Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Cloudflare Ends CAPTCHAs for TOR Users While Blocking Bad Actors

Featured Deal: Get 95% off The Ultimate MCSE Certification Training Bundle

Photo

Lots of viruses.. computer running slow

Started by chaldo , Nov 24 2015 10:53 PM

  • This topic is locked This topic is locked
5 replies to this topic

#1 chaldo

chaldo

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:23 AM

Posted 24 November 2015 - 10:53 PM

I uninstalled some programs and ran Avira and Malwarebytes which removed some viruses.. I just want to know what got left behind. I attached the FRST logs as well as the Avira and includedM the MBAM log as an attachment

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Kassab (administrator) on KASSAB-HP (24-11-2015 22:44:10)
Running from C:\Users\Kassab\Desktop
Loaded Profiles: Kassab &  (Available Profiles: Kassab & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Medicomp Systems, Inc.) C:\Program Files (x86)\Medicomp\Server\medcinserv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [788176 2015-10-28] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{7B43DD0C-EBE1-4234-B150-51EFC9CFBA0E}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{D1ABF5AC-331D-4A2A-AD42-2B3EB09E2742}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.yahoo.com/
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {7ABD5EFD-88A6-E9CE-80AE-DBCA8C52F41C} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGAIDF&install_date=20110830&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {7BAFDE76-7343-493D-A0F9-69D6BB467116} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-21] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23] (DivX, LLC)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL [2011-03-30] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll [2012-06-07] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default
FF DefaultSearchEngine: Astromenda
FF DefaultSearchEngine.US: Astromenda
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSource=3&q={searchTerms}
FF SearchEngineOrder.1: Search Results
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-08-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-05-25] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2011-05-23] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\searchplugins\wikipedia-eng.xml [2012-09-26]
FF Extension: DivX Web Player - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\DivXWebPlayer@divx.com.xpi [2011-06-05] [not signed]
FF Extension: Block site - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-29]
FF Extension: Avira Browser Safety - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\Extensions\abs@avira.com [2015-11-24] [not signed]
FF Extension: Adblock Plus - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2011-09-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2015-11-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011-06-22] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_38_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyE0Bzy0F0FtBtCyBtN0D0Tzu0SzyzyyEtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0Ezy0EyD0Dzz0EtG0AtAzytCtGtAyC0AyEtGtAtByEtBtGyDzytBtB0D0DtAtAzz0A0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCzyzz0F0B0ByDtGyDtC0A0CtGyE0F0AyEtGzy0FyDtCtGzz0A0AtCzzyB0F0Azy0A0FyE2Q&cr=393944548&uref=308&ir=
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.org/restorebrowser/"
CHR Profile: C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BrotherSoft Extreme3) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2015-11-24]
CHR Extension: (Avira Browser Safety) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-10]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-10-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [936544 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-10-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1105952 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250136 2015-11-03] (Avira Operations GmbH & Co. KG)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 medcinserv; C:\Program Files (x86)\Medicomp\Server\medcinserv.exe [536576 2010-12-16] (Medicomp Systems, Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-28] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-10-28] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-28] (Avira Operations GmbH & Co. KG)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-15] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110714.034\IDSvia64.sys [488056 2011-07-07] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110715.004\ENG64.SYS [117880 2011-05-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110715.004\EX64.SYS [2011768 2011-05-17] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 22:44 - 2015-11-24 22:45 - 00025598 _____ C:\Users\Kassab\Desktop\FRST.txt
2015-11-24 22:44 - 2015-11-24 22:44 - 00000000 ____D C:\FRST
2015-11-24 22:43 - 2015-11-24 22:43 - 02348544 _____ (Farbar) C:\Users\Kassab\Desktop\FRST64.exe
2015-11-24 22:07 - 2015-11-24 22:07 - 00232165 _____ C:\Users\Kassab\Desktop\MBAM.txt
2015-11-24 21:27 - 2015-11-24 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-24 21:20 - 2015-11-24 21:20 - 00065638 _____ C:\Users\Kassab\Desktop\AVSCAN-20151124-192434-9B5B4306.LOG
2015-11-24 20:47 - 2015-11-24 20:47 - 00000000 ____D C:\Users\Kassab\AppData\LocalLow\Avira
2015-11-24 19:27 - 2015-11-24 19:27 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-24 19:27 - 2015-11-24 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-24 19:26 - 2015-11-24 19:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-24 19:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-24 19:26 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-24 19:21 - 2015-11-24 19:21 - 00003432 _____ C:\Windows\System32\Tasks\Avira Browser Safety Updater Task
2015-11-24 19:21 - 2015-11-24 19:21 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\Avira
2015-11-24 19:19 - 2015-10-28 18:21 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-11-24 19:19 - 2015-10-28 18:21 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-11-24 19:19 - 2015-10-28 18:21 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-11-24 19:19 - 2015-10-28 18:21 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-11-24 19:18 - 2015-11-24 19:21 - 00000000 ____D C:\Program Files (x86)\Avira
2015-11-24 19:18 - 2015-11-24 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-24 19:18 - 2015-11-24 19:19 - 00000000 ____D C:\ProgramData\Avira
2015-11-24 19:18 - 2015-11-24 19:18 - 00001168 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-24 19:17 - 2015-11-24 19:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-12 08:58 - 2015-11-03 12:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 08:44 - 2015-11-03 17:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 08:44 - 2015-11-03 16:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 08:44 - 2015-10-30 18:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 08:44 - 2015-10-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 08:44 - 2015-10-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 08:44 - 2015-10-30 18:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 08:44 - 2015-10-30 18:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 08:44 - 2015-10-30 18:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 08:44 - 2015-10-30 18:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 08:44 - 2015-10-30 18:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 08:44 - 2015-10-30 18:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 08:44 - 2015-10-30 18:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 08:44 - 2015-10-30 18:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 08:44 - 2015-10-30 18:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 08:44 - 2015-10-30 18:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 08:44 - 2015-10-30 18:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 08:44 - 2015-10-30 18:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 08:44 - 2015-10-30 18:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 08:44 - 2015-10-30 18:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 08:44 - 2015-10-30 18:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 08:44 - 2015-10-30 18:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 08:44 - 2015-10-30 17:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 08:44 - 2015-10-30 17:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 08:44 - 2015-10-30 17:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 08:44 - 2015-10-30 17:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 08:44 - 2015-10-30 17:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 08:44 - 2015-10-30 17:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 08:44 - 2015-10-30 17:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 08:44 - 2015-10-30 17:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 08:44 - 2015-10-30 17:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 08:44 - 2015-10-30 17:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 08:44 - 2015-10-30 17:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 08:44 - 2015-10-30 17:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 08:44 - 2015-10-30 17:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 08:44 - 2015-10-30 17:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 08:44 - 2015-10-30 17:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 08:44 - 2015-10-30 17:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 08:44 - 2015-10-30 17:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 08:44 - 2015-10-30 17:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 08:44 - 2015-10-30 17:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 08:44 - 2015-10-30 17:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 08:44 - 2015-10-30 17:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 08:44 - 2015-10-30 17:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 08:44 - 2015-10-30 17:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 08:44 - 2015-10-30 17:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 08:44 - 2015-10-30 17:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 08:44 - 2015-10-30 17:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 08:44 - 2015-10-30 17:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 08:44 - 2015-10-30 17:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 08:44 - 2015-10-30 17:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 08:44 - 2015-10-30 17:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 08:44 - 2015-10-30 17:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 08:44 - 2015-10-30 17:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 08:44 - 2015-10-30 17:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 08:44 - 2015-10-30 17:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 08:44 - 2015-10-30 17:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 08:44 - 2015-10-30 17:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 08:44 - 2015-10-30 17:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 08:44 - 2015-10-30 17:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 08:44 - 2015-10-30 17:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 08:44 - 2015-10-30 16:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 08:44 - 2015-10-30 16:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 08:44 - 2015-10-30 16:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 08:44 - 2015-10-30 16:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 08:44 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 08:44 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 08:44 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 08:44 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 08:44 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 08:44 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 08:44 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 08:44 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 08:44 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 08:44 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 08:44 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 08:44 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 08:44 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 08:44 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 08:44 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 08:44 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 08:43 - 2015-10-19 20:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 08:43 - 2015-10-19 20:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 08:43 - 2015-10-19 20:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 08:43 - 2015-10-19 20:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 08:43 - 2015-10-19 20:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 08:43 - 2015-10-19 20:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 08:43 - 2015-10-19 20:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 08:43 - 2015-10-19 20:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 08:43 - 2015-10-19 20:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 08:43 - 2015-10-19 20:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 08:43 - 2015-10-19 20:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 08:43 - 2015-10-19 20:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 08:43 - 2015-10-19 20:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 08:43 - 2015-10-19 20:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 08:43 - 2015-10-19 20:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 08:43 - 2015-10-19 19:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 08:43 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 08:43 - 2015-10-19 19:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 08:43 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 08:43 - 2015-10-19 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 08:43 - 2015-10-19 19:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 08:43 - 2015-10-19 19:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 08:43 - 2015-10-19 19:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 08:43 - 2015-10-19 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 08:43 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 08:43 - 2015-10-19 19:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 08:43 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 08:43 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 19:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 18:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 08:43 - 2015-10-19 18:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 08:43 - 2015-10-19 18:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 08:43 - 2015-10-19 18:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 08:43 - 2015-10-19 18:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 08:43 - 2015-10-19 18:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 18:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 18:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 08:43 - 2015-10-19 18:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 08:43 - 2015-09-23 08:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 08:43 - 2015-09-23 08:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 08:43 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 08:42 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 08:42 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 08:42 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 08:42 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 08:42 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 08:42 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 08:42 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 08:42 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 08:42 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 08:42 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 08:42 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 08:42 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 08:42 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-07 08:44 - 2015-11-09 08:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-02 05:28 - 2015-11-02 05:28 - 00000383 _____ C:\ftconfig.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-24 22:44 - 2013-06-15 18:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-24 22:43 - 2013-02-13 16:16 - 00000000 ___RD C:\Users\Kassab\Desktop\Bans Books
2015-11-24 22:42 - 2011-03-01 20:21 - 01455443 _____ C:\Windows\WindowsUpdate.log
2015-11-24 22:40 - 2011-09-25 22:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-24 22:38 - 2015-08-20 06:53 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2015-11-24 22:38 - 2011-09-22 12:26 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-11-24 22:36 - 2011-03-01 23:31 - 00747052 _____ C:\Windows\PFRO.log
2015-11-24 22:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-24 22:36 - 2009-07-13 23:51 - 00063604 _____ C:\Windows\setupact.log
2015-11-24 22:17 - 2011-09-25 22:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-24 22:11 - 2012-06-21 21:25 - 00000000 ____D C:\Program Files (x86)\BrotherSoft_Extreme3
2015-11-24 21:35 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-24 21:35 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-24 21:20 - 2011-05-15 17:34 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\SoftGrid Client
2015-11-24 21:02 - 2012-06-21 21:25 - 00000000 ____D C:\Users\Kassab\AppData\Local\CRE
2015-11-24 20:39 - 2011-05-15 16:14 - 00000000 ____D C:\Users\Kassab
2015-11-24 19:27 - 2012-12-09 17:38 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\Malwarebytes
2015-11-24 19:26 - 2012-12-09 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-24 19:26 - 2012-12-09 17:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-11-24 19:11 - 2015-02-26 12:24 - 00000000 ____D C:\ProgramData\MFAData
2015-11-24 19:02 - 2011-07-01 18:02 - 00000000 ____D C:\ProgramData\LogMeIn
2015-11-24 19:02 - 2011-07-01 18:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-11-24 18:58 - 2009-07-14 00:13 - 00006442 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-24 18:56 - 2012-02-10 20:19 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B9BA931-36B7-49E4-8C81-8811B1467209}
2015-11-24 18:52 - 2015-09-21 12:50 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForKassab.job
2015-11-24 16:06 - 2011-05-20 07:48 - 00000000 ____D C:\Users\Kassab\AppData\Local\CrashDumps
2015-11-24 15:10 - 2014-09-25 15:29 - 00000000 ____D C:\Users\Kassab\AppData\LocalLow\Adblock Plus for IE
2015-11-23 20:36 - 2013-06-04 17:18 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SoftGrid Client
2015-11-23 17:43 - 2014-07-20 23:43 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2015-11-23 15:41 - 2015-09-21 12:50 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKassab
2015-11-23 13:17 - 2011-05-16 13:12 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-23 13:16 - 2011-05-16 13:10 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\HpUpdate
2015-11-23 13:16 - 2011-05-16 13:10 - 00000000 ____D C:\Users\Kassab\AppData\Roaming\HP Support Assistant
2015-11-21 07:42 - 2011-03-01 20:56 - 00000000 ____D C:\ProgramData\Norton
2015-11-13 03:11 - 2009-07-13 23:45 - 00280344 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 14:18 - 2011-09-25 22:37 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-12 10:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 03:02 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 13:44 - 2013-06-15 18:10 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 13:44 - 2013-06-15 18:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 13:44 - 2011-05-15 20:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 08:12 - 2012-06-21 21:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-30 22:56 - 2014-12-15 13:33 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieBrowserModeList
2015-10-30 22:56 - 2014-04-26 12:03 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieUserList
2015-10-30 22:56 - 2014-04-26 12:03 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2011-10-17 12:41 - 2015-09-07 12:11 - 0001854 _____ () C:\Users\Kassab\AppData\Roaming\GhostObjGAFix.xml

