Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacks --AdPunisher. Possibly more...


  • This topic is locked This topic is locked
6 replies to this topic

#1 racer155

racer155

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 14 July 2015 - 05:39 PM

 

My wifes system has been hijacked. She now recieves constant ads (AdPunisher). I'm also seeing a variety of other highly suspicious entries in the log files. Any help in clearing out her system is greatly appreciated!

 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 racer155

racer155
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 14 July 2015 - 05:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by annazus (administrator) on ANNAZUS-PC on 14-07-2015 14:30:26
Running from C:\Users\annazus\Downloads
Loaded Profiles: annazus & UpdatusUser (Available Profiles: annazus & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\mozilla firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86) Microsoft Officearrow-10x10.png\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [437584 2010-04-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-04-29] (Adobe Systems Inc.)
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\annazus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\MountPoints2: G - G:\SETUP.EXE
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\MountPoints2: {06e5ac21-f21b-11e3-8c61-c86000ee7976} - I:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\MountPoints2: {bce56349-5d9b-11e2-8888-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\MountPoints2: {bd6dadb3-798c-11e2-a454-c86000ee7976} - J:\MotoCastSetup.exe -a
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\MountPoints2: {de4ae7ad-366e-11e3-9bf6-9f63d937a8d8} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~3\INTELI~1\INTELI~2.DLL => C:\ProgramData\InteliWeb\InteliWeb_x64.dll [4274176 2014-02-12] ()
AppInit_DLLs-x32: c:\progra~2\ss-hel~1\psupport.dll => c:\Program Files (x86)\Ss-Helper\psupport.dll [857600 2013-10-06] ()
AppInit_DLLs-x32:  c:\progra~3\inteli~1\inteli~1.dll => c:\ProgramData\InteliWeb\InteliWeb.dll [4291584 2014-02-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk [2013-01-25]
ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\annazus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk [2013-01-12]
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=http%3A%2F%2Fwebsearch.calcitapp.info%2F&OSP=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIESR02
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> {7A247CD3-A766-4875-9BCA-12A7C9606E2C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN29551309953648164&UM=2
Toolbar: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> No Name - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{67A0CFD4-275D-485D-850B-983C381DD529}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{70D50997-787C-4043-814B-378D103D3176}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7C25AF58-FC81-4399-92C6-841CBC3A25BF}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-06-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2392090387-3467950860-2885984939-1000: @citrixonline.com/appdetectorplugin -> C:\Users\annazus\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-12] (Citrix Online)
FF Extension: AdPunisher - C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708\Extensions\ruyraoavtsyzenejgx@_d_ikp_gkxntutfm.edu [2015-07-14]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-01-22]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-22]
CHR Extension: (Google Docs) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-22]
CHR Extension: (Google Drive) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (YouTube) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-22]
CHR Extension: (Google Search) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-22]
CHR Extension: (Better  Tasks) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\denjcdefjebbmlihdoojnebochnkgcin [2015-06-26]
CHR Extension: (Google Sheets) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-22]
CHR Extension: (Connect DLC 5) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2015-06-22]
CHR Extension: (Google Wallet) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Gmail) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-22]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\annazus\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Servicearrow-10x10.png; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 c8d49171; c:\ProgramData\InteliWeb\InteliWebSvc.dll [180048 2014-02-12] () [File not signed]
R2 Disgusted Injury; C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe [8016377 2015-06-15] () [File not signed] <==== ATTENTION
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [304464 2010-04-29] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-09-20] (Nero AG)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24664 2010-04-29] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 14:30 - 2015-07-14 14:30 - 02133504 _____ (Farbar) C:\Users\annazus\Downloads\FRST64.exe
2015-07-14 14:30 - 2015-07-14 14:30 - 00021839 _____ C:\Users\annazus\Downloads\FRST.txt
2015-07-14 14:30 - 2015-07-14 14:30 - 00000000 ____D C:\FRST
2015-07-14 10:01 - 2015-07-14 10:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-06 17:50 - 2015-07-06 17:57 - 00028094 _____ C:\Users\annazus\Desktop\Daycare Comps.xlsx
2015-06-27 14:31 - 2015-06-27 14:31 - 09497069 _____ C:\Users\annazus\Downloads\attachments(1).zip
2015-06-27 14:31 - 2015-06-27 14:31 - 07433955 _____ C:\Users\annazus\Downloads\attachments.zip
2015-06-27 14:30 - 2015-06-27 14:30 - 05169961 _____ C:\Users\annazus\Downloads\lastclassphotosgroup.zip
2015-06-27 14:29 - 2015-06-27 14:29 - 05695958 _____ C:\Users\annazus\Downloads\lastclassphotosladiesonly.zip
2015-06-26 17:35 - 2015-07-06 17:45 - 00000000 ____D C:\Users\annazus\Desktop\Old Firefox Data
2015-06-26 17:31 - 2015-07-12 20:12 - 00000024 _____ C:\Users\annazus\AppData\Roaming\appdataFr25.bin
2015-06-26 15:42 - 2015-07-05 02:22 - 00000000 ____D C:\Program Files (x86)\Isauveer
2015-06-26 15:22 - 2015-07-05 02:22 - 00000000 ____D C:\Program Files (x86)\Isaveer
2015-06-26 15:22 - 2015-06-26 15:22 - 00000000 ____D C:\Program Files (x86)\Iseaver
2015-06-22 07:03 - 2015-06-22 07:03 - 00000020 _____ C:\Users\annazus\AppData\Roaming\appdataFr2.bin
2015-06-22 07:02 - 2015-06-22 07:02 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 07:02 - 2015-06-22 07:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-15 10:47 - 2015-06-15 10:47 - 00000000 ____D C:\Program Files (x86)\Disgusted Injury
2015-06-15 02:27 - 2015-07-05 02:22 - 00000000 ____D C:\Program Files (x86)\GreatSSAVe4U
2015-06-15 02:27 - 2015-07-05 02:22 - 00000000 ____D C:\Program Files (x86)\GreaattSave4iU
2015-06-15 02:27 - 2015-06-15 02:27 - 00000000 ____D C:\Program Files (x86)\GreatSAve4U
2015-06-15 02:26 - 2015-06-15 02:26 - 00000000 ____D C:\Program Files (x86)\Tab for a Cause
2015-06-14 18:27 - 2015-06-15 02:27 - 00000000 ____D C:\Program Files (x86)\EuxstrASAvingis
2015-06-14 18:26 - 2015-06-15 02:27 - 00000000 ____D C:\Program Files (x86)\ExxstraSavIngS
2015-06-14 18:26 - 2015-06-14 18:26 - 00000000 ____D C:\Program Files (x86)\EEXsTraSaviNgs
2015-06-14 18:26 - 2015-06-14 18:26 - 00000000 ____D C:\Program Files (x86)\BuiltWith Technology Profiler

