpLyFSTegD3Mri27 => C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe [2015-04-20] () <==== ATTENTION
Task: {E70F74D8-9C54-4FA6-BAD9-E5693BB91070} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}\hqghumeaylnlf.exe [2014-07-09] (PC Utilities Software Limited) <==== ATTENTION
Task: {E82FECA5-745F-46EF-ABA6-8085D3B97BA0} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-4.exe [2015-07-10] (Webby) <==== ATTENTION
Task: {EB58C1BB-4B88-480B-9363-41AA3B41A26B} - System32\Tasks\YiNSjCcSp6TnPjB7 => C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe [2015-04-20] () <==== ATTENTION
Task: {ECDBC767-9D14-40F9-941E-B76DA73B0EA2} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-10] (globalUpdate) <==== ATTENTION
Task: {F012993C-0B45-4ABC-8E9A-45F17291D4D8} - System32\Tasks\amiupdaterExi => C:\Users\KIMMOR~1\AppData\Local\Temp\amiupdater1321.exe <==== ATTENTION
Task: {F05889F4-858D-4878-BB33-F0280CF71D75} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-5.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {F2B7A2F9-5BA0-4DE2-BD20-880B0368D887} - System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4 => C:\Program Files (x86)\Object Browser\c1094ea3-985a-4aef-924e-dbf1a529d855-4.exe [2015-07-10] (ObjectB) <==== ATTENTION
Task: {F6427F86-0B6F-437F-8286-48ED61E51110} - System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5 => C:\Program Files (x86)\iWebar\91f80895-8199-4ec6-8a3a-046d00609366-5.exe [2015-07-10] (Webby) <==== ATTENTION

R1 wsfd_vw_1_10_0_20; C:\Windows\System32\drivers\wsfd_vw_1_10_0_20.sys [57728 2015-07-06] (WS)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41624 2015-07-10] ()
R2 SPDRIVER_1.42.1.2104; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.sys [52384 2015-07-10] ()
R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58528 2015-07-09] (YTDownloader)
R2 zikovoty; C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\knsa359F.tmp [262656 2015-07-13] () [File not signed]
R2 wssvc_1.10.0.20; C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe [300120 2015-07-06] (WS)
R2 zejytose; C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\jnslC660.tmp [199168 2015-07-09] () [File not signed]
R2 Update Mgr GravitySpace; C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb\updater.exe [574224 2015-07-13] ()
R2 UpdateSvc; C:\Windows\Updatesvc.exe [221184 2015-07-08] (drms media group) [File not signed]
R4 Verifies and fixes issues; C:\Windows\SysWOW64\First Verify\afirstsvc.exe [100768 2015-04-20] () [File not signed]
R2 vicoqudu; C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\hnspDBEE.tmp [165376 2015-07-09] () [File not signed]
R2 Service Mgr GravitySpace; C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb\plugincontainer.exe [654608 2015-07-13] ()
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-07-10] (ShopperPro)
R2 lxqvbcbiws32; C:\Program Files\015\lxqvbcbiws32.exe [622392 2015-04-07] ()
R2 mdvf; c:\windows\mdvf.exe [408576 2015-07-09] () [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-10] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-10] (globalUpdate) [File not signed] <==== ATTENTION
R2 dvf; c:\windows\dvf.exe [417792 2015-07-09] () [File not signed]
S2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()
R2 d25e9d9d; c:\Program Files (x86)\StatFoobar\StatFoobar.dll [2601984 2015-07-10] () [File not signed]
R2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [112560 2015-07-09] ()