Some files in TEMP:
====================
C:\Users\Kassab\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-20 02:35

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Kassab (2015-11-24 22:45:34)
Running from C:\Users\Kassab\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-05-15 21:14:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2524037534-3531981673-270931832-500 - Administrator - Disabled)
Guest (S-1-5-21-2524037534-3531981673-270931832-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2524037534-3531981673-270931832-1002 - Limited - Enabled)
Kassab (S-1-5-21-2524037534-3531981673-270931832-1000 - Administrator - Enabled) => C:\Users\Kassab

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Ask Toolbar Updater (HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.14.259 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM-x32\...\{529e47ba-e07b-414b-ae0b-1d17f85738f1}) (Version: 1.1.50.18326 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.50.18326 - Avira Operations GmbH & Co. KG) Hidden
BrotherSoft Extreme3 Toolbar (HKLM-x32\...\BrotherSoft_Extreme3 Toolbar) (Version: 6.8.12.0 - BrotherSoft Extreme3)
Canon MP470 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series) (Version:  - )
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11083.1 - Cisco Consumer Products LLC)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Foxit Reader 5.0 (HKLM-x32\...\Foxit Reader_is1) (Version: 5.0.1.523 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}) (Version: 1.0.4.0 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}) (Version: 5.1.8.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-2524037534-3531981673-270931832-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Hulu Desktop (HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
Java 7 Update 6 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417006FF}) (Version: 7.0.60 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Medcin Server (HKLM-x32\...\{0FC29506-C417-4DD1-B6FD-79F2BA700E5E}) (Version: 2.21.12.357 - Medicomp)
Medcin Student Edition (HKLM-x32\...\{B477242C-49BA-4DA2-AD4F-CB9BE2B47FE9}) (Version: 2.0.34 - Medicomp)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 18.7.2.3 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pocket Tanks v1.3 (HKLM-x32\...\Pocket Tanks_is1) (Version: 1.3 - Blitwise Productions, LLC)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975E}) (Version: 5.10.1102.0 -  NewspaperDirect Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version:  - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Sonic RecordNow! Deluxe (HKLM-x32\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.0 - Sonic Solutions)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
WinRAR 4.01 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.1 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

13-11-2015 03:00:12 Windows Update
21-11-2015 02:10:26 Scheduled Checkpoint
24-11-2015 18:58:01 Removed AVG 2015
24-11-2015 19:00:41 Removed AVG 2015
24-11-2015 19:01:35 Removed LogMeIn
24-11-2015 20:34:54 Removed Microsoft Office 2010

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-24 19:03 - 00000830 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {017F03C5-EC4A-46A2-B033-CAA8D64D1D64} - System32\Tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe [2013-04-16] (HP)
Task: {108E5E5B-BD25-425B-ACF5-A14796733C9F} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {1131C33B-6B2E-47FE-A1E2-E4448E4B5ACB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {30F7AD45-3E35-45E3-B65F-DBE373D69C09} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-08-06] (Symantec Corporation)
Task: {32B71258-FCB9-4719-BBB2-A7C1C530C65D} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{C4A7BADE-58DA-412A-9CCF-F20485D750F0}.exe [2015-09-18] ()
Task: {47391CCD-E8E3-4ECC-A9DD-9D9C1792BEFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4F821A45-61B8-4B5E-96BC-D9C2451C333F} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {7737C2E6-E5E2-42B2-B99C-19C1F84069A0} - System32\Tasks\HPCeeScheduleForKassab => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {7F37E77B-1C56-49C4-AE1B-0F5A2BA10356} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-11-20] (Microsoft)
Task: {9335F639-6EF5-42EF-81FC-48C74A801A6F} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()
Task: {A76A83D0-8572-4556-868A-3142B5FF4167} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {AE613E6E-AA1C-42DE-812D-60B7CF507F22} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2015-11-20] (Microsoft)
Task: {B55304B3-4A2B-469E-8813-73FDB7CD870E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-09-17] (Hewlett-Packard Company)
Task: {DBA40006-71A6-48B4-8A79-7C6FBC40A203} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DE46E681-1E31-4E11-9C8A-AA124B98BAC2} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-08-20] (CyberLink)
Task: {E3FE707D-78EC-46D5-B3E9-2FFE1BAF14A8} - System32\Tasks\Symantec\Norton Error Processor 18.7.2.3 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\SymErr.exe [2012-06-07] (Symantec Corporation)
Task: {F486F935-F9E1-489B-9F48-56C84D84B743} - System32\Tasks\0715avUpdateInfo => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe [2015-07-07] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0715avUpdateInfo.job => C:\ProgramData\Avg_Update_0715av\0715av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0915tbUpdateInfo.job => C:\ProgramData\Avg_Update_0915tb\0915tb_{C4A7BADE-58DA-412A-9CCF-F20485D750F0}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKassab.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-05-21 20:36 - 2011-05-22 01:59 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\youtube.com -> hxxp://www.youtube.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kassab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2524037534-3531981673-270931832-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\ban\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: CrossRiderPlugin => C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: StartCCC => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{11B7059F-4F69-4886-9426-9B79F9506D17}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{B84575D6-1C2F-4257-998A-2895480203E1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{B1518EC0-6478-499F-85B2-417CC195FA7C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{2DB5FA27-901D-4392-AF3E-262FE5CD1EEC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{058231B8-AFBB-4066-931E-DE246DCD1E36}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{B7570166-F4DA-441F-A804-A9E34FCD6A0B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{5F076245-8678-45D9-ABBD-7F275FA1B83F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{89984F84-6ABD-4E07-90A5-AF67D8D89E04}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{D9B7AC7B-8576-4256-9A0D-11B142BCF5C9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{C8C731C7-2BD4-4B7B-BDA2-DABD8B9399F9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{7A2A2667-5CC9-46F5-92BF-D82BDDC95EED}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{C01C8364-066E-45FB-BEF4-8404F94FAA5F}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{8A783F04-2D99-4B38-AE4C-76A6EE484DC4}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{CFCD6518-155D-4368-96C9-D27CA65F43A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{06692E88-F313-444E-808B-3BF75B389858}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{898D3739-877E-4D88-A8A0-CCB361515FBF}] => (Allow) LPort=2869
FirewallRules: [{5D9AC265-F8A9-4BB4-93E5-1660CE9340C0}] => (Allow) LPort=1900
FirewallRules: [{F456E5D1-B4A6-4729-BD72-AEC28C6F6BE6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{46071051-0F9B-43B0-8D1A-8F48DFDEFD33}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{4632E4D6-E91A-4930-860D-9D3AE4FC68D9}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{05C591CE-47DE-4A1E-B2A1-36F244E2DF36}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AE1F757D-1D85-4A51-9668-D7CDA1905BD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{71C0DB65-0D2E-440C-9F96-1656912F1602}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4796F8F4-67DB-4F53-A9F7-DDED8241F420}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{2AFB9DB0-2479-4DCC-BAC1-6348BFD2EE7F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2669C768-C8A4-4B43-8DD5-DB38E3D85D2F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{32756FC1-A209-4A20-AEB9-7CA12712CDD4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9B86756B-62AD-4827-A793-91E61119F0B2}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{1D513312-637E-4332-BD6A-C0847720C298}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{667A9536-6331-44BC-B569-6C06544A23E5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{7FFC7651-A571-43F9-9E20-A5A2A52605D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B2E2A9E-E30C-4C4C-A8F3-65588CFE7A1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF3DD5F5-9763-441F-BC4C-5F59A958FB85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2015 10:20:15 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume C:\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (11/24/2015 09:32:54 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/24/2015 08:37:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORDC.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2f0

Start Time: 01d12721ac78757f

Termination Time: 30

Application Path: Q:\140066.enu\Office14\WINWORDC.EXE

Report Id: fdfc6a65-9314-11e5-aaf1-78acc0984b9f

Error: (11/24/2015 07:22:27 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/24/2015 07:03:01 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

Error: (11/24/2015 07:01:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (11/24/2015 07:00:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary AVGIDSDriver.