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 14:13 - 2013-02-09 08:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Playerarrow-10x10.png Updater.job
2015-07-14 13:46 - 2015-02-12 07:51 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2392090387-3467950860-2885984939-1000.job
2015-07-14 13:20 - 2013-01-12 21:15 - 01999027 _____ C:\Windows\WindowsUpdate.log
2015-07-14 13:05 - 2015-05-30 08:16 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2392090387-3467950860-2885984939-1000.job
2015-07-14 10:46 - 2009-07-13 21:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-14 10:46 - 2009-07-13 21:45 - 00029120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-14 10:04 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 10:02 - 2013-02-25 07:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 10:00 - 2014-12-08 20:41 - 00033568 _____ C:\Windows\PFRO.log
2015-07-14 10:00 - 2014-12-08 20:41 - 00003868 _____ C:\Windows\setupact.log
2015-07-14 10:00 - 2013-01-12 21:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-14 10:00 - 2013-01-12 21:47 - 00000000 ____D C:\temp
2015-07-14 10:00 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 07:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2015-07-11 07:26 - 2015-05-30 08:16 - 00003704 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2392090387-3467950860-2885984939-1000
2015-07-11 07:26 - 2015-02-12 07:51 - 00003608 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2392090387-3467950860-2885984939-1000
2015-07-08 15:13 - 2013-02-09 08:37 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-08 15:13 - 2013-02-09 08:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 15:13 - 2013-02-09 08:37 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Playerarrow-10x10.png Updater
2015-07-06 18:24 - 2014-12-06 14:09 - 00000000 ____D C:\Users\annazus\Desktop\pregnancy
2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-26 15:42 - 2015-02-12 08:08 - 00000000 ____D C:\ProgramData\13546437436263916294UL
2015-06-26 15:22 - 2015-02-02 14:21 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-06-22 07:03 - 2013-01-12 21:16 - 00002226 _____ C:\Users\annazus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-22 07:02 - 2013-09-12 11:38 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-18 08:06 - 2013-02-13 20:47 - 00001456 _____ C:\Users\annazus\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-06-15 13:05 - 2013-01-22 07:14 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-06-15 13:05 - 2013-01-22 07:14 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2015-06-15 13:05 - 2013-01-22 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-06-14 18:26 - 2015-04-13 05:53 - 00000000 ____D C:\Program Files (x86)\RanndomPrice
2015-06-14 18:26 - 2015-04-13 05:53 - 00000000 ____D C:\Program Files (x86)\BeestSaveeForYYou

==================== Files in the root of some directories =======

2013-11-19 21:25 - 2013-11-19 21:25 - 0001967 _____ () C:\Program Files\nsprotector.js
2015-02-02 14:21 - 2015-06-26 15:22 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2013-06-02 16:57 - 2013-06-02 16:57 - 0000132 _____ () C:\Users\annazus\AppData\Roaming\Adobe AIFF Format CS6 Prefs
2013-04-01 19:15 - 2013-04-08 19:22 - 0000132 _____ () C:\Users\annazus\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-04-01 19:10 - 2014-12-24 14:02 - 0000132 _____ () C:\Users\annazus\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-06-22 07:03 - 2015-06-22 07:03 - 0000020 _____ () C:\Users\annazus\AppData\Roaming\appdataFr2.bin
2015-06-26 17:31 - 2015-07-12 20:12 - 0000024 _____ () C:\Users\annazus\AppData\Roaming\appdataFr25.bin
2013-02-13 20:47 - 2015-06-18 08:06 - 0001456 _____ () C:\Users\annazus\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-10 20:59 - 2013-11-10 20:59 - 0003584 _____ () C:\Users\annazus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\annazus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprl0ktu.dll
C:\Users\annazus\AppData\Local\Temp\Runner.exe
C:\Users\annazus\AppData\Local\Temp\setacl.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 00:29