C:\Windows\system32\drivers\cherimoya.sys
C:\Windows\System32\drivers\wsfd_vw_1_10_0_20.sys
C:\Users\Kim Mortensen\AppData\Local\WikiUpdate.exe
C:\Users\Kim Mortensen\AppData\Local\WikiBrowser
C:\Program Files (x86)\WordShark_1.10.0.20
C:\PROGRA~1\COMMON~1\System\SysMenu.dll
C:\Users\KIMMOR~1\AppData\Local\Temp\amiupdater1321.exe
C:\Program Files (x86)\Object Browser
c:\programdata\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}
C:\Program Files (x86)\AnyProtectEx
C:\Program Files (x86)\iWebar
C:\Program Files (x86)\OneSystemCare
c:\Program Files (x86)\StatFoobar\StatFoobar.dll
C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb
C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb
C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}
C:\Program Files (x86)\ShopperPro
C:\Program Files (x86)\YTDownloader
C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6
C:\Windows\system32\Oexufafono64.dll
c:\programdata\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}
C:\Program Files (x86)\globalUpdate
C:\ProgramData\6d8h22C0.dat
C:\Users\Public\ASR.dat
2015-07-13 10:20 - 2015-07-13 10:20 - 00000346 _____ C:\Windows\ads.js
2015-07-13 09:42 - 2015-07-13 09:43 - 00000000 ____D C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb
2015-07-13 09:42 - 2015-07-13 09:42 - 00000000 ____D C:\Program Files (x86)\Gravity Space
2015-07-13 09:41 - 2015-07-13 12:22 - 00000000 ____D C:\Windows\SysWOW64\First Verify
2015-07-13 09:24 - 2015-07-13 09:24 - 00000000 ____D C:\Program Files\Coupoon
2015-07-13 09:24 - 2015-07-13 09:24 - 00000000 ____D C:\Program Files (x86)\coupoon
2015-07-10 13:20 - 2015-07-10 13:20 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\One System Care
2015-07-10 13:15 - 2015-07-10 13:15 - 00003348 _____ C:\Windows\System32\Tasks\One System Care Run Delay
2015-07-10 13:15 - 2015-07-10 13:15 - 00003282 _____ C:\Windows\System32\Tasks\One System Care Monitor
2015-07-10 13:15 - 2015-07-10 13:15 - 00002882 _____ C:\Windows\System32\Tasks\One System CarePeriod
2015-07-10 13:15 - 2015-07-10 13:15 - 00002586 _____ C:\Windows\System32\Tasks\One System CareStartUp
2015-07-10 13:15 - 2015-07-10 13:15 - 00002452 _____ C:\Users\Kim Mortensen\Desktop\WikiBrowser.lnk
2015-07-10 13:15 - 2015-07-10 13:15 - 00001090 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2015-07-10 13:15 - 2015-07-10 13:15 - 00000316 _____ C:\Windows\Tasks\One System CareStartUp.job
2015-07-10 13:15 - 2015-07-10 13:15 - 00000316 _____ C:\Windows\Tasks\One System CarePeriod.job
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WikiBrowser
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\WikiBrowser
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare
2015-07-10 13:15 - 2015-07-10 13:15 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2015-07-10 13:10 - 2015-07-13 12:10 - 00003484 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6.job
2015-07-10 13:10 - 2015-07-13 12:10 - 00003164 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.job
2015-07-10 13:10 - 2015-07-10 13:15 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\BrowserHelper
2015-07-10 13:10 - 2015-07-10 13:10 - 00006832 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7
2015-07-10 13:10 - 2015-07-10 13:10 - 00006488 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6
2015-07-10 13:10 - 2015-07-10 13:10 - 00006168 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7
2015-07-10 13:10 - 2015-07-10 13:10 - 00006168 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6
2015-07-10 13:10 - 2015-07-10 13:10 - 00005804 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5
2015-07-10 13:10 - 2015-07-10 13:10 - 00005476 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5
2015-07-10 13:10 - 2015-07-10 13:10 - 00003828 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00003744 _____ C:\Windows\System32\Tasks\SMupdate1
2015-07-10 13:10 - 2015-07-10 13:10 - 00003164 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002800 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002800 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002472 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user.job
2015-07-10 13:10 - 2015-07-10 13:10 - 00002472 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5.job
2015-07-10 13:09 - 2015-07-10 13:10 - 00000000 ____D C:\Program Files (x86)\Object Browser
2015-07-10 13:09 - 2015-07-10 13:10 - 00000000 ____D C:\Program Files (x86)\iWebar
2015-07-10 13:09 - 2015-07-10 13:09 - 00007524 _____ C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4
2015-07-10 13:09 - 2015-07-10 13:09 - 00007508 _____ C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4
2015-07-10 13:09 - 2015-07-10 13:09 - 00004534 _____ C:\Windows\System32\Tasks\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00004520 _____ C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4.job
2015-07-10 13:09 - 2015-07-10 13:09 - 00004504 _____ C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4.job
2015-07-10 13:09 - 2015-07-10 13:09 - 00004272 _____ C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3634323133313839352d504a2d414534372a5a6c785a
2015-07-10 13:09 - 2015-07-10 13:09 - 00003926 _____ C:\Windows\System32\Tasks\YTDownloaderUpd
2015-07-10 13:09 - 2015-07-10 13:09 - 00003604 _____ C:\Windows\System32\Tasks\YTDownloader
2015-07-10 13:09 - 2015-07-10 13:09 - 00003590 _____ C:\Windows\System32\Tasks\ShopperProJSUpd
2015-07-10 13:09 - 2015-07-10 13:09 - 00003516 _____ C:\Windows\System32\Tasks\SPDriver
2015-07-10 13:09 - 2015-07-10 13:09 - 00001972 _____ C:\Users\Kim Mortensen\Desktop\YTDownloader.lnk
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\CrashRpt
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\ProgramData\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Program Files (x86)\YTDownloader
2015-07-10 13:09 - 2015-07-10 13:09 - 00000000 ____D C:\Program Files (x86)\ShopperPro
2015-07-10 13:04 - 2015-07-10 13:10 - 00003996 _____ C:\Windows\System32\Tasks\amiupdaterExi
2015-07-10 13:04 - 2015-07-10 13:04 - 00004170 _____ C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update
2015-07-10 13:04 - 2015-07-10 13:04 - 00004164 _____ C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Core
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\youtubeadblocker
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\WordShark_1.10.0.20
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\The Camelizer
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\StatFoobar
2015-07-10 13:04 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\PriicceLess
2015-07-10 13:03 - 2015-07-10 13:03 - 00003274 _____ C:\Windows\System32\Tasks\EasyResize
2015-07-10 13:03 - 2015-07-10 13:03 - 00000372 _____ C:\Windows\Tasks\EasyResize.job
2015-07-10 13:03 - 2015-07-10 13:03 - 00000000 ____D C:\ProgramData\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}
2015-07-10 09:42 - 2015-07-10 09:42 - 00000000 ____D C:\ProgramData\e513ecb0000005fb
2015-07-10 09:39 - 2015-07-10 09:39 - 00000000 _____ C:\Users\Kim Mortensen\AppData\Local\Temp.dat
2015-07-09 17:10 - 2015-07-09 17:10 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 998209.crdownload
2015-07-09 17:09 - 2015-07-09 17:09 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 295947.crdownload
2015-07-09 17:03 - 2015-07-09 17:03 - 00000384 _____ C:\Users\Kim Mortensen\Downloads\seg=SHOP1515