System Error:
The system cannot find the file specified.
.

Error: (11/24/2015 06:58:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/24/2015 06:58:47 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (11/24/2015 04:05:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x6318
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (11/24/2015 10:43:32 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/24/2015 10:38:43 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 

Error: (11/24/2015 10:38:42 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 10.0.0.4192.168.137.0255.255.255.0

Error: (11/24/2015 10:38:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/24/2015 10:35:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/24/2015 10:33:15 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/24/2015 10:07:11 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/24/2015 09:37:14 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/24/2015 09:29:24 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (11/24/2015 09:23:49 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 57%
Total physical RAM: 3839.29 MB
Available physical RAM: 1620.02 MB
Total Virtual: 7676.78 MB
Available Virtual: 5585.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:918.5 GB) (Free:838.67 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.91 GB) (Free:1.58 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6167C4D5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=918.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

AVSCAN (Avira).txt



Free Antivirus
Report file date: Tuesday, November 24, 2015  19:24


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : Kassab
Computer name   : KASSAB-HP

Version information:
build.dat       : 15.0.14.259    92306 Bytes  10/28/2015 18:21:00
AVSCAN.EXE      : 15.0.14.257  1175480 Bytes  10/28/2015 23:21:49
AVSCANRC.DLL    : 15.0.14.233    56944 Bytes  10/28/2015 23:21:49
LUKE.DLL        : 15.0.14.257    68280 Bytes  10/28/2015 23:21:53
AVSCPLR.DLL     : 15.0.14.257   106352 Bytes  10/28/2015 23:21:49
REPAIR.DLL      : 15.0.14.257   539520 Bytes  10/28/2015 23:21:49
repair.rdf      : 1.0.12.38    1345847 Bytes  11/25/2015 00:21:26
AVREG.DLL       : 15.0.14.256   346312 Bytes  10/28/2015 23:21:49
avlode.dll      : 15.0.14.257   675424 Bytes  10/28/2015 23:21:49
avlode.rdf      : 14.0.5.6       84211 Bytes  10/28/2015 23:21:49
XBV00029.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00030.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00031.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00032.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00033.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00034.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00035.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00036.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00037.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00038.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00039.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00040.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00041.VDF    : 8.11.165.190     2048 Bytes    8/7/2014 23:21:54
XBV00125.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00126.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00127.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00128.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00129.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00130.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00131.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00132.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00133.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00134.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00135.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00136.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00137.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00138.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00139.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00140.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00141.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00142.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00143.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00144.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:22
XBV00145.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00146.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00147.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00148.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00149.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00150.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00151.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00152.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00153.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00154.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00155.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00156.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00157.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00158.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00159.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00160.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00161.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00162.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00163.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00164.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00165.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00166.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00167.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00168.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00169.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00170.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00171.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00172.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00173.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00174.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00175.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00176.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00177.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00178.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00179.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:23
XBV00180.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00181.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00182.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00183.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00184.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00185.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00186.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00187.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00188.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00189.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00190.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00191.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00192.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00193.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00194.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00195.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00196.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00197.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00198.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00199.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00200.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00201.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00202.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00203.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00204.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00205.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00206.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00207.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00208.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00209.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00210.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:24
XBV00211.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00212.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00213.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00214.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00215.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00216.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00217.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00218.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00219.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00220.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00221.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00222.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00223.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00224.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00225.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00226.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00227.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00228.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00229.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00230.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00231.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00232.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00233.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00234.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00235.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00236.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00237.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00238.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00239.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00240.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00241.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00242.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00243.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00244.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00245.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:25