==================== End of log ============================

 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by annazus at 2015-07-14 14:31:05
Running from C:\Users\annazus\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2392090387-3467950860-2885984939-500 - Administrator - Disabled)
annazus (S-1-5-21-2392090387-3467950860-2885984939-1000 - Administrator - Enabled) => C:\Users\annazus
Guest (S-1-5-21-2392090387-3467950860-2885984939-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2392090387-3467950860-2885984939-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2392090387-3467950860-2885984939-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentialsarrow-10x10.png (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defenderarrow-10x10.png (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.14 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Amazon Cloud Player (HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Amazon Amazon Cloud Player) (Version: 1.0.3.316 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Badoo Notifications Extension (HKLM-x32\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version:  - "") <==== ATTENTION
BeestSaveeForYYou (HKLM-x32\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version:  - "") <==== ATTENTION
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
CCheapMe (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version:  - "") <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Connect DLC 5 Toolbar for IE (HKLM-x32\...\IECT3306061) (Version: 6.17.2.8 - Connect DLC 5)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
EuxstrASAvingis (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version:  - "") <==== ATTENTION
Google Chrome (HKLM-x32\...\{6A21C1E8-DAC1-3C18-BCDC-2DBB4B352AD8}) (Version: 66.77.16508 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 7.2.3.3019 (HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\GoToMeeting) (Version: 7.2.3.3019 - CitrixOnline)
GreaattSave4iU (HKLM-x32\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version:  - "") <==== ATTENTION
Happy2Save (HKLM-x32\...\{E957849A-94AC-6F46-4623-C31474E3C170}) (Version:  - "") <==== ATTENTION
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Imagenomic Portraiture 2.2.1 Lightroom Plug-in (build 2210) (HKLM\...\ImagenomicPortraitureLightroomPlugin) (Version:  - )
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
InteliWeb (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c8d49171}) (Version:  - BullPoint) <==== ATTENTION
Isauveer (HKLM-x32\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version:  - "") <==== ATTENTION
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{B944FA21-81AF-4A77-8328-CE4F4CC51033}) (Version: 8.10.21 - Nero AG)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 1.03.000 - NETGEAR)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version:  - )
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RandomPRiceo (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version:  - "") <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
RoboeSoaver (HKLM-x32\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version:  - "") <==== ATTENTION
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.2 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
The AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - The AdBlocker) <==== ATTENTION
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
W3Schools Hider (HKLM-x32\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version:  - "") <==== ATTENTION
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\annazus\AppData\Local\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\annazus\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\annazus\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\annazus\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\annazus\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\annazus\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

14-07-2015 10:41:22 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04A0BEC8-D820-475F-9249-DF76BC1BC7EC} - System32\Tasks\{2D49F206-02F3-4326-AC05-00FFEBD63FD7} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe [2015-04-29] (Adobe Systems Incorporated)
Task: {04F3BA5E-81DE-4C3F-9C03-43B3D258BAEA} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {0F811D77-C784-437B-B641-4768BD3407E5} - System32\Tasks\{DEAFEA77-F72C-49CC-90FC-4021D2615C2B} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe [2015-04-29] (Adobe Systems Incorporated)
Task: {34114151-C941-4C67-9707-0DAEA5EC03AE} - System32\Tasks\G2MUpdateTask-S-1-5-21-2392090387-3467950860-2885984939-1000 => C:\Users\annazus\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe [2015-07-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {76CCE59B-006B-462E-8485-BC1265274CD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {792EDD50-A287-4B40-BF79-F635B0936A08} - System32\Tasks\G2MUploadTask-S-1-5-21-2392090387-3467950860-2885984939-1000 => C:\Users\annazus\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe [2015-07-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A648BCF6-46C1-4B9B-8ED5-26A98F2E66C5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {A82C1ADD-8B20-4CC9-A12E-1BB3E73CF4D8} - System32\Tasks\{30CE23CA-C9F3-47D3-AF9D-C7E8FFD9BD30} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe [2015-04-29] (Adobe Systems Incorporated)
Task: {B7C4ACF2-D10C-4AFB-86D4-29E79A06DFD0} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {BE76E105-F6E9-4A33-AFA3-25C70B6BFAC5} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D802A5B4-9F69-454A-AE41-AF3607D1E182} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-08] (Adobe Systems Incorporated)
Task: {E66F6833-3081-4F2F-80D3-1D2306D29944} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {EB11F203-F2DA-4EA5-BD1C-610AC1C76A92} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\annazus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2392090387-3467950860-2885984939-1000.job => C:\Users\annazus\AppData\Local\Citrix\GoToMeeting\3019\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2392090387-3467950860-2885984939-1000.job => C:\Users\annazus\AppData\Local\Citrix\GoToMeeting\3019\g2mupload.exe

