Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer infected with multiple malware including browser guardian. Need help!


  • This topic is locked This topic is locked
22 replies to this topic

#1 lomonkey1

lomonkey1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 24 December 2015 - 03:21 PM

Hi,

 

I need some help with cleaning up malware from my mother's computer. I am visiting for Christmas and she asked me to look at why her computer is running so slow and acting "funny". I sat down to use the computer and noticed several things that tell me it likely has multiple malware infections. I think this computer is currently beyond my basic ability to fix. 

 

I observed that internet explorer and Google Chrome are not working. When either browser is opened, it sits there and does not open any webpage that is typed in the address bar. When the browser's are first opened, I also noticed that the default address shows up as "Browser guardian". I tried to open the options and settings on these browsers and again nothing happens. The only browser that is currently working is Safari. 

 

I also tried opening windows explorer and noticed that the file display settings have all been changed. None of the typical information: filename, size, date, etc is displayed. Most of the files in the computer only show last access date or no text at all. I attempted to open some documents and copy a few files and noticed that none of these basic operations are working. The computer sits there "waiting" and nothing happens. The same happened when I opened Word to try to read a text file. I really need some help to fix this computer since I can't seem to get anything to work correctly.

 

I appreciate any help that you guys can provide.

 

 

Below are the results from FRST.txt file:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Cecilia (administrator) on HOME (24-12-2015 12:24:44)
Running from C:\Users\Cecilia\Desktop\FRS
Loaded Profiles: Cecilia (Available Profiles: Cecilia)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65barsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
( ) C:\Windows\System32\lxducoms.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\n360.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Imation Corp) C:\Program Files (x86)\Memorex\Mirror for Photos\MMFP.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Bench\Proxy\pwdg.exe
() C:\Program Files (x86)\Bench\FService\1.1\fservice.exe
() C:\Program Files (x86)\Bench\FService\1.1\fservice64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Bench\Proxy\proc.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] ()
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [3453440 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2009-09-04] ()
HKLM\...\Run: [pcreg] => C:\Program Files\wrapper_inst\service.exe [346720 2013-08-16] ()
HKLM\...\Run: [FromDocToPDF Home Page Guard 64 bit] => "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-10] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [118624 2009-07-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-12-26] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Mirror for Photos] => C:\Program Files (x86)\Memorex\Mirror for Photos\MMFP.exe [2664960 2010-08-26] (Imation Corp)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [BService] => "C:\Program Files (x86)\Bench\BService\1.1\bservice.exe"
HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65medint.exe [12824 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\PROGRA~2\FROMDO~2\bar\1.bin\65brmon.exe
HKLM-x32\...\Run: [Bench Communicator Watcher] => C:\Program Files (x86)\Bench\Proxy\pwdg.exe [127488 2014-07-15] ()
HKLM-x32\...\Run: [Bench Settings Cleaner] => C:\Program Files (x86)\Bench\Proxy\cl.exe [62464 2015-07-30] ()
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 32-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\AppIntegrator.exe [230424 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 64-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\AppIntegrator64.exe [265752 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => "C:\PROGRA~2\FROMDO~2\bar\2.bin\65srchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [FService] => C:\Program Files (x86)\Bench\FService\1.1\fservice.exe [84480 2015-07-30] ()
HKLM-x32\...\Run: [FService64] => C:\Program Files (x86)\Bench\FService\1.1\fservice64.exe [104960 2015-07-30] ()
HKLM-x32\...\Run: [Wd] => C:\Program Files (x86)\Bench\Wd\wd.exe [93184 2015-07-30] ()
HKLM-x32\...\RunOnce: [Start Savin-repairJob] => wscript.exe "C:\Users\Cecilia\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [Weather] => C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [ywcovi] => rundll32 "C:\Users\Cecilia\AppData\Roaming\uk-UAV.dll",yzmcvnm
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-03-19] (EasyBits Software AS)
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\MountPoints2: {271a7ff4-7f3a-11e4-9999-002421ada096} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\MountPoints2: {7faf3e98-bd1a-11de-8d1c-002421ada096} - F:\LaunchU3.exe -a
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\MountPoints2: {8208931a-e2a3-11de-a168-002421ada096} - F:\rcaeasyrip_setup.exe
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\MountPoints2: {e5ae365f-370a-11e2-aeb1-002421ada096} - I:\LaunchU3.exe -a