XBV00246.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00247.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00248.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00249.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00250.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00251.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00252.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00253.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00254.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00255.VDF    : 8.12.28.114     2048 Bytes  11/17/2015 00:21:26
XBV00000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 23:21:54
XBV00001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 23:21:54
XBV00002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 23:21:54
XBV00003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 23:21:54
XBV00004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 23:21:54
XBV00005.VDF    : 7.11.98.186  6822912 Bytes   8/29/2013 23:21:54
XBV00006.VDF    : 7.11.139.38 15708672 Bytes   3/27/2014 23:21:54
XBV00007.VDF    : 7.11.152.100  4193792 Bytes    6/2/2014 23:21:54
XBV00008.VDF    : 8.11.165.192  4251136 Bytes    8/7/2014 23:21:54
XBV00009.VDF    : 8.11.172.30  2094080 Bytes   9/15/2014 23:21:54
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  10/14/2014 23:21:54
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 23:21:54
XBV00012.VDF    : 8.11.190.32  1876992 Bytes   12/3/2014 23:21:54
XBV00013.VDF    : 8.11.201.28  2973696 Bytes   1/14/2015 23:21:54
XBV00014.VDF    : 8.11.206.252  2695680 Bytes    2/4/2015 23:21:54
XBV00015.VDF    : 8.11.213.84  3175936 Bytes    3/3/2015 23:21:54
XBV00016.VDF    : 8.11.213.176   212480 Bytes    3/5/2015 23:21:54
XBV00017.VDF    : 8.11.219.166  2033664 Bytes   3/25/2015 23:21:54
XBV00018.VDF    : 8.11.225.88  2367488 Bytes   4/22/2015 23:21:54
XBV00019.VDF    : 8.11.230.186  1674752 Bytes   5/13/2015 23:21:54
XBV00020.VDF    : 8.11.237.30  4711936 Bytes    6/2/2015 23:21:54
XBV00021.VDF    : 8.11.243.12  2747904 Bytes   6/26/2015 23:21:54
XBV00022.VDF    : 8.11.248.172  2350592 Bytes   7/17/2015 23:21:54
XBV00023.VDF    : 8.11.254.112  2570752 Bytes    8/7/2015 23:21:54
XBV00024.VDF    : 8.12.3.6     2196480 Bytes   8/27/2015 23:21:54
XBV00025.VDF    : 8.12.8.238   1951232 Bytes   9/16/2015 23:21:54
XBV00026.VDF    : 8.12.16.180  2211328 Bytes   10/7/2015 23:21:54
XBV00027.VDF    : 8.12.21.126  2252288 Bytes  10/27/2015 23:21:54
XBV00028.VDF    : 8.12.28.114  2935296 Bytes  11/17/2015 00:21:19
XBV00042.VDF    : 8.12.28.118    33792 Bytes  11/17/2015 00:21:19
XBV00043.VDF    : 8.12.28.122    39424 Bytes  11/17/2015 00:21:19
XBV00044.VDF    : 8.12.28.124     2048 Bytes  11/18/2015 00:21:19
XBV00045.VDF    : 8.12.28.128    51712 Bytes  11/18/2015 00:21:19
XBV00046.VDF    : 8.12.28.130     2048 Bytes  11/18/2015 00:21:19
XBV00047.VDF    : 8.12.28.132    14336 Bytes  11/18/2015 00:21:19
XBV00048.VDF    : 8.12.28.158    10752 Bytes  11/18/2015 00:21:19
XBV00049.VDF    : 8.12.28.184     5632 Bytes  11/18/2015 00:21:19
XBV00050.VDF    : 8.12.28.210     3584 Bytes  11/18/2015 00:21:19
XBV00051.VDF    : 8.12.28.236    10240 Bytes  11/18/2015 00:21:19
XBV00052.VDF    : 8.12.29.6      27136 Bytes  11/18/2015 00:21:19
XBV00053.VDF    : 8.12.29.8       3072 Bytes  11/18/2015 00:21:19
XBV00054.VDF    : 8.12.29.10     15360 Bytes  11/18/2015 00:21:19
XBV00055.VDF    : 8.12.29.12      2048 Bytes  11/18/2015 00:21:19
XBV00056.VDF    : 8.12.29.14      2048 Bytes  11/18/2015 00:21:19
XBV00057.VDF    : 8.12.29.16     13312 Bytes  11/18/2015 00:21:19
XBV00058.VDF    : 8.12.29.18      2048 Bytes  11/18/2015 00:21:19
XBV00059.VDF    : 8.12.29.20     15360 Bytes  11/18/2015 00:21:19
XBV00060.VDF    : 8.12.29.22      6144 Bytes  11/18/2015 00:21:19
XBV00061.VDF    : 8.12.29.24      6144 Bytes  11/18/2015 00:21:19
XBV00062.VDF    : 8.12.29.26     13312 Bytes  11/18/2015 00:21:20
XBV00063.VDF    : 8.12.29.28     15872 Bytes  11/18/2015 00:21:20
XBV00064.VDF    : 8.12.29.52     39424 Bytes  11/19/2015 00:21:20
XBV00065.VDF    : 8.12.29.72      8192 Bytes  11/19/2015 00:21:20
XBV00066.VDF    : 8.12.29.92     13824 Bytes  11/19/2015 00:21:20
XBV00067.VDF    : 8.12.29.112     2048 Bytes  11/19/2015 00:21:20
XBV00068.VDF    : 8.12.29.156    62464 Bytes  11/19/2015 00:21:20
XBV00069.VDF    : 8.12.29.176     2048 Bytes  11/19/2015 00:21:20
XBV00070.VDF    : 8.12.29.196    17408 Bytes  11/19/2015 00:21:20
XBV00071.VDF    : 8.12.29.198     2048 Bytes  11/19/2015 00:21:20
XBV00072.VDF    : 8.12.29.200     2048 Bytes  11/19/2015 00:21:20
XBV00073.VDF    : 8.12.29.202     2048 Bytes  11/19/2015 00:21:20
XBV00074.VDF    : 8.12.29.204     2048 Bytes  11/19/2015 00:21:20
XBV00075.VDF    : 8.12.29.206    13312 Bytes  11/19/2015 00:21:20
XBV00076.VDF    : 8.12.29.210    37888 Bytes  11/20/2015 00:21:20
XBV00077.VDF    : 8.12.29.212     2048 Bytes  11/20/2015 00:21:20
XBV00078.VDF    : 8.12.29.252     2048 Bytes  11/20/2015 00:21:20
XBV00079.VDF    : 8.12.30.16     27136 Bytes  11/20/2015 00:21:20
XBV00080.VDF    : 8.12.30.56     11776 Bytes  11/20/2015 00:21:20
XBV00081.VDF    : 8.12.30.76     39936 Bytes  11/20/2015 00:21:20
XBV00082.VDF    : 8.12.30.78     17920 Bytes  11/20/2015 00:21:20
XBV00083.VDF    : 8.12.30.80      9728 Bytes  11/20/2015 00:21:20
XBV00084.VDF    : 8.12.30.82     10240 Bytes  11/20/2015 00:21:20
XBV00085.VDF    : 8.12.30.84      8704 Bytes  11/20/2015 00:21:20
XBV00086.VDF    : 8.12.30.86      8192 Bytes  11/20/2015 00:21:20
XBV00087.VDF    : 8.12.30.90     33792 Bytes  11/21/2015 00:21:20
XBV00088.VDF    : 8.12.30.92      2048 Bytes  11/21/2015 00:21:21
XBV00089.VDF    : 8.12.30.94     12288 Bytes  11/21/2015 00:21:21
XBV00090.VDF    : 8.12.30.96     31744 Bytes  11/21/2015 00:21:21
XBV00091.VDF    : 8.12.30.116    89600 Bytes  11/22/2015 00:21:21
XBV00092.VDF    : 8.12.30.178    81920 Bytes  11/23/2015 00:21:21
XBV00093.VDF    : 8.12.30.198     5120 Bytes  11/23/2015 00:21:21
XBV00094.VDF    : 8.12.30.216     7168 Bytes  11/23/2015 00:21:21
XBV00095.VDF    : 8.12.30.218     4096 Bytes  11/23/2015 00:21:21
XBV00096.VDF    : 8.12.30.220     8704 Bytes  11/23/2015 00:21:21
XBV00097.VDF    : 8.12.30.222    12288 Bytes  11/23/2015 00:21:21
XBV00098.VDF    : 8.12.30.224     7168 Bytes  11/23/2015 00:21:21
XBV00099.VDF    : 8.12.30.226     7168 Bytes  11/23/2015 00:21:21
XBV00100.VDF    : 8.12.30.228    10752 Bytes  11/23/2015 00:21:21
XBV00101.VDF    : 8.12.30.246    13824 Bytes  11/23/2015 00:21:21
XBV00102.VDF    : 8.12.31.8       6144 Bytes  11/23/2015 00:21:21
XBV00103.VDF    : 8.12.31.26      5120 Bytes  11/23/2015 00:21:21
XBV00104.VDF    : 8.12.31.44     16384 Bytes  11/23/2015 00:21:21
XBV00105.VDF    : 8.12.31.62      4096 Bytes  11/23/2015 00:21:21
XBV00106.VDF    : 8.12.31.80     10752 Bytes  11/23/2015 00:21:21
XBV00107.VDF    : 8.12.31.82      2048 Bytes  11/23/2015 00:21:21
XBV00108.VDF    : 8.12.31.84      4608 Bytes  11/23/2015 00:21:21
XBV00109.VDF    : 8.12.31.86      8192 Bytes  11/23/2015 00:21:21
XBV00110.VDF    : 8.12.31.90     26624 Bytes  11/24/2015 00:21:21
XBV00111.VDF    : 8.12.31.92      3072 Bytes  11/24/2015 00:21:21
XBV00112.VDF    : 8.12.31.94      2048 Bytes  11/24/2015 00:21:22
XBV00113.VDF    : 8.12.31.96     14336 Bytes  11/24/2015 00:21:22
XBV00114.VDF    : 8.12.31.98      9216 Bytes  11/24/2015 00:21:22
XBV00115.VDF    : 8.12.31.100     6656 Bytes  11/24/2015 00:21:22
XBV00116.VDF    : 8.12.31.102     7168 Bytes  11/24/2015 00:21:22
XBV00117.VDF    : 8.12.31.104     3072 Bytes  11/24/2015 00:21:22
XBV00118.VDF    : 8.12.31.106     8704 Bytes  11/24/2015 00:21:22
XBV00119.VDF    : 8.12.31.108     2048 Bytes  11/24/2015 00:21:22
XBV00120.VDF    : 8.12.31.110     9728 Bytes  11/24/2015 00:21:22
XBV00121.VDF    : 8.12.31.128    10752 Bytes  11/24/2015 00:21:22
XBV00122.VDF    : 8.12.31.130    21504 Bytes  11/24/2015 00:21:22
XBV00123.VDF    : 8.12.31.132     9216 Bytes  11/24/2015 00:21:22
XBV00124.VDF    : 8.12.31.134    15872 Bytes  11/24/2015 00:21:22
LOCAL000.VDF    : 8.12.31.134 145726464 Bytes  11/24/2015 00:22:03
Engine version  : 8.3.34.80 
AEBB.DLL        : 8.1.3.0        59296 Bytes  11/25/2015 00:21:15
AECORE.DLL      : 8.3.9.0       249920 Bytes  11/25/2015 00:21:16
AEDROID.DLL     : 8.4.3.348    1800104 Bytes  11/25/2015 00:21:17
AEEMU.DLL       : 8.1.3.6       404328 Bytes  11/25/2015 00:21:16
AEEXP.DLL       : 8.4.2.134     277360 Bytes  11/25/2015 00:21:17
AEGEN.DLL       : 8.1.8.6       481184 Bytes  11/25/2015 00:21:16
AEHELP.DLL      : 8.3.2.6       284584 Bytes  11/25/2015 00:21:16
AEHEUR.DLL      : 8.1.4.2050   9894768 Bytes  11/25/2015 00:21:16
AEMOBILE.DLL    : 8.1.8.8       300968 Bytes  11/25/2015 00:21:17
AEOFFICE.DLL    : 8.3.1.56      408432 Bytes  10/28/2015 23:21:48
AEPACK.DLL      : 8.4.1.18      802880 Bytes  10/28/2015 23:21:48
AERDL.DLL       : 8.2.1.38      813928 Bytes  11/25/2015 00:21:17
AESBX.DLL       : 8.2.21.2     1629032 Bytes  11/25/2015 00:21:17
AESCN.DLL       : 8.3.4.0       141216 Bytes  11/25/2015 00:21:17
AESCRIPT.DLL    : 8.3.0.4       542632 Bytes  11/25/2015 00:21:17
AEVDF.DLL       : 8.3.2.4       141216 Bytes  11/25/2015 00:21:17
AVWINLL.DLL     : 15.0.14.233    29600 Bytes  10/28/2015 23:21:49
AVPREF.DLL      : 15.0.14.233    55864 Bytes  10/28/2015 23:21:49
AVREP.DLL       : 15.0.14.233   225320 Bytes  10/28/2015 23:21:49
AVARKT.DLL      : 15.0.14.233   231032 Bytes  10/28/2015 23:21:48
AVEVTLOG.DLL    : 15.0.14.258   200632 Bytes  10/28/2015 23:21:48
SQLITE3.DLL     : 15.0.14.233   460704 Bytes  10/28/2015 23:21:53
AVSMTP.DLL      : 15.0.14.233    82120 Bytes  10/28/2015 23:21:49
NETNT.DLL       : 15.0.14.233    18792 Bytes  10/28/2015 23:21:53
CommonImageRc.dll: 15.0.14.233  4309752 Bytes  10/28/2015 23:21:53
CommonTextRc.dll: 15.0.14.237    68792 Bytes  10/28/2015 23:21:53