==================== Loaded Modules (Whitelisted) ==============

2013-01-12 21:48 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-12 07:16 - 2014-02-12 07:16 - 04274176 _____ () C:\ProgramData\InteliWeb\InteliWeb_x64.dll
2015-06-15 10:47 - 2015-06-15 10:47 - 08016377 _____ () C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe
2013-01-25 19:03 - 2010-08-27 10:32 - 04577760 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2013-01-25 19:03 - 2010-08-19 16:25 - 00272864 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2013-10-06 06:27 - 2013-10-06 06:27 - 00857600 _____ () c:\Program Files (x86)\Ss-Helper\psupport.dll
2014-02-12 07:16 - 2014-02-12 07:16 - 04291584 _____ () c:\ProgramData\InteliWeb\InteliWeb.dll
2014-02-12 07:16 - 2014-02-12 07:16 - 00180048 _____ () c:\ProgramData\InteliWeb\InteliWebSvc.dll
2013-01-25 19:03 - 2010-07-08 12:24 - 00258048 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
2013-10-31 08:05 - 2013-10-31 08:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-01-25 19:03 - 2010-07-29 21:41 - 00323584 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-10-16 03:39 - 2014-10-16 03:39 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2013-01-12 21:35 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-01-12 21:26 - 2012-02-07 18:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\annazus\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\annazus\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple Internet Servicesarrow-10x10.png\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SpUninstallCleanUp => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5AC480BD-45D7-47EB-B89D-A6D58E9D6C79}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{352D257D-CC4C-4F1A-B78B-72A6E396739B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D9FDDC1B-9CAE-4DA3-B7DD-9B70A7F8F32E}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{29EEAE60-29D3-4D9D-ABE5-0AC2AFA7896F}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{4EEEDBF8-484A-47AA-B5FC-D0C8F105A496}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{5B663F82-2846-4000-BD7A-1106CD941F08}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{2DE56B97-C4A9-4CE0-B701-DC2C6F26271E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{F8E9E83F-49AC-4CE1-89E3-C3DE8BC3195D}] => (Allow) C:\Users\annazus\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E59519C5-8FA1-48DC-A185-951E5EE9B07B}] => (Allow) C:\Users\annazus\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{0B59AEDE-FC28-40D7-8702-573B51D39A9C}C:\users\annazus\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\annazus\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{217035A3-B7DC-4648-884A-E419DC18FBE8}C:\users\annazus\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\annazus\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9CCD6B68-CC0C-4925-945C-33DAD336534D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CF2C5E7C-6DD6-46D1-92B9-004A755CED9E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{63211FBA-DFE6-481F-BF27-2A3B225A625F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC60BFDA-AAB9-44AF-B6BD-B0A6835E9096}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{988FE179-B925-49A5-B9E6-D33B8DD175A3}] => (Allow) C:\Users\annazus\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{254D3646-BA2E-4B2A-B0BC-274FFB6896EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2FD552BF-8795-48E0-A3C8-C84F901204CF}] => (Allow) LPort=2869
FirewallRules: [{78060F56-B587-4F76-969A-9B4DEC453BF8}] => (Allow) LPort=1900
FirewallRules: [{0D222FD8-4648-4DE2-BF4D-A3835B78AE27}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{405F7737-0CB9-4370-BDA7-572E880B636D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{352F2DD5-91FC-45AB-B8FA-32931FEAADC6}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{A8F807A7-CDF6-4B48-A381-E4A6C194B869}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [TCP Query User{F2764A56-C649-4E29-9551-CFB36A98BBB2}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{E4EED67F-521C-499E-8E7F-20F9E1685064}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{0B8D4A4F-E3FA-4988-8742-54612E0B597F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{59846E21-8916-480E-A973-72FDFFAC4767}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{E0A0B055-0704-4100-B8D1-C8A7E45EC95F}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{63D21AC0-9274-422B-8A6D-293D2759D501}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [{D16AF13A-3DA2-46BE-A56D-039E1B980165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A798A053-0055-4301-A97D-3279C34B60D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{7E1A2A1B-B485-4712-BCAF-DB1B059F1E82}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8488D0FF-DC10-48A1-B1B6-C5527E41317F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1C80856B-A6EE-4B64-90B3-6A044DCBDB66}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FBA70BAB-1137-4F94-9A2B-ABAB395844C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2015 10:01:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 07:08:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x0000000000043237
Faulting process id: 0x67d0
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:07:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x6258
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:07:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x5948
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:07:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x4088
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:07:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x5dd0
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:07:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x550c
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:06:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x4844
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:06:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x3df8
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (06/28/2015 07:06:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.5.5.4151, time stamp: 0x53ad7b88
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2
Exception code: 0xc0000374
Fault offset: 0x00000000000bfc22
Faulting process id: 0x2cb4
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3


System errors:
=============
Error: (07/14/2015 10:43:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TrustedInstaller service failed to start due to the following error:
%%2

Error: (07/14/2015 10:43:05 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 2TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/14/2015 10:02:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/14/2015 10:00:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:06:39 AM on ‎7/‎14/‎2015 was unexpected.