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-10] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-02-22]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-05-27]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-3113189444-1855527629-3296059688-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3113189444-1855527629-3296059688-1000] => http=127.0.0.1:3128
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{44983826-B96D-483B-B502-983A02AB6905}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D44FC3A4-5C45-465B-A6BD-C8D7EE5E35DE}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.tb.ask.com/index.jhtml?n=77fd35db&p2=^y6^xdm003^yya^us&ptb=29c6bd16-6002-4c15-9ec5-6a49ffd20098&si=cjuo8fky278cfsmv7aodkgsajq
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=56C9002421ADA096&affID=125361&tsp=5037
URLSearchHook: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 - (No Name) - {795828a9-f271-43a8-8536-4484bb991d3d} - No File
URLSearchHook: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 - NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} -  No File
URLSearchHook: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 - NetAssistant - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
URLSearchHook: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65SrcAs.dll (Mindspark)
SearchScopes: HKLM -> {736A98FF-BCE5-4BA1-A824-756A8171A0A1} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM -> {7CD2274A-3DD2-475E-A3F5-2A477D05A3C0} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {736A98FF-BCE5-4BA1-A824-756A8171A0A1} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 -> {7CD2274A-3DD2-475E-A3F5-2A477D05A3C0} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CJuO8fKy278CFSMV7AodKGsAJQ&ptb=29C6BD16-6002-4C15-9EC5-6A49FFD20098&ind=2014072308&n=780c4df4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKLM-x32 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101740&gct=&gc=1&q={searchTerms}&crm=1
SearchScopes: HKU\.DEFAULT -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317192&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPEB6E1154-6E26-4A51-9B3E-0F1572988FEA&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317192&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPEB6E1154-6E26-4A51-9B3E-0F1572988FEA&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.enhanced-search.com/?q={searchTerms}&babsrc=SP_ss_mib2&mntrId=56C9002421ADA096&affID=125361&tsp=5037
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {21586B30-C20E-46C6-BCA5-1E073756F5B1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {2474E2D4-8629-4A02-A568-494F6CCEE1DC} URL = hxxp://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120936,6900,0,5,0
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {736A98FF-BCE5-4BA1-A824-756A8171A0A1} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {7CD2274A-3DD2-475E-A3F5-2A477D05A3C0} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={9BE9BBA1-3436-4B88-8335-6D9CC2287F34}&mid=6e713420c65947d1ad41d16d67494965-7aa14262ffbc0c4482a94269b2b491f21677ddf8&lang=en&ds=sf011&pr=sa&d=2013-08-16 21:39:09&v=17.1.2.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CJuO8fKy278CFSMV7AodKGsAJQ&ptb=29C6BD16-6002-4C15-9EC5-6A49FFD20098&ind=2014072308&n=780c4df4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101740&gct=&gc=1&q={searchTerms}&crm=1
BHO: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll [2015-08-16] ()
BHO: ValueApps -> {93DBF2BB-A2B3-4683-A92E-57E60751F346} -> C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll [2014-01-27] (Conduit Ltd.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2013-11-18] (Yahoo! Inc.)
BHO-x32: Start Savin BHO -> {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} -> C:\Program Files (x86)\Start Savin\FrameworkBHO.dll [2015-08-16] ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65bar.dll [2015-07-13] (Mindspark)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2009-09-04] ()
BHO-x32: WeCareReminder Class -> {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll [2012-08-07] (We-Care.com)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-26] (Sun Microsystems, Inc.)
BHO-x32: NetAssistant -> {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} -> C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll [2012-02-13] (W3i, LLC)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65SrcAs.dll [2015-07-13] (Mindspark)
BHO-x32: No Name -> {F63AAEDC-3602-49EF-AA45-262380A98980} -> No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll [2013-11-18] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65bar.dll [2015-07-13] (Mindspark)
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-11-12] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> No Name - {795828A9-F271-43A8-8536-4484BB991D3D} -  No File
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @FromDocToPDF_65.com/Plugin -> C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\NP65Stub.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2009-10-30] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3113189444-1855527629-3296059688-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Cecilia\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF Extension: RivalGaming  - C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com [2012-09-08] [not signed]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Cecilia\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-18]
CHR Extension: (We-Care Reminder) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm [2014-06-05] [UpdateUrl: hxxp://plugin.we-care.com/chrome-updates.xml] <==== ATTENTION