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files (x86)\Avira\Antivirus\alldiscs.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, Q:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Tuesday, November 24, 2015  19:24

Start scanning boot sectors:
Boot sector 'HDD0(C:, D:, Q:)'
    [INFO]      No virus was found!

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '129' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '171' Module(s) have been scanned
Scan process 'atieclxx.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'armsvc.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'HPClientServices.exe' - '43' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '23' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '29' Module(s) have been scanned
Scan process 'medcinserv.exe' - '27' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '149' Module(s) have been scanned
Scan process 'NOBuAgent.exe' - '30' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '36' Module(s) have been scanned
Scan process 'sftvsa.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '99' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '75' Module(s) have been scanned
Scan process 'sftlist.exe' - '79' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '56' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '71' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'alg.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'hphc_service.exe' - '48' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '120' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '49' Module(s) have been scanned
Scan process 'TeamViewer_Desktop.exe' - '71' Module(s) have been scanned
Scan process 'taskhost.exe' - '59' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '99' Module(s) have been scanned
Scan process 'TeamViewer.exe' - '118' Module(s) have been scanned
Scan process 'Dwm.exe' - '35' Module(s) have been scanned
Scan process 'Explorer.EXE' - '171' Module(s) have been scanned
Scan process 'tv_w32.exe' - '37' Module(s) have been scanned
Scan process 'tv_x64.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'GWX.exe' - '40' Module(s) have been scanned
Scan process 'DllHost.exe' - '45' Module(s) have been scanned
Scan process 'msiexec.exe' - '56' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '136' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '181' Module(s) have been scanned
Scan process 'avguard.exe' - '127' Module(s) have been scanned
Scan process 'avshadow.exe' - '21' Module(s) have been scanned
Scan process 'sched.exe' - '85' Module(s) have been scanned
Scan process 'avgnt.exe' - '114' Module(s) have been scanned
Scan process 'UI0Detect.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '157' Module(s) have been scanned
Scan process 'ipmGui.exe' - '141' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'avscan.exe' - '88' Module(s) have been scanned
Scan process 'avscan.exe' - '117' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsass.exe' - '68' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '2017' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Program Files (x86)\ClearThink\epaphgdmipnghjhhebklgdchejelobkg.crx
    [0] Archive type: CRX
    --> content.js
        [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.RA
        [WARNING]   Infected files in archives cannot be repaired
C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.A.1099
C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen
C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserFilter.Helper.dll.old.3e210b2f-b633-4691-8b49-2a3114475e5b
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen
C:\Program Files (x86)\ClearThink\bin\ClearThinkBrowserFilter.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7
C:\Program Files (x86)\ClearThink\bin\tmp9897.tmp
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7
C:\Users\Guest\AppData\Local\Temp\+QZDF9l8.exe.part
  [DETECTION] Contains patterns of software PUA/iLivid.Gen
C:\Users\Guest\AppData\Local\Temp\RioGYuVU.exe.part
  [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen
C:\Users\Guest\AppData\Local\Temp\yZHJb4Aq.exe.part
  [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen
C:\Users\Kassab\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
    [0] Archive type: CRX
    --> manifest.json
        [DETECTION] Contains patterns of software PUA/SearchBar.33
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\Kassab\AppData\Local\Temp\acro_rd_dir\7D41.tmp
    [0] Archive type: NSIS
    --> ProgramFilesDir/[UnknownDir]
        [DETECTION] Is the TR/Crypt.Xpack.163508 Trojan
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\Kassab\AppData\Local\Temp\scoped_dir_15512_11758\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
    [0] Archive type: CRX
    --> manifest.json
        [DETECTION] Contains patterns of software PUA/SearchBar.33
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\Kassab\Desktop\Bans Books\true_lbc_lebanon.zip
    [0] Archive type: ZIP
    --> true_lbc_lebanon.exe
        [DETECTION] Is the TR/Vundo.Gen2 Trojan
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\Kassab\Downloads\IE7ProSetup_2.5.1.exe
    [0] Archive type: NSIS
    --> ProgramFilesDir/ProgSenseSetup.exe
        [1] Archive type: Inno Setup
      --> {app}\OpenCandy\OCSetupHlp.dll
          [DETECTION] Contains patterns of software PUA/OpenCandy.Gen
          [WARNING]   Infected files in archives cannot be repaired
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Access is denied.