2015-07-09 16:30 - 2015-07-09 16:30 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 689433.crdownload
2015-07-09 16:29 - 2015-07-09 16:29 - 01538571 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 754244.crdownload
2015-07-09 16:21 - 2015-07-09 16:21 - 00102912 _____ (drms media group) C:\Windows\Installer.exe
2015-07-09 15:50 - 2015-07-09 15:51 - 01091979 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 908889.crdownload
2015-07-09 15:49 - 2015-07-09 15:49 - 01091979 _____ C:\Users\Kim Mortensen\Downloads\Unconfirmed 271186.crdownload
2015-07-09 15:19 - 2015-07-10 13:15 - 00002261 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-09 15:09 - 2015-07-09 16:25 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-07-09 15:09 - 2015-07-09 15:09 - 00613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nss2FDF.tmp
2015-07-09 15:08 - 2015-07-10 09:34 - 00001070 _____ C:\Windows\Tasks\pQKgsIpLyFSTegD3Mri27.job
2015-07-09 15:08 - 2015-07-09 15:08 - 00004100 _____ C:\Windows\System32\Tasks\pQKgsIpLyFSTegD3Mri27
2015-07-09 15:07 - 2015-07-09 15:12 - 00000000 ____D C:\Program Files\shopperz
2015-07-09 15:07 - 2015-07-09 15:07 - 00004784 _____ C:\Windows\SysWOW64\Oexufafono.ini
2015-07-09 15:07 - 2015-07-09 15:07 - 00002504 _____ C:\Windows\SysWOW64\OexufafonoOff.ini
2015-07-09 15:07 - 2015-07-09 15:07 - 00002504 _____ C:\Windows\system32\OexufafonoOff.ini
2015-07-09 15:07 - 2015-06-23 15:47 - 00348672 _____ C:\Windows\system32\Oexufafono64.dll
2015-07-09 15:07 - 2015-06-23 15:46 - 00278016 _____ C:\Windows\SysWOW64\Oexufafono.dll
2015-07-09 15:05 - 2015-07-09 15:05 - 00000000 ____D C:\ProgramData\60fc76ae00007c5a
2015-07-09 15:03 - 2015-07-09 15:03 - 00002135 _____ C:\Users\Kim Mortensen\Desktop\Continue GamesDesktop Uninstaller.lnk
2015-07-09 15:01 - 2015-07-09 15:01 - 00002157 _____ C:\Users\Kim Mortensen\Desktop\Continue MaxComputerCleaner Uninstaller.lnk
2015-07-09 14:58 - 2015-07-09 15:31 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-09 14:58 - 2015-07-09 15:21 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-09 14:58 - 2015-07-09 15:21 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-09 14:58 - 2015-07-09 15:11 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-07-09 14:58 - 2015-07-09 15:11 - 00002822 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-07-09 14:58 - 2015-07-09 15:11 - 00002822 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-07-09 14:54 - 2015-07-09 14:54 - 00613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nsoABBE.tmp
2015-07-09 14:54 - 2015-07-09 14:54 - 00000000 __SHD C:\Users\Kim Mortensen\AppData\Roaming\AnyProtectEx
2015-07-09 14:52 - 2015-07-09 14:52 - 00000000 ____D C:\ProgramData\350bdab00003d0b
2015-07-09 14:50 - 2015-07-10 09:34 - 00001048 _____ C:\Windows\Tasks\9jnSQTpF3k.job
2015-07-09 14:50 - 2015-07-09 14:50 - 00004076 _____ C:\Windows\System32\Tasks\9jnSQTpF3k
2015-07-09 14:50 - 2015-07-09 14:50 - 00001949 _____ C:\Windows\patsearch.bin
2015-07-09 14:50 - 2015-07-09 14:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf
2015-07-09 14:50 - 2015-07-09 14:50 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\Google
2015-07-09 14:49 - 2015-07-10 13:04 - 00000000 ____D C:\ProgramData\13757504707023941631
2015-07-09 14:49 - 2015-07-09 14:49 - 00000000 ____D C:\Program Files (x86)\predm
2015-07-09 14:48 - 2015-07-09 16:02 - 00000000 ____D C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}
2015-07-09 14:48 - 2015-07-09 14:48 - 00000000 ____D C:\Windows\Provider32
2015-07-09 14:48 - 2015-07-08 17:23 - 00221184 _____ (drms media group) C:\Windows\Updatesvc.exe
2015-07-09 14:48 - 2015-07-08 17:22 - 00271360 _____ (drms media group) C:\Windows\Provider.dll
2015-07-09 14:47 - 2015-07-09 15:16 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\SmartWeb
2015-07-09 14:45 - 2015-07-09 14:45 - 01387800 _____ C:\Users\Public\ASR.dat
2015-07-09 14:43 - 2015-07-10 09:34 - 00001060 _____ C:\Windows\Tasks\YiNSjCcSp6TnPjB7.job
2015-07-09 14:43 - 2015-07-09 14:43 - 00004088 _____ C:\Windows\System32\Tasks\YiNSjCcSp6TnPjB7
2015-07-09 14:43 - 2015-07-09 14:43 - 00000000 ____D C:\Users\Kim Mortensen\Documents\Optimizer Pro
2015-07-09 14:42 - 2015-07-09 15:21 - 00000380 _____ C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job
2015-07-09 14:42 - 2015-07-09 14:42 - 00003282 _____ C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]
2015-07-09 14:42 - 2015-07-09 14:42 - 00000000 ____D C:\ProgramData\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}
2015-07-09 14:41 - 2015-07-10 12:37 - 00001070 _____ C:\Windows\Tasks\S9FcFJhAGbXtlX1Sf5D6c.job
2015-07-09 14:41 - 2015-07-10 09:40 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C
2015-07-09 14:41 - 2015-07-09 14:41 - 00004100 _____ C:\Windows\System32\Tasks\S9FcFJhAGbXtlX1Sf5D6c
2015-07-09 14:40 - 2015-07-10 13:14 - 00000954 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-07-09 14:40 - 2015-07-10 13:14 - 00000950 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-07-09 14:40 - 2015-07-10 13:09 - 00003926 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-07-09 14:40 - 2015-07-10 13:09 - 00003690 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-07-09 14:40 - 2015-07-09 15:08 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-09 14:40 - 2015-07-09 14:40 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\globalUpdate
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe
2015-04-14 11:28 - 2015-04-14 11:28 - 0004387 _____ () C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7
2015-04-20 09:05 - 2015-04-20 09:05 - 1246720 _____ () C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe
2015-07-09 14:54 - 2015-07-09 14:54 - 0613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nsoABBE.tmp
2015-07-09 15:09 - 2015-07-09 15:09 - 0613255 _____ (CMI Limited) C:\Users\Kim Mortensen\AppData\Local\nss2FDF.tmp
2015-07-10 09:39 - 2015-07-10 09:39 - 0000000 _____ () C:\Users\Kim Mortensen\AppData\Local\Temp.dat
2015-07-09 14:39 - 2015-07-09 14:39 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\ASPackage
2015-07-09 14:39 - 2015-07-09 14:39 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470767-3536-5247-D0BF9C8E3DC6
2015-07-09 14:38 - 2015-07-10 13:15 - 00000000 ___HD C:\ProgramData\dvf
2015-07-09 14:38 - 2015-07-09 14:44 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Local\35444335-1436452733-3536-5247-D0BF9C8E3DC6
2015-07-09 14:36 - 2015-07-09 14:36 - 00000000 ____D C:\BreakingNewsAlert
2015-07-09 14:36 - 2013-08-22 08:25 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-09 14:35 - 2015-07-13 11:23 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6
2015-07-09 14:35 - 2015-07-09 15:13 - 00000000 ____D C:\Program Files\13
2015-07-09 14:35 - 2015-07-09 15:08 - 00000000 ____D C:\Program Files (x86)\GUPlayer
2015-07-09 14:35 - 2015-07-09 14:38 - 00000000 ____D C:\Program Files\015
2015-07-09 14:35 - 2015-07-09 14:35 - 00631808 _____ C:\Windows\dvf.dat
2015-07-09 14:35 - 2015-07-09 14:35 - 00417792 _____ C:\Windows\dvf.exe
2015-07-09 14:35 - 2015-07-09 14:35 - 00408576 _____ C:\Windows\mdvf.exe
2015-07-09 14:35 - 2015-07-09 14:35 - 00000000 ____D C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-07-09 14:35 - 2015-07-09 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-07-09 14:31 - 2015-07-09 14:31 - 00693968 _____ ( ) C:\Users\Kim Mortensen\Downloads\Free%20Screensavers.exe