CHR Extension: (Value apps) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-06-05]
CHR Extension: (Skype Click to Call) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-05]
CHR Extension: (AVG SafeGuard) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-05-11]
CHR Extension: (Google Wallet) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-19]
CHR Extension: (Vuze Remote) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk [2014-07-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT2504091&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
CHR HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Cecilia\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2012-08-29]
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ippkomaaonokjnfjoikaemidanojkfmm] - C:\ProgramData\WeCareReminder\\wecarereminderro.crx [2012-07-11]
CHR HKLM-x32\...\Chrome\Extension: [lcnnhcneegeeojhgpfijnlnocjdmlaon] - C:\ProgramData\ValueApps\CH\ValueApps.crx [2014-01-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\Cecilia\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx [2012-08-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65barsvc.exe [90648 2015-07-13] (Mindspark)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [33960 2009-08-19] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1044136 2009-08-19] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [594600 2009-08-19] ( )
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciServiceHost; C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [315392 2011-09-09] (Alcatel-Lucent) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-10] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150822.002\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150822.002\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMTDIV.SYS [477400 2015-11-11] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 12:24 - 2015-12-24 12:24 - 00000000 ____D C:\FRST
2015-12-24 12:18 - 2015-12-24 12:24 - 00000000 ____D C:\Users\Cecilia\Desktop\FRS
2015-12-24 12:17 - 2015-12-24 12:09 - 02370560 _____ (Farbar) C:\Users\Cecilia\FRST64.exe
2015-12-24 12:09 - 2015-12-24 12:09 - 02370560 _____ (Farbar) C:\Users\Cecilia\Downloads\FRST64.exe
2015-12-11 23:23 - 2015-12-11 23:23 - 00703017 _____ C:\Users\Cecilia\Documents\Marcecheque.pdf
2015-12-11 23:22 - 2015-12-11 23:22 - 00701099 _____ C:\Users\Cecilia\Documents\12-11-2015 11;22;06PM.pdf
2015-12-11 22:32 - 2015-12-11 22:32 - 02548934 _____ C:\Users\Cecilia\Documents\marcetaxes1.pdf
2015-12-11 22:26 - 2015-12-11 22:26 - 01195352 _____ C:\Users\Cecilia\Documents\12-11-2015 10;25;49PM.pdf
2015-12-11 22:25 - 2015-12-11 22:25 - 02550136 _____ C:\Users\Cecilia\Documents\12-11-2015 10;24;47PM.pdf
2015-12-11 22:07 - 2015-12-11 22:07 - 00851654 _____ C:\Users\Cecilia\Documents\marcetaxes.pdf
2015-12-11 22:05 - 2015-12-11 22:05 - 00848871 _____ C:\Users\Cecilia\Documents\12-11-2015 10;05;39PM.pdf
2015-12-09 16:18 - 2015-11-05 03:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 16:18 - 2015-11-05 02:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 16:18 - 2015-11-05 01:54 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 16:12 - 2015-11-06 10:36 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-12-09 16:12 - 2015-11-06 10:36 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-12-09 16:12 - 2015-11-06 10:36 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-12-09 16:12 - 2015-11-06 10:36 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-12-09 16:12 - 2015-11-06 10:00 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-12-09 16:12 - 2015-11-06 09:59 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-12-09 16:12 - 2015-11-06 09:50 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-12-09 16:12 - 2015-11-06 09:47 - 01561600 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 16:12 - 2015-11-06 09:47 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 16:12 - 2015-11-06 09:27 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-12-09 16:12 - 2015-11-06 09:26 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-12-09 16:12 - 2015-11-06 09:20 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-12-09 16:12 - 2015-11-02 11:04 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-09 16:12 - 2015-11-02 10:44 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 16:11 - 2015-11-06 11:05 - 00648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 16:11 - 2015-11-06 10:43 - 00820224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 16:11 - 2015-11-06 09:37 - 02799104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 16:11 - 2015-11-06 09:20 - 01073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 15:54 - 2015-11-05 01:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 15:54 - 2015-11-05 01:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 15:50 - 2015-11-10 11:03 - 01208832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 15:50 - 2015-11-10 11:03 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 15:50 - 2015-11-10 10:40 - 01683968 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 15:50 - 2015-11-10 10:40 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 15:38 - 2015-11-12 15:16 - 17892864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 15:38 - 2015-11-12 15:13 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 15:38 - 2015-11-12 15:09 - 10937856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 15:38 - 2015-11-12 15:08 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 