Beginning disinfection:
C:\Users\Kassab\Downloads\IE7ProSetup_2.5.1.exe
  [DETECTION] Contains patterns of software PUA/OpenCandy.Gen
  [NOTE]      The file was moved to the quarantine directory under the name '5a3cdf02.qua'!
C:\Users\Kassab\Desktop\Bans Books\true_lbc_lebanon.zip
  [DETECTION] Is the TR/Vundo.Gen2 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '52959830.qua'!
C:\Users\Kassab\AppData\Local\Temp\scoped_dir_15512_11758\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
  [DETECTION] Contains patterns of software PUA/SearchBar.33
  [WARNING]   The file could not be copied to quarantine!
  [WARNING]   Error in ARK library
  [NOTE]      The file is scheduled for deleting after reboot.
  [NOTE]      It is recommended to restart your computer in order to finish the repair.
C:\Users\Kassab\AppData\Local\Temp\acro_rd_dir\7D41.tmp
  [DETECTION] Is the TR/Crypt.Xpack.163508 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '741bc603.qua'!
C:\Users\Kassab\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
  [DETECTION] Contains patterns of software PUA/SearchBar.33
  [NOTE]      The file was moved to the quarantine directory under the name '4205baff.qua'!
C:\Users\Guest\AppData\Local\Temp\yZHJb4Aq.exe.part
  [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen
  [NOTE]      The file was moved to the quarantine directory under the name '44eabca3.qua'!
C:\Users\Guest\AppData\Local\Temp\RioGYuVU.exe.part
  [DETECTION] Contains patterns of software PUA/DownloadAdmin.Gen
  [NOTE]      The file was moved to the quarantine directory under the name '630dba72.qua'!
C:\Users\Guest\AppData\Local\Temp\+QZDF9l8.exe.part
  [DETECTION] Contains patterns of software PUA/iLivid.Gen
  [NOTE]      The file was moved to the quarantine directory under the name '059da794.qua'!
C:\Program Files (x86)\ClearThink\bin\tmp9897.tmp
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7
  [WARNING]   The file could not be copied to quarantine!
  [WARNING]   Error in ARK library
  [NOTE]      The file is scheduled for deleting after reboot.
  [NOTE]      It is recommended to restart your computer in order to finish the repair.
C:\Program Files (x86)\ClearThink\bin\ClearThinkBrowserFilter.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen7
  [WARNING]   The file could not be copied to quarantine!
  [WARNING]   Error in ARK library
  [NOTE]      The file is scheduled for deleting after reboot.
  [NOTE]      It is recommended to restart your computer in order to finish the repair.
C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserFilter.Helper.dll.old.3e210b2f-b633-4691-8b49-2a3114475e5b
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen
  [WARNING]   The file could not be copied to quarantine!
  [WARNING]   Error in ARK library
  [NOTE]      The file is scheduled for deleting after reboot.
  [NOTE]      It is recommended to restart your computer in order to finish the repair.
C:\Program Files (x86)\ClearThink\bin\ClearThink.BrowserAdapter.exe
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.Gen
  [WARNING]   The file could not be copied to quarantine!
  [WARNING]   Error in ARK library
  [NOTE]      The file is scheduled for deleting after reboot.
  [NOTE]      It is recommended to restart your computer in order to finish the repair.
C:\Program Files (x86)\ClearThink\bin\c5e48979bd7f4cf79b73.dll
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.A.1099
  [WARNING]   The file could not be copied to quarantine!
  [WARNING]   Error in ARK library
  [NOTE]      The file is scheduled for deleting after reboot.
  [NOTE]      It is recommended to restart your computer in order to finish the repair.
C:\Program Files (x86)\ClearThink\epaphgdmipnghjhhebklgdchejelobkg.crx
  [DETECTION] Contains virus patterns of Adware ADWARE/BrowseFox.RA
  [WARNING]   The file could not be copied to quarantine!
  [WARNING]   Error in ARK library
  [NOTE]      The file is scheduled for deleting after reboot.
  [NOTE]      It is recommended to restart your computer in order to finish the repair.

BC AdBot (Login to Remove)

 

#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 26 November 2015 - 10:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via Control Panel > Programs Features applet.
Ask Toolbar Updater (HKU\S-1-5-21-2524037534-3531981673-270931832-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
BrotherSoft Extreme3 Toolbar (HKLM-x32\...\BrotherSoft_Extreme3 Toolbar) (Version: 6.8.12.0 - BrotherSoft Extreme3)


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
FF DefaultSearchEngine: Astromenda
FF DefaultSearchEngine.US: Astromenda
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSource=3&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: DivX Web Player - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\DivXWebPlayer@divx.com.xpi [2011-06-05] [not signed]
FF Extension: Block site - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-29]
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_38_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyE0Bzy0F0FtBtCyBtN0D0Tzu0SzyzyyEtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0Ezy0EyD0Dzz0EtG0AtAzytCtGtAyC0AyEtGtAtByEtBtGyDzytBtB0D0DtAtAzz0A0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCzyzz0F0B0ByDtGyDtC0A0CtGyE0F0AyEtGzy0FyDtCtGzz0A0AtCzzyB0F0Azy0A0FyE2Q&cr=393944548&uref=308&ir=
CHR Extension: (BrotherSoft Extreme3) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2015-11-24]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#3 chaldo

chaldo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:23 AM

Posted 27 November 2015 - 01:29 AM

How is the computer running now?

 

Okay, so I ran into some snags. First, when I tried removing:

 

Ask Toolbar Updater

 

I received the following error message pop-up:

 

P5DM0N2.jpg

 

Then when I tried removing:

 

BrotherSoft Extreme3 Toolbar

 

Nothing happened. So both are still there.

 

I did run the FRST fix, and have the log here:

Fix result of Farbar Recovery Scan Tool (x64) Version:26-11-2015
Ran by Kassab (2015-11-27 00:09:18) Run:1
Running from C:\Users\Kassab\Desktop
Loaded Profiles: Kassab (Available Profiles: Kassab & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2524037534-3531981673-270931832-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
FF DefaultSearchEngine: Astromenda
FF DefaultSearchEngine.US: Astromenda
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3205709&SearchSource=3&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: DivX Web Player - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\DivXWebPlayer@divx.com.xpi [2011-06-05] [not signed]
FF Extension: Block site - C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-05-29]
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_ir_14_38_ie&cd=2XzuyEtN2Y1L1QzuyBzz0A0C0CtDzyzzyE0Bzy0F0FtBtCyBtN0D0Tzu0SzyzyyEtN1L2XzutAtFtBtFtCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StD0Ezy0EyD0Dzz0EtG0AtAzytCtGtAyC0AyEtGtAtByEtBtGyDzytBtB0D0DtAtAzz0A0CtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByCzyzz0F0B0ByDtGyDtC0A0CtGyE0F0AyEtGzy0FyDtCtGzz0A0AtCzzyB0F0Azy0A0FyE2Q&cr=393944548&uref=308&ir=
CHR Extension: (BrotherSoft Extreme3) - C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2015-11-24]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2524037534-3531981673-270931832-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-2524037534-3531981673-270931832-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKU\S-1-5-21-2524037534-3531981673-270931832-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-2524037534-3531981673-270931832-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
HKU\S-1-5-21-2524037534-3531981673-270931832-501-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found.
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-2524037534-3531981673-270931832-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value removed successfully
HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox DefaultSearchUrl removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\DivXWebPlayer@divx.com.xpi => moved successfully
C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\DivXWebPlayer@divx.com.xpi => path removed successfully
C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => moved successfully
C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} => path removed successfully
Chrome HomePage => removed successfully
C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol => moved successfully
lmimirr => service removed successfully
EmptyTemp: => 3.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:16:30 ====