CloseProcesses:
CMD: netsh winsock reset
EmptyTemp:
Hosts:
Reboot:
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_002010026 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_005010026 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Update => value not found.
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value removed successfully
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value removed successfully
C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk => moved successfully.
C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}\Download.exe => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3709960815-1272476127-4158410570-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c9ce603-44cc-4997-a166-239e6186c6ef} => key not found.
HKCR\CLSID\{3c9ce603-44cc-4997-a166-239e6186c6ef} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D8677-4FDF-439C-A7BB-CEAB464423AE} => key not found.
"HKCR\CLSID\{449D8677-4FDF-439C-A7BB-CEAB464423AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
"HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9BADDCF-8640-454A-9E1A-91E49483ECB5} => key not found.
"HKCR\CLSID\{B9BADDCF-8640-454A-9E1A-91E49483ECB5}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3c9ce603-44cc-4997-a166-239e6186c6ef} => key not found.
HKCR\Wow6432Node\CLSID\{3c9ce603-44cc-4997-a166-239e6186c6ef} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D8677-4FDF-439C-A7BB-CEAB464423AE} => key not found.
"HKCR\Wow6432Node\CLSID\{449D8677-4FDF-439C-A7BB-CEAB464423AE}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8788dd2d-bed5-4071-8439-c822cef57bc8} => key not found.
"HKCR\Wow6432Node\CLSID\{8788dd2d-bed5-4071-8439-c822cef57bc8}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aff87634-f4a9-42bc-b2dc-be240584d095} => key not found.
"HKCR\Wow6432Node\CLSID\{aff87634-f4a9-42bc-b2dc-be240584d095}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B9BADDCF-8640-454A-9E1A-91E49483ECB5} => key not found.
"HKCR\Wow6432Node\CLSID\{B9BADDCF-8640-454A-9E1A-91E49483ECB5}" => key removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000005 => removed successfully
Winsock: Catalog entry 000000000006 => removed successfully
Winsock: Catalog entry 000000000007 => removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
Winsock: Catalog entry 000000000010 => removed successfully
Winsock: Catalog entry 000000000011 => removed successfully
Winsock: Catalog entry 000000000012 => removed successfully
Winsock: Catalog entry 000000000013 => removed successfully
Winsock: Catalog entry 000000000014 => removed successfully
Winsock: Catalog entry 000000000026 => removed successfully
Winsock: Catalog entry 000000000027 => removed successfully
Winsock: Catalog entry 000000000001 => removed successfully
Winsock: Catalog entry 000000000002 => removed successfully
Winsock: Catalog entry 000000000003 => removed successfully
Winsock: Catalog entry 000000000004 => removed successfully
Winsock: Catalog entry 000000000005 => removed successfully
Winsock: Catalog entry 000000000006 => removed successfully
Winsock: Catalog entry 000000000007 => removed successfully
Winsock: Catalog entry 000000000008 => removed successfully
Winsock: Catalog entry 000000000009 => removed successfully
Winsock: Catalog entry 000000000010 => removed successfully
Winsock: Catalog entry 000000000011 => removed successfully
Winsock: Catalog entry 000000000012 => removed successfully
Winsock: Catalog entry 000000000013 => removed successfully
Winsock: Catalog entry 000000000014 => removed successfully
Winsock: Catalog entry 000000000026 => removed successfully
Winsock: Catalog entry 000000000027 => removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox SelectedSearchEngine removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => key removed successfully
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll => moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => key removed successfully
C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll not found.
"C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\searchplugins\trovi.xml" => not found.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com not found.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\2g@U.edu not found.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com not found.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\o61@djavZ2x.edu not found.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\UrnD8sK8h@k.org not found.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{057eedd3-cf0f-4f5c-b9c6-4b7986e812fd}.xpi not found.
C:\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{abd24c81-a6f3-4092-82a2-bbebfc21a3f6}.xpi not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{3c9ce603-44cc-4997-a166-239e6186c6ef} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{3c9ce603-44cc-4997-a166-239e6186c6ef} => value removed successfully
C:\Windows\Tasks\One System CarePeriod.job not found.
C:\Windows\Tasks\One System CareStartUp.job not found.
C:\Windows\Tasks\pQKgsIpLyFSTegD3Mri27.job => moved successfully.
C:\Windows\Tasks\S9FcFJhAGbXtlX1Sf5D6c.job => moved successfully.
C:\Windows\Tasks\YiNSjCcSp6TnPjB7.job => moved successfully.
C:\Windows\Tasks\EasyResize.job => moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54263736-C8A5-4B42-AA92-BC6FB91D38F2} => value not found.
C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6.job not found.
C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7.job not found.
C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4.job not found.
C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5.job not found.
C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user.job not found.
C:\Windows\Tasks\9jnSQTpF3k.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP1.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => moved successfully.
C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => moved successfully.
C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.job not found.
C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.job not found.
C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4.job not found.
C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5.job not found.
C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{02CEE620-A286-48FB-A6C7-B05ADCDCFC8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02CEE620-A286-48FB-A6C7-B05ADCDCFC8E}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02E5E89E-DCE1-4EDD-96A2-292653A2338B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02E5E89E-DCE1-4EDD-96A2-292653A2338B}" => key removed successfully
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A706A17-3B9A-47EF-B68D-C216B2278AE5} => key not found.
C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\91f80895-8199-4ec6-8a3a-046d00609366-1-6 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11D051AE-A6E3-4F6E-A8C3-AAE713CF6059}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11D051AE-A6E3-4F6E-A8C3-AAE713CF6059}" => key removed successfully
C:\Windows\System32\Tasks\EasyResize => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyResize" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CAD9229-AFD5-4586-BD80-70B63B54E6D0} => key not found.
C:\Windows\System32\Tasks\APSnotifierPP3 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22751F80-3AF0-470C-9118-D8F29869DB5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22751F80-3AF0-470C-9118-D8F29869DB5E}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A91E585-5964-4DC0-A4C5-1AA1418E0F73}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A91E585-5964-4DC0-A4C5-1AA1418E0F73}" => key removed successfully
C:\Windows\System32\Tasks\YTDownloaderUpd => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F5B6F6B-4C0D-4907-BF33-376D578DD7AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F5B6F6B-4C0D-4907-BF33-376D578DD7AA}" => key removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34A02D34-2475-4420-8944-F790114259F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34A02D34-2475-4420-8944-F790114259F4}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38DF5F52-2AD0-4A50-AAEE-BB1CCACDFE2D} => key not found.
C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB58F08-EDCC-4B05-A819-EEA1C1F44AF1} => key not found.
C:\Windows\System32\Tasks\One System Care Monitor not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{41A57214-EBEB-4EFD-9F3D-F5D386C91471}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41A57214-EBEB-4EFD-9F3D-F5D386C91471}" => key removed successfully
C:\Windows\System32\Tasks\ShopperPro => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperPro" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44EF8AEA-9876-4B1A-BE66-D3F727B38403}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44EF8AEA-9876-4B1A-BE66-D3F727B38403}" => key removed successfully