15:38 - 2015-11-12 15:08 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 15:38 - 2015-11-12 15:07 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 15:38 - 2015-11-12 15:07 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 15:38 - 2015-11-12 15:06 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 15:38 - 2015-11-12 15:06 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 15:38 - 2015-11-12 15:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-08 15:38 - 2015-11-12 15:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-08 15:38 - 2015-11-12 14:39 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 15:38 - 2015-11-12 14:37 - 12389376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 15:38 - 2015-11-12 14:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 15:38 - 2015-11-12 14:34 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 15:38 - 2015-11-12 14:34 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 15:38 - 2015-11-12 14:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 15:38 - 2015-11-12 14:32 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 15:38 - 2015-11-12 14:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-12-08 15:38 - 2015-11-12 14:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 15:38 - 2015-11-12 14:31 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-12-08 15:09 - 2015-12-08 15:09 - 02444328 _____ C:\Users\Cecilia\Documents\12-08-2015 03;08;52PM.pdf
2015-11-29 11:58 - 2015-11-29 11:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-11-29 11:51 - 2015-11-29 11:51 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 12:24 - 2006-11-02 07:33 - 00000000 ____D C:\Windows
2015-12-24 12:17 - 2009-08-25 23:32 - 00000000 ____D C:\Users\Cecilia
2015-12-24 12:13 - 2011-08-16 17:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 12:04 - 2013-08-12 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-24 11:52 - 2011-10-10 07:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\CrashDumps
2015-12-24 11:28 - 2014-01-08 14:55 - 00000348 _____ C:\Windows\Tasks\bench-S-1-5-21-3113189444-1855527629-3296059688-1000.job
2015-12-24 11:26 - 2014-01-08 16:48 - 00000000 ____D C:\Users\Cecilia\AppData\LocalLow\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}
2015-12-24 11:25 - 2009-08-27 20:26 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Skype
2015-12-24 11:23 - 2011-11-27 20:18 - 00000000 ____D C:\ProgramData\GameXN
2015-12-24 11:23 - 2011-10-24 18:29 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\go
2015-12-24 11:22 - 2013-08-16 20:35 - 00000284 _____ C:\Windows\Tasks\pcreg.job
2015-12-24 11:21 - 2011-08-16 17:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 11:19 - 2006-11-02 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-24 11:19 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-24 11:19 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-23 02:36 - 2006-11-02 09:42 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-22 23:27 - 2011-06-06 23:03 - 00011000 _____ C:\Users\Cecilia\Documents\Gastos Mensuales.xlsx
2015-12-22 22:06 - 2014-02-28 16:33 - 00752706 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-22 22:06 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\inf
2015-12-22 22:06 - 2006-11-02 06:46 - 00752706 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-22 21:46 - 2012-09-08 14:51 - 00000268 _____ C:\Windows\Tasks\RGames Updater.job
2015-12-18 00:40 - 2014-01-08 14:55 - 00000348 _____ C:\Windows\Tasks\bench-sys.job
2015-12-17 22:28 - 2011-03-15 12:52 - 00068285 _____ C:\Users\Cecilia\Documents\Acumulados Gross & Taxes.xlsx
2015-12-17 22:18 - 2013-07-28 17:52 - 00012662 _____ C:\Users\Cecilia\Documents\Copy of Copy of Movimiento Bancos.xlsx
2015-12-17 22:06 - 2009-09-01 01:00 - 00000000 ____D C:\Users\Cecilia\Documents\Jani King
2015-12-17 22:05 - 2010-05-17 19:50 - 00000000 ____D C:\ProgramData\Lx_cats
2015-12-17 18:19 - 2013-03-12 20:38 - 00001943 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-11 22:27 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\rescache
2015-12-11 21:55 - 2006-11-02 09:21 - 00394576 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 21:54 - 2009-05-27 16:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 16:21 - 2009-09-01 00:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 16:18 - 2010-06-04 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 16:11 - 2013-08-15 19:55 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 16:01 - 2011-03-16 16:50 - 00011308 _____ C:\Users\Cecilia\Documents\taxes form 941.xlsx
2015-12-09 15:58 - 2006-11-02 06:35 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-12-08 18:04 - 2013-08-12 15:51 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 18:04 - 2013-08-12 15:51 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 18:04 - 2011-08-13 12:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-04 21:08 - 2011-08-16 17:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 21:08 - 2011-08-16 17:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 13:18 - 2009-10-26 14:46 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-29 12:07 - 2010-05-18 20:05 - 00002545 _____ C:\Users\Cecilia\Desktop\ABBYY FineReader 6.0 Sprint.lnk
2015-11-29 11:53 - 2011-10-09 22:08 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-11-29 11:51 - 2015-08-30 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-11-29 11:51 - 2015-08-22 20:34 - 00001977 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
 