I ran AdwCleaner and received the following log:

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 00:23:18
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kassab - KASSAB-HP
# Running from : C:\Users\Kassab\Desktop\adwcleaner_5.022.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Avg_Update_0715av
Folder Found : C:\ProgramData\Avg_Update_0915tb
Folder Found : C:\Users\Kassab\AppData\Roaming\GrabPro

***** [ Files ] *****

File Found : C:\Users\Guest\Desktop\Continue Zip Extractor Installation.lnk
File Found : C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jpnbdefcbnoefmmcpelplabbkfmfhlho_0

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{232C7B23-87F2-47FF-89D0-3B31E3A8A29A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2FBC2440-C385-4EDF-8B7E-6755BC6BAD39}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{08A415D2-076A-4CFC-BA5F-EB78188B7A11}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{232C7B23-87F2-47FF-89D0-3B31E3A8A29A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2FBC2440-C385-4EDF-8B7E-6755BC6BAD39}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Avg Secure Update
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\bflixtoolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKLM\SOFTWARE\bflixtoolbar
Key Found : HKLM\SOFTWARE\Avg Secure Update
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme3 Customized Web Search");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossrider.bic", "1321bf3764fcde6e41a8ecc8e767db4e");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.active", true);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.affid", "0");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n\nfunction buttonClick() { \n \n if (appAPI.platform == \"FF\") window.open(\"file:///C:/codec-info/codec_info.html\");\n if (app[...]
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.backgroundver", 8);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221324531503%22");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.expiration", "Fri Jun 22 2012 22:39:18 GMT-0400 (Eastern Daylight Time)");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%2276.122.138.168%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Milford%22%2C%22geoplug[...]
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2214977%22");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.domain", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.emailsig", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.exposesites", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.group", 0);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.homepage", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.iframe", false);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.js", "\n\n//------------------ PLUGIN app_435_specific START ------------------\nif(!appAPI.matchPages(\"search.babylon.com\",\"search.sweetim.com\",\"myst[...]
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.premium", true);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.settingsurl", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.thankyou", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.435.ver", 51);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.apps", "435");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.bic", "1321bf3764fcde6e41a8ecc8e767db4e");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.cid", 435);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.firstrun", false);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.hadappinstalled", true);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.installationdate", 1314728933);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.jsver", 3);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.lastcheck", 22338599);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.lastcheckitem", 22338601);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1340316070484");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1340316070470");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*digg.com/(.{5}|.{6})$|hxxp:[...]
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark._14Members_.toolbarCollapsed", true);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");
[C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.conduit.com
[C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : r
[C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : astromenda.com
[C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jpnbdefcbnoefmmcpelplabbkfmfhlho
[C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pfkfdlcdbajamklbneflfbcmfgddmpae
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jpnbdefcbnoefmmcpelplabbkfmfhlho

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14369 bytes] ##########

I allowed the program to clean everything then received the final log:

# AdwCleaner v5.022 - Logfile created 27/11/2015 at 01:03:14
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Kassab - KASSAB-HP
# Running from : C:\Users\Kassab\Desktop\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Premium
[-] Folder Deleted : C:\ProgramData\Avg_Update_0715av
[-] Folder Deleted : C:\ProgramData\Avg_Update_0915tb
[-] Folder Deleted : C:\Users\Kassab\AppData\Roaming\GrabPro

***** [ Files ] *****

[-] File Deleted : C:\Users\Guest\Desktop\Continue Zip Extractor Installation.lnk
[-] File Deleted : C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jpnbdefcbnoefmmcpelplabbkfmfhlho_0

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{232C7B23-87F2-47FF-89D0-3B31E3A8A29A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2FBC2440-C385-4EDF-8B7E-6755BC6BAD39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{08A415D2-076A-4CFC-BA5F-EB78188B7A11}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{232C7B23-87F2-47FF-89D0-3B31E3A8A29A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2FBC2440-C385-4EDF-8B7E-6755BC6BAD39}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Zugo
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\AppDataLow\Toolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\bflixtoolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\bflixtoolbar
[-] Key Deleted : HKLM\SOFTWARE\Avg Secure Update
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update

***** [ Web browsers ] *****

[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme3 Customized Web Search");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "1321bf3764fcde6e41a8ecc8e767db4e");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.active", true);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.affid", "0");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n\nfunction buttonClick() {        \n  \n  if (appAPI.platform == \"FF\") window.open(\"file:///C:/codec-info/codec_info.html\");\n  if (app[...]
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.backgroundver", 8);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221324531503%22");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.expiration", "Fri Jun 22 2012 22:39:18 GMT-0400 (Eastern Daylight Time)");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%2276.122.138.168%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Milford%22%2C%22geoplug[...]
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2214977%22");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.domain", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.emailsig", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.exposesites", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.group", 0);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.homepage", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.iframe", false);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.js", "\n\n//------------------  PLUGIN app_435_specific START  ------------------\nif(!appAPI.matchPages(\"search.babylon.com\",\"search.sweetim.com\",\"myst[...]
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.premium", true);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.settingsurl", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.thankyou", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.435.ver", 51);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.apps", "435");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.bic", "1321bf3764fcde6e41a8ecc8e767db4e");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.cid", 435);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.firstrun", false);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.hadappinstalled", true);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.installationdate", 1314728933);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.jsver", 3);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.lastcheck", 22338599);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.lastcheckitem", 22338601);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1340316070484");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1340316070470");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(getaudiofiledocumentdir)/.*hxxp://.*depositfiles.com/(([a-z]{2})/files/auth-).*hxxp://(www.)*digg.com/(.{5}.{6})$hxxp:[...]
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._14Members_.toolbarCollapsed", true);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Kassab\AppData\Roaming\Mozilla\Firefox\Profiles\f2tkrtx0.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "totalrecipesearch@mindspark.com");
[-] [C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : r
[-] [C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : astromenda.com
[-] [C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jpnbdefcbnoefmmcpelplabbkfmfhlho
[-] [C:\Users\Kassab\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pfkfdlcdbajamklbneflfbcmfgddmpae
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jpnbdefcbnoefmmcpelplabbkfmfhlho

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15010 bytes] ##########

Seems to be running a bit better, not sure what to do about the programs that won't uninstall


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 27 November 2015 - 09:49 AM

Download and run this Revo Uninstaller tool.
http://www.revouninstaller.com/revo_uninstaller_free_download.html

If you find the programs with this tool delete them.
Other wise forget about them.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 chaldo

chaldo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:10:23 AM

Posted 29 November 2015 - 10:26 AM

Thank you very much for your help


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 05 December 2015 - 01:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·