C:\Windows\System32\Tasks\APSnotifierPP2 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4583FC74-EF7E-455D-88D6-28F1F7A48227} => key not found.
C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\91f80895-8199-4ec6-8a3a-046d00609366-5_user => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51B17520-FFC9-4823-8B20-8F8AD2B31478} => key not found.
C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c1094ea3-985a-4aef-924e-dbf1a529d855-5 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D78CAD6-DF2C-4231-A349-F5E1E6222E61} => key not found.
C:\Windows\System32\Tasks\One System Care Run Delay not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85E772FC-C7CA-4D45-960A-4583DDA337C8} => key not found.
C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88925C8F-957B-4CE5-927E-0791300B9364} => key not found.
C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordShark Auto Updater 1.10.0.20 Pending Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BA0EBDC-6E68-483C-A464-753D9149313A} => key not found.
C:\Windows\System32\Tasks\One System CarePeriod not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90A93B73-C8BC-4E51-9F40-0170DE64013C} => key not found.
C:\Windows\System32\Tasks\One System CareStartUp not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CareStartUp => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A23E57E1-A67B-4F66-99A5-B8E136A04F2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A23E57E1-A67B-4F66-99A5-B8E136A04F2E}" => key removed successfully
C:\Windows\System32\Tasks\S9FcFJhAGbXtlX1Sf5D6c => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\S9FcFJhAGbXtlX1Sf5D6c" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD40D16E-B1FD-4159-885A-983A61CFB96F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD40D16E-B1FD-4159-885A-983A61CFB96F}" => key removed successfully
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3943AFD-0492-468D-9F19-557B0C9E60D2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3943AFD-0492-468D-9F19-557B0C9E60D2}" => key removed successfully
C:\Windows\System32\Tasks\YTDownloader => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BAAC0460-6E47-41C3-BA9F-F1C2F35D9057} => key not found.
C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Core not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordShark Auto Updater 1.10.0.20 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C43875FE-0B47-4A47-A18C-C611E1B1AB0E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C43875FE-0B47-4A47-A18C-C611E1B1AB0E}" => key removed successfully
C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3634323133313839352d504a2d414534372a5a6c785a => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3634323133313839352d504a2d414534372a5a6c785a" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6E90C00-3A3D-4BBA-99AD-EB3E430DCC2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E90C00-3A3D-4BBA-99AD-EB3E430DCC2D}" => key removed successfully
C:\Windows\System32\Tasks\9jnSQTpF3k => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9jnSQTpF3k" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3EA33E6-F83F-40AD-B900-4FC41A32561C} => key not found.
C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\91f80895-8199-4ec6-8a3a-046d00609366-1-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC4EC3A1-43DC-4CD1-BB81-FA2D7ACA4F8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC4EC3A1-43DC-4CD1-BB81-FA2D7ACA4F8C}" => key removed successfully
C:\Windows\System32\Tasks\ShopperProJSUpd => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShopperProJSUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF9E9707-840C-46B0-9BC4-BD78DCAAC562}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF9E9707-840C-46B0-9BC4-BD78DCAAC562}" => key removed successfully
C:\Windows\System32\Tasks\SMupdate1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E14AEDA2-1526-46C0-9965-31C0C2CB36F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E14AEDA2-1526-46C0-9965-31C0C2CB36F0}" => key removed successfully
C:\Windows\System32\Tasks\SPDriver => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPDriver" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5D9DA37-89E5-4321-A92D-113EC16B7A24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5D9DA37-89E5-4321-A92D-113EC16B7A24}" => key removed successfully
C:\Windows\System32\Tasks\pQKgsIpLyFSTegD3Mri27 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pQKgsIpLyFSTegD3Mri27" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E70F74D8-9C54-4FA6-BAD9-E5693BB91070}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E70F74D8-9C54-4FA6-BAD9-E5693BB91070}" => key removed successfully
C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[8da6]" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E82FECA5-745F-46EF-ABA6-8085D3B97BA0} => key not found.
C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\91f80895-8199-4ec6-8a3a-046d00609366-4 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB58C1BB-4B88-480B-9363-41AA3B41A26B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB58C1BB-4B88-480B-9363-41AA3B41A26B}" => key removed successfully
C:\Windows\System32\Tasks\YiNSjCcSp6TnPjB7 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YiNSjCcSp6TnPjB7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ECDBC767-9D14-40F9-941E-B76DA73B0EA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECDBC767-9D14-40F9-941E-B76DA73B0EA2}" => key removed successfully
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F012993C-0B45-4ABC-8E9A-45F17291D4D8} => key not found.
C:\Windows\System32\Tasks\amiupdaterExi not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F05889F4-858D-4878-BB33-F0280CF71D75} => key not found.
C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2B7A2F9-5BA0-4DE2-BD20-880B0368D887} => key not found.
C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\c1094ea3-985a-4aef-924e-dbf1a529d855-4 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6427F86-0B6F-437F-8286-48ED61E51110} => key not found.
C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\91f80895-8199-4ec6-8a3a-046d00609366-5 => key not found.
wsfd_vw_1_10_0_20 => Service removed successfully
cherimoya => Service removed successfully
SPBIUpdd => Unable to stop service.
SPBIUpdd => Service removed successfully
SPDRIVER_1.42.1.2104 => Unable to stop service.
SPDRIVER_1.42.1.2104 => Service removed successfully
sbmntr => Unable to stop service.
sbmntr => Service removed successfully
zikovoty => Service not found.
wssvc_1.10.0.20 => Service not found.
zejytose => Unable to stop service.
zejytose => Service removed successfully
Update Mgr GravitySpace => Service not found.
UpdateSvc => Unable to stop service.
UpdateSvc => Service removed successfully
Verifies and fixes issues => Service not found.
vicoqudu => Unable to stop service.
vicoqudu => Service removed successfully
Service Mgr GravitySpace => Service not found.
SPBIUpd => Unable to stop service.
SPBIUpd => Service removed successfully
lxqvbcbiws32 => Unable to stop service.
lxqvbcbiws32 => Service removed successfully
mdvf => Unable to stop service.
mdvf => Service removed successfully
globalUpdate => Service removed successfully
globalUpdatem => Service removed successfully
dvf => Unable to stop service.
dvf => Service removed successfully
CoupoonService64 => Unable to stop service.
CoupoonService64 => Service removed successfully
d25e9d9d => Service not found.
BrsHelper => Unable to stop service.
BrsHelper => Service removed successfully
"C:\Windows\system32\drivers\cherimoya.sys" => File/Folder not found.
"C:\Windows\System32\drivers\wsfd_vw_1_10_0_20.sys" => File/Folder not found.
C:\Users\Kim Mortensen\AppData\Local\WikiUpdate.exe => moved successfully.
C:\Users\Kim Mortensen\AppData\Local\WikiBrowser => moved successfully.
C:\Program Files (x86)\WordShark_1.10.0.20 => moved successfully.
C:\PROGRA~1\COMMON~1\System\SysMenu.dll => moved successfully.
"C:\Users\KIMMOR~1\AppData\Local\Temp\amiupdater1321.exe" => File/Folder not found.
"C:\Program Files (x86)\Object Browser" => File/Folder not found.
c:\programdata\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3} => moved successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Folder not found.
"C:\Program Files (x86)\iWebar" => File/Folder not found.
"C:\Program Files (x86)\OneSystemCare" => File/Folder not found.
"c:\Program Files (x86)\StatFoobar\StatFoobar.dll" => File/Folder not found.
"C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb" => File/Folder not found.
"C:\Program Files (x86)\Common Files\f4ec396c-3454-45dd-b141-69ee6db2debb" => File/Folder not found.