Error: (07/14/2015 01:14:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (07/11/2015 12:43:16 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/28/2015 05:07:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/28/2015 07:09:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (06/28/2015 07:08:56 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (06/28/2015 07:08:53 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056


Microsoft Office:
=========================
Error: (07/14/2015 10:01:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2015 07:08:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ole32.dll6.1.7601.175144ce7c92cc0000005000000000004323767d001d0b1abd560d3deC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\system32\ole32.dll20a4a259-1d9f-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:07:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc22625801d0b1abd401dafaC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dll12a8debe-1d9f-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:07:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc22594801d0b1abd01046b2C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dll0ed86782-1d9f-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:07:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc22408801d0b1abc1e6bbacC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dll0d2a6316-1d9f-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:07:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc225dd001d0b1abc08aa903C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dllff52f0e4-1d9e-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:07:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc22550c01d0b1abb058c33eC:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dllfb9da32d-1d9e-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:06:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc22484401d0b1abaeff6fc0C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dlledd60fb6-1d9e-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:06:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc223df801d0b1abada61c42C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dllec477aa0-1d9e-11e5-9bfa-c86000ee7976

Error: (06/28/2015 07:06:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: carboniteservice.exe5.5.5.415153ad7b88ntdll.dll6.1.7601.18869556366f2c000037400000000000bfc222cb401d0b1abac510e93C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeC:\Windows\SYSTEM32\ntdll.dlleb1e3886-1d9e-11e5-9bfa-c86000ee7976


==================== Memory info ===========================

Processor: Intel® Core™ i5-3350P CPU @ 3.10GHz
Percentage of memory in use: 17%
Total physical RAM: 16333.85 MB
Available physical RAM: 13537.14 MB
Total Virtual: 32665.91 MB
Available Virtual: 29816.24 MB

==================== Drives ================================

Drive c: (System Drive) (Fixed) (Total:232.79 GB) (Free:28 GB) NTFS
Drive e: (2TB_Storage) (Fixed) (Total:1862.89 GB) (Free:1316.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: D088D84F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================

 
 
 


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 16 July 2015 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold using the Add/Remove Programs applet.

Badoo Notifications Extension (HKLM-x32\...\{F5853CDF-2C63-6D1D-B286-CBB1CD5DFD62}) (Version: - "") <==== ATTENTION
BeestSaveeForYYou (HKLM-x32\...\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}) (Version: - "") <==== ATTENTION
CCheapMe (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION
EuxstrASAvingis (HKLM-x32\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version: - "") <==== ATTENTION
GreaattSave4iU (HKLM-x32\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version: - "") <==== ATTENTION
Happy2Save (HKLM-x32\...\{E957849A-94AC-6F46-4623-C31474E3C170}) (Version: - "") <==== ATTENTION
InteliWeb (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{c8d49171}) (Version: - BullPoint) <==== ATTENTION
Isauveer (HKLM-x32\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version: - "") <==== ATTENTION
RandomPRiceo (HKLM-x32\...\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}) (Version: - "") <==== ATTENTION
RoboeSoaver (HKLM-x32\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version: - "") <==== ATTENTION
The AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - The AdBlocker) <==== ATTENTION

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\annazus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~3\INTELI~1\INTELI~2.DLL => C:\ProgramData\InteliWeb\InteliWeb_x64.dll [4274176 2014-02-12] ()
AppInit_DLLs-x32: c:\progra~2\ss-hel~1\psupport.dll => c:\Program Files (x86)\Ss-Helper\psupport.dll [857600 2013-10-06] ()
AppInit_DLLs-x32:  c:\progra~3\inteli~1\inteli~1.dll => c:\ProgramData\InteliWeb\InteliWeb.dll [4291584 2014-02-12] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> {7A247CD3-A766-4875-9BCA-12A7C9606E2C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN29551309953648164&UM=2
Toolbar: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> No Name - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: AdPunisher - C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708\Extensions\ruyraoavtsyzenejgx@_d_ikp_gkxntutfm.edu [2015-07-14]
CHR Extension: (Connect DLC 5) - C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2015-06-22]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\annazus\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-19]
R2 c8d49171; c:\ProgramData\InteliWeb\InteliWebSvc.dll [180048 2014-02-12] () [File not signed]
R2 Disgusted Injury; C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe [8016377 2015-06-15] () [File not signed] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
C:\Program Files (x86)\Disgusted Injury
C:\ProgramData\InteliWeb
c:\Program Files (x86)\Ss-Helper
C:\Program Files (x86)\Connect_DLC_5
C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708\Extensions\ruyraoavtsyzenejgx@_d_ikp_gkxntutfm.edu
C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
C:\Users\annazus\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>


How is the computer running now?

#4 racer155

racer155
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 July 2015 - 12:19 PM

Thank you nasdaq.

 

All steps completed. Logs will appear in following messages.

Also ran AdwCleaner one last time (curious if anything else would appear) and only see a registry entry that is a little suspicious. This log is also attached.

 

Chrome was not reinstalled after removal.

 

So far the system appears to be functioning correctly though a bit more extensive use will be needed to determine if all is well.


Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by annazus at 2015-07-16 09:44:12 Run:1
Running from C:\Users\annazus\Downloads
Loaded Profiles: annazus & UpdatusUser (Available Profiles: annazus & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\annazus\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <=====
ATTENTION
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~3\INTELI~1\INTELI~2.DLL => C:\ProgramData\InteliWeb\InteliWeb_x64.dll [4274176 2014-02-12] ()
AppInit_DLLs-x32: c:\progra~2\ss-hel~1\psupport.dll => c:\Program Files (x86)\Ss-Helper\psupport.dll [857600 2013-10-06] ()
AppInit_DLLs-x32:  c:\progra~3\inteli~1\inteli~1.dll => c:\ProgramData\InteliWeb\InteliWeb.dll [4291584 2014-02-12] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes:
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> {7A247CD3-A766-4875-9BCA-12A7C9606E2C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN29551309953648164&UM=2
Toolbar: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> No Name - {D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: AdPunisher - C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708\Extensions\ruyraoavtsyzenejgx@_d_ikp_gkxntutfm.edu [2015-07-14]
CHR Extension: (Connect DLC 5)
- C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2015-06-22]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\annazus\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-19]
R2 c8d49171; c:\ProgramData\InteliWeb\InteliWebSvc.dll [180048 2014-02-12] () [File not signed]
R2 Disgusted Injury; C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe [8016377 2015-06-15] () [File not signed] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
C:\Program Files (x86)\Disgusted Injury
C:\ProgramData\InteliWeb
c:\Program Files (x86)\Ss-Helper
C:\Program Files
(x86)\Connect_DLC_5
C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708\Extensions\ruyraoavtsyzenejgx@_d_ikp_gkxntutfm.edu
C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
C:\Users\annazus\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Disgusted Injury\Disgusted Injury.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => value removed successfully
ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
"C:\PROGRA~3\INTELI~1\INTELI~2.DLL" => value data not found.
"c:\progra~2\ss-hel~1\psupport.dll" => value data removed successfully.
" c:\progra~3\inteli~1\inteli~1.dll" => value data not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => value removed successfully
"HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}" => key removed successfully
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
SearchScopes: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A247CD3-A766-4875-9BCA-12A7C9606E2C}" => key removed successfully
HKCR\CLSID\{7A247CD3-A766-4875-9BCA-12A7C9606E2C} => key not found.
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
HKU\S-1-5-21-2392090387-3467950860-2885984939-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} => value removed successfully
HKCR\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708\Extensions\ruyraoavtsyzenejgx@_d_ikp_gkxntutfm.edu => moved successfully.
CHR Extension: (Connect DLC 5) folder not found
- C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2015-06-22] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil" => key removed successfully
C:\Users\annazus\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx => moved successfully.
c8d49171 => Service not found.
Disgusted Injury => Service removed successfully
gupdate => Service removed successfully
gupdatem => Service removed successfully
TrustedInstaller => Service removed successfully
C:\Program Files (x86)\Disgusted Injury => moved successfully.
"C:\ProgramData\InteliWeb" => File/Folder not found.
c:\Program Files (x86)\Ss-Helper => moved successfully.
"C:\Program Files" => Warning: FRST is scripted not to move this directory.
(x86)\Connect_DLC_5 => Error: No automatic fix found for this entry.
"C:\Users\annazus\AppData\Roaming\Mozilla\Firefox\Profiles\mnb5cnvd.default-1436229910708\Extensions\ruyraoavtsyzenejgx@_d_ikp_gkxntutfm.edu" => File/Folder not found.
C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil => moved successfully.
"C:\Users\annazus\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx" => File/Folder not found.
EmptyTemp: => 9.1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 09:44:43 ====