==================== Files in the root of some directories =======
 
2011-10-09 22:07 - 2011-10-09 22:07 - 161784896 _____ (Symantec Corporation) C:\Program Files\N360_5.0.0.125_MS_LOEM_MRF1441_5671.exe
2014-10-23 20:12 - 2014-10-23 20:12 - 6000640 _____ () C:\Program Files (x86)\GUT29F.tmp
2011-10-09 20:46 - 2011-10-13 17:04 - 0011464 _____ () C:\Users\Cecilia\AppData\Roaming\E548.751
2009-08-25 23:43 - 2009-08-25 23:43 - 0000000 _____ () C:\Users\Cecilia\AppData\Roaming\wklnhst.dat
2009-11-25 12:35 - 2015-09-20 19:46 - 0001356 _____ () C:\Users\Cecilia\AppData\Local\d3d9caps.dat
2009-08-31 00:49 - 2013-06-25 11:55 - 0054272 _____ () C:\Users\Cecilia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-09 22:07 - 2011-10-09 22:08 - 0014902 _____ () C:\Users\Cecilia\AppData\Local\dd_vcredistUI48E8.txt
2011-10-09 22:08 - 2011-10-09 22:08 - 0014902 _____ () C:\Users\Cecilia\AppData\Local\dd_vcredistUI493D.txt
2011-02-07 19:40 - 2011-02-16 16:14 - 0004096 ____H () C:\Users\Cecilia\AppData\Local\keyfile3.drm
2014-08-06 21:12 - 2015-12-24 11:24 - 0000003 _____ () C:\Users\Cecilia\AppData\Local\proxy.log
2011-05-12 13:14 - 2011-06-04 00:15 - 0001940 _____ () C:\Users\Cecilia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2009-08-27 20:31 - 2009-08-27 20:31 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-05-17 19:41 - 2010-05-17 19:42 - 0000252 _____ () C:\ProgramData\FastPics.log
2010-02-22 17:28 - 2010-05-17 16:48 - 0002494 _____ () C:\ProgramData\hpzinstall.log
2011-11-02 19:39 - 2011-11-02 19:39 - 0000071 _____ () C:\ProgramData\lxdu.log
2011-02-07 19:49 - 2015-01-05 21:14 - 0001651 _____ () C:\ProgramData\lxduDiagnostics.log
2010-05-18 09:41 - 2015-04-13 18:54 - 0194830 _____ () C:\ProgramData\lxduJSW.log
2011-03-31 22:32 - 2011-03-31 22:32 - 0615158 _____ () C:\ProgramData\SPL22B0.tmp
2010-06-10 19:43 - 2010-06-10 19:43 - 0961452 _____ () C:\ProgramData\SPL23B6.tmp
2010-06-10 18:30 - 2010-06-10 18:30 - 0961452 _____ () C:\ProgramData\SPL65E4.tmp
2014-03-18 20:42 - 2014-03-18 20:42 - 0355518 _____ () C:\ProgramData\SPL75CE.tmp
2011-03-31 22:32 - 2011-03-31 22:32 - 0615158 _____ () C:\ProgramData\SPL8621.tmp
2011-01-23 16:04 - 2011-01-23 16:04 - 1333816 _____ () C:\ProgramData\SPL873C.tmp
2010-06-09 19:57 - 2010-06-09 19:57 - 0961452 _____ () C:\ProgramData\SPL8AF8.tmp
2015-02-09 15:31 - 2015-02-09 15:31 - 0858096 _____ () C:\ProgramData\SPL8C3C.tmp
2011-01-25 21:50 - 2011-01-25 21:50 - 1333577 _____ () C:\ProgramData\SPL91E2.tmp