"C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}" folder move:

Could not move "C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}" folder => Scheduled to move on reboot.

C:\Program Files (x86)\ShopperPro => moved successfully.

"C:\Program Files (x86)\YTDownloader" folder move:

Could not move "C:\Program Files (x86)\YTDownloader" folder => Scheduled to move on reboot.

C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6 => moved successfully.
C:\Windows\system32\Oexufafono64.dll => moved successfully.
c:\programdata\{3b0b9051-50ab-3f7e-3b0b-b905150a4145} => moved successfully.
C:\Program Files (x86)\globalUpdate => moved successfully.
C:\ProgramData\6d8h22C0.dat => moved successfully.
"C:\Users\Public\ASR.dat" => File/Folder not found.
C:\Windows\ads.js => moved successfully.
"C:\ProgramData\f4ec396c-3454-45dd-b141-69ee6db2debb" => File/Folder not found.
"C:\Program Files (x86)\Gravity Space" => File/Folder not found.
C:\Windows\SysWOW64\First Verify => moved successfully.
C:\Program Files\Coupoon => moved successfully.
C:\Program Files (x86)\coupoon => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\One System Care => moved successfully.
"C:\Windows\System32\Tasks\One System Care Run Delay" => File/Folder not found.
"C:\Windows\System32\Tasks\One System Care Monitor" => File/Folder not found.
"C:\Windows\System32\Tasks\One System CarePeriod" => File/Folder not found.
"C:\Windows\System32\Tasks\One System CareStartUp" => File/Folder not found.
"C:\Users\Kim Mortensen\Desktop\WikiBrowser.lnk" => File/Folder not found.
"C:\Users\Public\Desktop\Launch One System Care.lnk" => File/Folder not found.
"C:\Windows\Tasks\One System CareStartUp.job" => File/Folder not found.
"C:\Windows\Tasks\One System CarePeriod.job" => File/Folder not found.
"C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WikiBrowser" => File/Folder not found.
"C:\Users\Kim Mortensen\AppData\Local\WikiBrowser" => File/Folder not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneSystemCare" => File/Folder not found.
"C:\Program Files (x86)\OneSystemCare" => File/Folder not found.
"C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6.job" => File/Folder not found.
"C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6.job" => File/Folder not found.
C:\Users\Kim Mortensen\AppData\Local\BrowserHelper => moved successfully.
"C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7" => File/Folder not found.
"C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-6" => File/Folder not found.
"C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7" => File/Folder not found.
"C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-6" => File/Folder not found.
"C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5" => File/Folder not found.
"C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5" => File/Folder not found.
"C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-1-7.job" => File/Folder not found.
"C:\Windows\System32\Tasks\SMupdate1" => File/Folder not found.
"C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-1-7.job" => File/Folder not found.
"C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5_user.job" => File/Folder not found.
"C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-5.job" => File/Folder not found.
"C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5_user.job" => File/Folder not found.
"C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-5.job" => File/Folder not found.
"C:\Program Files (x86)\Object Browser" => File/Folder not found.
"C:\Program Files (x86)\iWebar" => File/Folder not found.
"C:\Windows\System32\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4" => File/Folder not found.
"C:\Windows\System32\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4" => File/Folder not found.
"C:\Windows\System32\Tasks\ShopperPro" => File/Folder not found.
"C:\Windows\Tasks\c1094ea3-985a-4aef-924e-dbf1a529d855-4.job" => File/Folder not found.
"C:\Windows\Tasks\91f80895-8199-4ec6-8a3a-046d00609366-4.job" => File/Folder not found.
"C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_3634323133313839352d504a2d414534372a5a6c785a" => File/Folder not found.
"C:\Windows\System32\Tasks\YTDownloaderUpd" => File/Folder not found.
"C:\Windows\System32\Tasks\YTDownloader" => File/Folder not found.
"C:\Windows\System32\Tasks\ShopperProJSUpd" => File/Folder not found.
"C:\Windows\System32\Tasks\SPDriver" => File/Folder not found.
C:\Users\Kim Mortensen\Desktop\YTDownloader.lnk => moved successfully.
C:\Users\Public\Documents\ShopperPro => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader => moved successfully.
C:\Users\Kim Mortensen\AppData\Local\CrashRpt => moved successfully.
C:\ProgramData\ShopperPro => moved successfully.
C:\Program Files\Common Files\ShopperPro => moved successfully.

"C:\Program Files (x86)\YTDownloader" folder move:

Could not move "C:\Program Files (x86)\YTDownloader" folder => Scheduled to move on reboot.

"C:\Program Files (x86)\ShopperPro" => File/Folder not found.
"C:\Windows\System32\Tasks\amiupdaterExi" => File/Folder not found.
"C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update" => File/Folder not found.
"C:\Windows\System32\Tasks\WordShark Auto Updater 1.10.0.20 Core" => File/Folder not found.
"C:\Program Files (x86)\youtubeadblocker" => File/Folder not found.
"C:\Program Files (x86)\WordShark_1.10.0.20" => File/Folder not found.
C:\Program Files (x86)\The Camelizer => moved successfully.
"C:\Program Files (x86)\StatFoobar" => File/Folder not found.
"C:\Program Files (x86)\PriicceLess" => File/Folder not found.
"C:\Windows\System32\Tasks\EasyResize" => File/Folder not found.
"C:\Windows\Tasks\EasyResize.job" => File/Folder not found.
"C:\ProgramData\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}" => File/Folder not found.
C:\ProgramData\e513ecb0000005fb => moved successfully.
C:\Users\Kim Mortensen\AppData\Local\Temp.dat => moved successfully.
C:\Users\Kim Mortensen\Downloads\Unconfirmed 998209.crdownload => moved successfully.
C:\Users\Kim Mortensen\Downloads\Unconfirmed 295947.crdownload => moved successfully.
C:\Users\Kim Mortensen\Downloads\seg=SHOP1515 => moved successfully.
C:\Users\Kim Mortensen\Downloads\Unconfirmed 689433.crdownload => moved successfully.
C:\Users\Kim Mortensen\Downloads\Unconfirmed 754244.crdownload => moved successfully.
C:\Windows\Installer.exe => moved successfully.
C:\Users\Kim Mortensen\Downloads\Unconfirmed 908889.crdownload => moved successfully.
C:\Users\Kim Mortensen\Downloads\Unconfirmed 271186.crdownload => moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk" => File/Folder not found.
"C:\Program Files (x86)\AnyProtectEx" => File/Folder not found.
C:\Users\Kim Mortensen\AppData\Local\nss2FDF.tmp => moved successfully.
"C:\Windows\Tasks\pQKgsIpLyFSTegD3Mri27.job" => File/Folder not found.
"C:\Windows\System32\Tasks\pQKgsIpLyFSTegD3Mri27" => File/Folder not found.
C:\Program Files\shopperz => moved successfully.
C:\Windows\SysWOW64\Oexufafono.ini => moved successfully.
C:\Windows\SysWOW64\OexufafonoOff.ini => moved successfully.
C:\Windows\system32\OexufafonoOff.ini => moved successfully.
"C:\Windows\system32\Oexufafono64.dll" => File/Folder not found.
C:\Windows\SysWOW64\Oexufafono.dll => moved successfully.
C:\ProgramData\60fc76ae00007c5a => moved successfully.
C:\Users\Kim Mortensen\Desktop\Continue GamesDesktop Uninstaller.lnk => moved successfully.
C:\Users\Kim Mortensen\Desktop\Continue MaxComputerCleaner Uninstaller.lnk => moved successfully.
"C:\Windows\Tasks\APSnotifierPP1.job" => File/Folder not found.
"C:\Windows\Tasks\APSnotifierPP3.job" => File/Folder not found.
"C:\Windows\Tasks\APSnotifierPP2.job" => File/Folder not found.
"C:\Windows\System32\Tasks\APSnotifierPP1" => File/Folder not found.
"C:\Windows\System32\Tasks\APSnotifierPP3" => File/Folder not found.
"C:\Windows\System32\Tasks\APSnotifierPP2" => File/Folder not found.
C:\Users\Kim Mortensen\AppData\Local\nsoABBE.tmp => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\AnyProtectEx => moved successfully.
C:\ProgramData\350bdab00003d0b => moved successfully.
"C:\Windows\Tasks\9jnSQTpF3k.job" => File/Folder not found.
"C:\Windows\System32\Tasks\9jnSQTpF3k" => File/Folder not found.
C:\Windows\patsearch.bin => moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webTinstMKTN84_01009.Wdf => moved successfully.
C:\Users\Kim Mortensen\AppData\Local\Google => moved successfully.
C:\ProgramData\13757504707023941631 => moved successfully.
C:\Program Files (x86)\predm => moved successfully.