# AdwCleaner v4.208 - Logfile created 16/07/2015 at 09:50:06
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : annazus - ANNAZUS-PC
# Running from : C:\Users\annazus\Downloads\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Found : C:\Program Files (x86)\prefs.js
File Found : C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\denjcdefjebbmlihdoojnebochnkgcin
File Found : C:\Users\annazus\AppData\Roaming\Adobe AIFF Format CS6 Prefs
Folder Found : C:\Program Files (x86)\ALlSavuer
Folder Found : C:\Program Files (x86)\AlolCheaapPrIcce
Folder Found : C:\Program Files (x86)\AlolCheaapPrIcce
Folder Found : C:\Program Files (x86)\BeestSaveeForYYou
Folder Found : C:\Program Files (x86)\BittSavuer
Folder Found : C:\Program Files (x86)\BoestSaveeForYou
Folder Found : C:\Program Files (x86)\BoestSaveeForYou
Folder Found : C:\Program Files (x86)\CheapMe
Folder Found : C:\Program Files (x86)\CHeapMe
Folder Found : C:\Program Files (x86)\CHHeaapMe
Folder Found : C:\Program Files (x86)\ClickIT
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Connect_DLC_5
Folder Found : C:\Program Files (x86)\EEXsTraSaviNgs
Folder Found : C:\Program Files (x86)\EuxstrASAvingis
Folder Found : C:\Program Files (x86)\ExsetraCoupOn
Folder Found : C:\Program Files (x86)\ExstoraSavings
Folder Found : C:\Program Files (x86)\ExStraaSSavIngs
Folder Found : C:\Program Files (x86)\ExstraCoupoeni
Folder Found : C:\Program Files (x86)\ExxstraSavIngS
Folder Found : C:\Program Files (x86)\FaiNddBeSTDDeal
Folder Found : C:\Program Files (x86)\FaiNddBeSTDDeal
Folder Found : C:\Program Files (x86)\Fun2SAvee
Folder Found : C:\Program Files (x86)\GreatSave4U
Folder Found : C:\Program Files (x86)\GreatSAve4U
Folder Found : C:\Program Files (x86)\GreatSSAVe4U
Folder Found : C:\Program Files (x86)\Instair Speed Dial
Folder Found : C:\Program Files (x86)\Isaveer
Folder Found : C:\Program Files (x86)\Iseaver
Folder Found : C:\Program Files (x86)\JoNiCCoupon
Folder Found : C:\Program Files (x86)\JOniCoupon
Folder Found : C:\Program Files (x86)\NetOCoupon
Folder Found : C:\Program Files (x86)\RanadomePriucE
Folder Found : C:\Program Files (x86)\RanndomPrice
Folder Found : C:\Program Files (x86)\SaverExtEnSSIiOn
Folder Found : C:\Program Files (x86)\shoopppi
Folder Found : C:\Program Files (x86)\TaakETaheCoupooN
Folder Found : C:\Program Files (x86)\TaakETaheCoupooN
Folder Found : C:\Program Files (x86)\taikEoorleoaVe
Folder Found : C:\Program Files (x86)\takeooruleave
Folder Found : C:\Program Files (x86)\TAKeTheeCOupoon
Folder Found : C:\Program Files (x86)\takkeorrlleavee
Folder Found : C:\Program Files (x86)\TTaakieTheeCoupon
Folder Found : C:\ProgramData\AdBlocker Manger
Folder Found : C:\ProgramData\AlolCheaapPrIcce
Folder Found : C:\ProgramData\AlolCheaapPrIcce
Folder Found : C:\ProgramData\bbfe9d1380906306
Folder Found : C:\ProgramData\BoestSaveeForYou
Folder Found : C:\ProgramData\BoestSaveeForYou
Folder Found : C:\ProgramData\CHeapMe
Folder Found : C:\ProgramData\CheapMe
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\FaiNddBeSTDDeal
Folder Found : C:\ProgramData\FaiNddBeSTDDeal
Folder Found : C:\ProgramData\FeunDealss
Folder Found : C:\ProgramData\FindBiestDeal
Folder Found : C:\ProgramData\Happy2Save
Folder Found : C:\ProgramData\Happy2Save
Folder Found : C:\ProgramData\lkjgkpfgcjakdmjpglccoekigbldcpcg
Folder Found : C:\ProgramData\NeWSaveer
Folder Found : C:\ProgramData\ojajgbbdhfdgmmljmaccniaekhjhmeae
Folder Found : C:\ProgramData\TaakETaheCoupooN
Folder Found : C:\ProgramData\TaakETaheCoupooN
Folder Found : C:\ProgramData\The AdBlocker
Folder Found : C:\ProgramData\WinterSoft
Folder Found : C:\Users\annazus\AppData\Local\Conduit
Folder Found : C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\denjcdefjebbmlihdoojnebochnkgcin
Folder Found : C:\Users\annazus\AppData\Local\NativeMessaging
Folder Found : C:\Users\annazus\AppData\LocalLow\Conduit
Folder Found : C:\Users\annazus\AppData\LocalLow\Connect_DLC_5
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Scheduled tasks ] *****

Task Found : BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Found : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{588BD59D-3E28-483B-8484-164D57F40D62}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7D0F8586-7AD5-44A7-BD3D-31E63B3F18D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A336F17E-321F-43FA-9BE6-873BBDFF418E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Connect_DLC_5
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17058445-00D4-45F8-93E9-E4398B9D673F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C248AD3-B621-404A-8670-A3D0893CA1CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3306061
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page] - hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=MSE&Tid=000328B0&OHP=hxxp%3A%2F%2Fwebsearch.calcitapp.info%2F&OSP=hxxp%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3D%7BsearchTerms%7D%26src%3DIE%2DSearchBox%26FORM%3DIESR02

-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.124

[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=685&r=2013/10/23&hid=17956247829966567053&lg=EN&cc=US&unqvl=39
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=685&r=2013/10/23&hid=17956247829966567053&lg=EN&cc=US&unqvl=39
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18325246749333469&ctid=CT3306061&UM=2

*************************

AdwCleaner[R0].txt - [4131 bytes] - [19/11/2013 21:24:22]
AdwCleaner[R1].txt - [11012 bytes] - [16/07/2015 09:50:06]
AdwCleaner[S0].txt - [7025 bytes] - [19/11/2013 21:28:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [11131 bytes] ##########
 