"C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}" folder move:

Could not move "C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}" folder => Scheduled to move on reboot.

C:\Windows\Provider32 => moved successfully.
C:\Windows\Updatesvc.exe => moved successfully.
C:\Windows\Provider.dll => moved successfully.
C:\Users\Kim Mortensen\AppData\Local\SmartWeb => moved successfully.
"C:\Users\Public\ASR.dat" => File/Folder not found.
"C:\Windows\Tasks\YiNSjCcSp6TnPjB7.job" => File/Folder not found.
"C:\Windows\System32\Tasks\YiNSjCcSp6TnPjB7" => File/Folder not found.
C:\Users\Kim Mortensen\Documents\Optimizer Pro => moved successfully.
"C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job" => File/Folder not found.
"C:\Windows\System32\Tasks\Bidaily Synchronize Task[8da6]" => File/Folder not found.
"C:\ProgramData\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}" => File/Folder not found.
"C:\Windows\Tasks\S9FcFJhAGbXtlX1Sf5D6c.job" => File/Folder not found.
"C:\Users\Kim Mortensen\AppData\Local\779BF866-FEAF-7740-A669-CB72FCB4AB7C" => File/Folder not found.
"C:\Windows\System32\Tasks\S9FcFJhAGbXtlX1Sf5D6c" => File/Folder not found.
"C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job" => File/Folder not found.
"C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job" => File/Folder not found.
"C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA" => File/Folder not found.
"C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore" => File/Folder not found.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\Users\Kim Mortensen\AppData\Local\globalUpdate => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27 => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7 => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe => moved successfully.
"C:\Users\Kim Mortensen\AppData\Local\nsoABBE.tmp" => File/Folder not found.
"C:\Users\Kim Mortensen\AppData\Local\nss2FDF.tmp" => File/Folder not found.
"C:\Users\Kim Mortensen\AppData\Local\Temp.dat" => File/Folder not found.
C:\Users\Kim Mortensen\AppData\Roaming\ASPackage => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470767-3536-5247-D0BF9C8E3DC6 => moved successfully.
C:\ProgramData\dvf => moved successfully.
C:\Users\Kim Mortensen\AppData\Local\35444335-1436452733-3536-5247-D0BF9C8E3DC6 => moved successfully.
C:\BreakingNewsAlert => moved successfully.
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully.
"C:\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6" => File/Folder not found.
C:\Program Files\13 => moved successfully.
C:\Program Files (x86)\GUPlayer => moved successfully.
C:\Program Files\015 => moved successfully.
C:\Windows\dvf.dat => moved successfully.
C:\Windows\dvf.exe => moved successfully.
C:\Windows\mdvf.exe => moved successfully.
C:\Users\Kim Mortensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip => moved successfully.
C:\Users\Kim Mortensen\Downloads\Free%20Screensavers.exe => moved successfully.
Processes closed successfully.

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 1.3 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-15 12:25:10)<=

C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173} => moved successfully
C:\Program Files (x86)\YTDownloader => Is moved successfully
C:\Program Files (x86)\YTDownloader => Is moved successfully
C:\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173} => Is moved successfully

==== End of Fixlog 12:25:10 ====

 

 

 

Here is the Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/15/2015
Scan Time: 12:28 PM
Logfile: malware_log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.15.05
Rootkit Database: v2015.07.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kim Mortensen

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353828
Time Elapsed: 19 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Here is the ESET List of Threats:

 