# AdwCleaner v4.208 - Logfile created 16/07/2015 at 09:54:51
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : annazus - ANNAZUS-PC
# Running from : C:\Users\annazus\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Happy2Save
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\The AdBlocker
Folder Deleted : C:\ProgramData\AdBlocker Manger
Folder Deleted : C:\ProgramData\AlolCheaapPrIcce
Folder Deleted : C:\ProgramData\BoestSaveeForYou
Folder Deleted : C:\ProgramData\CHeapMe
Folder Deleted : C:\ProgramData\FaiNddBeSTDDeal
Folder Deleted : C:\ProgramData\TaakETaheCoupooN
Folder Deleted : C:\ProgramData\FeunDealss
Folder Deleted : C:\ProgramData\FindBiestDeal
Folder Deleted : C:\ProgramData\NeWSaveer
Folder Deleted : C:\ProgramData\bbfe9d1380906306
Folder Deleted : C:\Program Files (x86)\ClickIT
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Instair Speed Dial
Folder Deleted : C:\Program Files (x86)\GreatSave4U
Folder Deleted : C:\Program Files (x86)\ALlSavuer
Folder Deleted : C:\Program Files (x86)\AlolCheaapPrIcce
Folder Deleted : C:\Program Files (x86)\BeestSaveeForYYou
Folder Deleted : C:\Program Files (x86)\BittSavuer
Folder Deleted : C:\Program Files (x86)\BoestSaveeForYou
Folder Deleted : C:\Program Files (x86)\CHeapMe
Folder Deleted : C:\Program Files (x86)\CHHeaapMe
Folder Deleted : C:\Program Files (x86)\EEXsTraSaviNgs
Folder Deleted : C:\Program Files (x86)\EuxstrASAvingis
Folder Deleted : C:\Program Files (x86)\ExsetraCoupOn
Folder Deleted : C:\Program Files (x86)\ExstoraSavings
Folder Deleted : C:\Program Files (x86)\ExStraaSSavIngs
Folder Deleted : C:\Program Files (x86)\ExstraCoupoeni
Folder Deleted : C:\Program Files (x86)\ExxstraSavIngS
Folder Deleted : C:\Program Files (x86)\FaiNddBeSTDDeal
Folder Deleted : C:\Program Files (x86)\Fun2SAvee
Folder Deleted : C:\Program Files (x86)\GreatSSAVe4U
Folder Deleted : C:\Program Files (x86)\Isaveer
Folder Deleted : C:\Program Files (x86)\Iseaver
Folder Deleted : C:\Program Files (x86)\JoNiCCoupon
Folder Deleted : C:\Program Files (x86)\JOniCoupon
Folder Deleted : C:\Program Files (x86)\NetOCoupon
Folder Deleted : C:\Program Files (x86)\RanadomePriucE
Folder Deleted : C:\Program Files (x86)\RanndomPrice
Folder Deleted : C:\Program Files (x86)\SaverExtEnSSIiOn
Folder Deleted : C:\Program Files (x86)\shoopppi
Folder Deleted : C:\Program Files (x86)\TaakETaheCoupooN
Folder Deleted : C:\Program Files (x86)\taikEoorleoaVe
Folder Deleted : C:\Program Files (x86)\takeooruleave
Folder Deleted : C:\Program Files (x86)\TAKeTheeCOupoon
Folder Deleted : C:\Program Files (x86)\takkeorrlleavee
Folder Deleted : C:\Program Files (x86)\TTaakieTheeCoupon
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
Folder Deleted : C:\Users\annazus\AppData\Local\Conduit
Folder Deleted : C:\Users\annazus\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\annazus\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\annazus\AppData\LocalLow\Connect_DLC_5
Folder Deleted : C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Extensions\denjcdefjebbmlihdoojnebochnkgcin
Folder Deleted : C:\ProgramData\lkjgkpfgcjakdmjpglccoekigbldcpcg
Folder Deleted : C:\ProgramData\ojajgbbdhfdgmmljmaccniaekhjhmeae
File Deleted : C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\denjcdefjebbmlihdoojnebochnkgcin
File Deleted : C:\Program Files (x86)\mozilla firefox\dbghelp.dll
File Deleted : C:\Program Files (x86)\prefs.js
[x] Not Deleted : C:\Users\annazus\AppData\Roaming\Adobe AIFF Format CS6 Prefs

***** [ Scheduled tasks ] *****

Task Deleted : BackgroundContainer Startup Task

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3306061
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{588BD59D-3E28-483B-8484-164D57F40D62}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D0F8586-7AD5-44A7-BD3D-31E63B3F18D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A336F17E-321F-43FA-9BE6-873BBDFF418E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D553067B-6F4E-4F58-BF46-7ACDBBC50332}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17058445-00D4-45F8-93E9-E4398B9D673F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2C248AD3-B621-404A-8670-A3D0893CA1CD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Connect_DLC_5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.124

[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=685&r=2013/10/23&hid=17956247829966567053&lg=EN&cc=US&unqvl=39
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=685&r=2013/10/23&hid=17956247829966567053&lg=EN&cc=US&unqvl=39
[C:\Users\annazus\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN18325246749333469&ctid=CT3306061&UM=2

*************************

AdwCleaner[R0].txt - [4131 bytes] - [19/11/2013 21:24:22]
AdwCleaner[R1].txt - [11247 bytes] - [16/07/2015 09:50:06]
AdwCleaner[S0].txt - [7025 bytes] - [19/11/2013 21:28:39]
AdwCleaner[S1].txt - [10380 bytes] - [16/07/2015 09:54:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10440  bytes] ##########
 



#5 racer155

racer155
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 July 2015 - 12:20 PM

# AdwCleaner v4.208 - Logfile created 16/07/2015 at 10:12:10
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : annazus - ANNAZUS-PC
# Running from : C:\Users\annazus\Downloads\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\annazus\AppData\Roaming\Adobe AIFF Format CS6 Prefs

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - ;192.168.*.*

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4131 bytes] - [19/11/2013 21:24:22]
AdwCleaner[R1].txt - [11247 bytes] - [16/07/2015 09:50:06]
AdwCleaner[R2].txt - [958 bytes] - [16/07/2015 10:12:10]
AdwCleaner[S0].txt - [7025 bytes] - [19/11/2013 21:28:39]
AdwCleaner[S1].txt - [10553 bytes] - [16/07/2015 09:54:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1135 bytes] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 16 July 2015 - 12:57 PM

The last AdwCleaner log is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 22 July 2015 - 07:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users