C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe    Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\ArSp.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\BdUdr.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\BrSp.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\CdPrc.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\Core.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\InstSupp.dll    a variant of Win32/GigaClicks.AU potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\WbSt.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\WdCtl.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\Program Files (x86)\Ninja Loader\Modules\WInIn.dll    a variant of Win32/GigaClicks.AV potentially unwanted application    
C:\FRST\Quarantine\C\Program Files\015\lxqvbcbiws32.exe    a variant of Win32/Adware.Adpeak.Q application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici32.dll    a variant of Win32/SBWatchman.H potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbici64.dll    a variant of Win64/SBWatchman.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii32.exe    a variant of Win32/SBWatchman.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbii64.exe    a variant of MSIL/SBWatchman.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\Common Files\ShopperPro\spbiu.exe    a variant of Win64/SBWatchman.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files\shopperz\Enwxbmo64.dll    a variant of Win32/Toolbar.Perion.K potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\coupoon\iiwjljrnpc64.exe    a variant of Win64/Adware.Adpeak.F application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\globalupdate.exe    Win32/AlteredSoftware.F potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdate.exe    Win32/AlteredSoftware.F potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdateBroker.exe    Win32/AlteredSoftware.H potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe    Win32/AlteredSoftware.F potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe    Win32/AlteredSoftware.H potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\psmachine.dll    a variant of Win32/AlteredSoftware.G potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\globalUpdate\Update\1.3.25.0\psuser.dll    a variant of Win32/AlteredSoftware.G potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll.xBAD    a variant of Win32/AlteredSoftware.E potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\GUPlayer\GUPlayerUninstaller.exe    a variant of Win32/TrojanDropper.Addrop.J trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json    JS/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll    a variant of Win32/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe    a variant of Win32/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll    a variant of Win64/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe    Win32/SpeedBit.B.gen potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe    a variant of Win32/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js    JS/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe    a variant of Win32/ShopperPro.B potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.42.1.2104\jsdrv.exe    a variant of Win32/ShopperPro.B potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\The Camelizer\The Camelizer.exe    a variant of Win32/Adware.MultiPlug.JY application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe    a variant of Win32/SBWatchman.F potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll    a variant of Win32/SpeedBit.F potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe    a variant of Win32/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe    a variant of Win32/SBWatchman.G potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe    Win32/SpeedBit.B.gen potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\ProgramData\COMMON~1\System\SysMenu.dll.xBAD    a variant of Win32/SpeedBit.F potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\dvf\0AB81D06A86E4751862A954B0ADD8698\setup.exe    a variant of Win32/Amonetize.BQ potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\dvf\2158CB5B94E04A318937463BF3797E01\setup.exe    a variant of Win32/Amonetize.BQ potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\dvf\4E0BBBB8C2BA41488F3F1938F66C62F6\setup.exe    a variant of Win32/TrojanDropper.Addrop.A trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\dvf\576D031B59254891831C152DA3530714\setup.exe    a variant of Win32/Adware.ConvertAd.IE application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\dvf\84900D7C9FB44AACA1365D4333C6D832\setup.exe    a variant of Win32/Adware.SpeedingUpMyPC.Y application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\dvf\98866B96622A4C5491F1B9B89EEE410F\setup.exe    a variant of Win32/Adware.SpeedingUpMyPC.Y application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\dvf\FC0B0C4FBC4A463E89DC61AAB0C552DD\setup.exe    Win32/OptimizerEliteMax.E potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll    a variant of Win32/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll    a variant of Win64/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\{3b0b9051-50ab-3f7e-3b0b-b905150a4145}\setup_668.exe    a variant of Win32/Kryptik.DPGT trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\{5b62005c-d94c-c8c5-5b62-2005cd940173}\Download.exe.xBAD    a variant of Win32/Adware.MultiPlug.FC application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\{70bc1474-fbc8-69f9-70bc-c1474fbc51d3}\hqghumeaylnlf.exe    a variant of Win32/Adware.SpeedingUpMyPC.Y application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Local\nsoABBE.tmp.xBAD    Win32/AnyProtect.G potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Local\nss2FDF.tmp.xBAD    Win32/AnyProtect.G potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Local\35444335-1436452733-3536-5247-D0BF9C8E3DC6\onsx5F01.tmp    Win32/Adware.ConvertAd.TT application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Local\35444335-1436452733-3536-5247-D0BF9C8E3DC6\rnsx5F00.exe    a variant of Win32/Adware.ConvertAd.UN application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Local\35444335-1436452733-3536-5247-D0BF9C8E3DC6\snsx5EFF.tmp    Win32/Adware.ConvertAd.UC application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Local\SmartWeb\__u.exe    a variant of Win32/PriceGong.C potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\9jnSQTpF3k.exe.xBAD    a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\pQKgsIpLyFSTegD3Mri27.exe.xBAD    a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\S9FcFJhAGbXtlX1Sf5D6c.exe.xBAD    a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\YiNSjCcSp6TnPjB7.exe.xBAD    a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\hnspDBEE.tmp    Win32/Adware.ConvertAd.TW application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\jnslC660.tmp    a variant of Win32/Adware.ConvertAd.TN application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\knsqD87.tmp    a variant of Win32/Adware.ConvertAd.IE application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\rnssB025.exe    a variant of Win32/Adware.ConvertAd.UN application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\35444335-1436470548-3536-5247-D0BF9C8E3DC6\vnsm8A50.tmp    a variant of Win32/Adware.ConvertAd.IE application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\35444335-1436470767-3536-5247-D0BF9C8E3DC6\vnsxDDC6.tmp    a variant of Win32/Adware.ConvertAd.IE application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\AnyProtectEx\swf\swfMc.swf    Win32/AnyProtect.H potentially unwanted application    deleted - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\ASPackage\ASPackage.exe    a variant of Win32/Adware.ConvertAd.IE application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\AppData\Roaming\Mozilla\Firefox\Profiles\qu0t2cg3.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF}\content\overlay.js    JS/ShopperPro.A potentially unwanted application    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Kim Mortensen\Downloads\Free%20Screensavers.exe.xBAD    a variant of Win32/TrojanDropper.Addrop.J trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Windows\dvf.exe.xBAD    a variant of Win32/TrojanDownloader.Adcurl.D trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Windows\mdvf.exe.xBAD    Win32/TrojanDownloader.Adcurl.D trojan    cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Windows\SysWOW64\First Verify\afirstsvc.exe    a variant of Win32/AdSuproot.C trojan    cleaned by deleting - quarantined
C:\Users\Kim Mortensen\AppData\Local\Installer\Install_21609\DCytdieamodc_amodc_setup.exe    a variant of Win32/SpeedBit.F potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\1TMOB73D\62793.WindApp.MON001.no[1].exe    Win32/BubbleDock.C potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\1TMOB73D\setup24[1].exe    Win32/Adware.Adpeak.S application    cleaned by deleting - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\1TMOB73D\StormWarnings_Combo_1_3[1].exe    Win32/Verti.O potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\96J3TY98\62852.Selection_Tools.ALT001.no[1].exe    Win32/BubbleDock.C potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\96J3TY98\63100.Bubble_Dock.BBD023.no[1].exe    Win32/BubbleDock.A potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\96J3TY98\downloader.63399[1].exe    Win32/BubbleDock.D potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\96J3TY98\Setup[1].exe    a variant of Win32/GigaClicks.AU potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\96J3TY98\StormWarningsSetup[1].exe    Win32/Verti.L potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\NRA2SQV8\Install_BubbleDock[1].exe    Win32/BubbleDock.A potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Microsoft\Windows\INetCache\IE\QYTFS7H5\Setup[1].exe    a variant of Win32/GigaClicks.AU potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Temp\tu17p84.exe    a variant of Win32/SpeedBit.F potentially unwanted application    deleted - quarantined
C:\Users\Kim Mortensen\AppData\Local\Temp\Install_26349\ins_ytd.exe    a variant of Win32/SpeedBit.D potentially unwanted application    cleaned by deleting - quarantined



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 16 July 2015 - 01:56 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 July 2015 - 12:29 PM

Thanks a bunch!

 

Herre is the AdwCleaner log:

 

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 12:06:00
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Kim Mortensen - KIMM-LAPTOP
# Running from : C:\Users\Kim Mortensen\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:56457;hxxps=127.0.0.1:56457
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


*************************

AdwCleaner[R0].txt - [10103 bytes] - [15/07/2015 14:27:46]
AdwCleaner[R1].txt - [1468 bytes] - [16/07/2015 11:48:18]
AdwCleaner[S0].txt - [9777 bytes] - [15/07/2015 14:28:31]
AdwCleaner[S1].txt - [1173 bytes] - [16/07/2015 12:06:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1232  bytes] ##########

 

 

Here is the JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.0 (07.15.2015:1)
OS: Windows 8.1 x64
Ran by Kim Mortensen on Thu 07/16/2015 at 12:23:37.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\TDKVXKLRK1
Successfully deleted: [Task] C:\Windows\system32\tasks\YLYQNSRQFXAIWGPX
Successfully deleted: [Task] C:\Windows\tasks\TDKVXKLRK1.job



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files

Failed to delete: [File] C:\Windows\syswow64\number of results



~~~ Folders

Successfully deleted: [Folder] C:\Users\Kim Mortensen\appdata\local\installer
Successfully deleted: [Folder] C:\Users\Kim Mortensen\appdata\locallow\company
Successfully deleted: [Folder] C:\ProgramData\28341ff220e0446c9fff27c4493d622e
Successfully deleted: [Folder] C:\ProgramData\Service1291





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/16/2015 at 12:26:44.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 July 2015 - 12:35 PM

Here is the Checkup.txt log:

 

 Results of screen317's Security Check version 1.005  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 17 July 2015 - 04:07 AM

Are any problems left now or may I post the final reply? :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 84xads

84xads
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 17 July 2015 - 09:04 AM

All problems are solved - thanks again for all your help!!! :thumbup2:



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 17 July 2015 - 09:10 AM

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:02 PM

Posted 04 August 2015 - 02:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users