2011-01-26 20:00 - 2011-01-26 20:00 - 1333577 _____ () C:\ProgramData\SPL927E.tmp
2010-06-10 18:27 - 2010-06-10 18:27 - 0961452 _____ () C:\ProgramData\SPL95A9.tmp
2011-01-24 11:29 - 2011-01-24 11:29 - 1333577 _____ () C:\ProgramData\SPL9839.tmp
2010-06-10 15:32 - 2010-06-10 15:32 - 0961452 _____ () C:\ProgramData\SPL9E8F.tmp
2011-01-25 11:23 - 2011-01-25 11:23 - 1333577 _____ () C:\ProgramData\SPL9F3B.tmp
2011-01-25 11:27 - 2011-01-25 11:27 - 1333577 _____ () C:\ProgramData\SPL9FD8.tmp
2011-03-31 22:21 - 2011-03-31 22:21 - 0615158 _____ () C:\ProgramData\SPLA36C.tmp
2011-01-26 20:05 - 2011-01-26 20:05 - 1333577 _____ () C:\ProgramData\SPLA7B4.tmp
2010-06-10 19:39 - 2010-06-10 19:39 - 0961452 _____ () C:\ProgramData\SPLAD10.tmp
2011-01-23 16:07 - 2011-01-23 16:07 - 1333577 _____ () C:\ProgramData\SPLADA.tmp
2010-06-10 15:37 - 2010-06-10 15:37 - 0961452 _____ () C:\ProgramData\SPLB174.tmp
2010-06-10 19:11 - 2010-06-10 19:11 - 0961452 _____ () C:\ProgramData\SPLB328.tmp
2011-01-23 16:05 - 2011-01-23 16:05 - 1333816 _____ () C:\ProgramData\SPLC0FF.tmp
2011-01-24 17:50 - 2011-01-24 17:50 - 1333577 _____ () C:\ProgramData\SPLC735.tmp
2010-06-09 19:59 - 2010-06-09 19:59 - 0961452 _____ () C:\ProgramData\SPLC844.tmp
2011-01-24 11:34 - 2011-01-24 11:34 - 1333577 _____ () C:\ProgramData\SPLCC06.tmp
2011-01-24 17:44 - 2011-01-24 17:44 - 1333577 _____ () C:\ProgramData\SPLD651.tmp
2011-01-25 21:55 - 2011-01-25 21:55 - 1333577 _____ () C:\ProgramData\SPLF2D7.tmp
2010-06-09 20:00 - 2010-06-09 20:00 - 0961452 _____ () C:\ProgramData\SPLFECE.tmp
2010-05-17 19:30 - 2010-05-17 19:30 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Files to move or delete:
====================
C:\Users\Cecilia\0.10197212047344983.exe
C:\Users\Cecilia\0.215837594675935.exe
C:\Users\Cecilia\0.2172363269330455.exe
C:\Users\Cecilia\0.23777053799793857.exe
C:\Users\Cecilia\0.2884794378556572.exe
C:\Users\Cecilia\0.31304098636632616.exe
C:\Users\Cecilia\0.32759703123524175.exe
C:\Users\Cecilia\0.3376853800146331.exe
C:\Users\Cecilia\0.3461332756119446.exe
C:\Users\Cecilia\0.40812692265156714.exe
C:\Users\Cecilia\0.4656064243167539.exe
C:\Users\Cecilia\0.47811895307857755.exe
C:\Users\Cecilia\0.5009891863032833.exe
C:\Users\Cecilia\0.5271609997853948.exe
C:\Users\Cecilia\0.5324059161428474.exe
C:\Users\Cecilia\0.5379950771145285.exe
C:\Users\Cecilia\0.5550941245127593.exe
C:\Users\Cecilia\0.5775425289729406.exe
C:\Users\Cecilia\0.5864763511316429.exe
C:\Users\Cecilia\0.5990985881490263.exe
C:\Users\Cecilia\0.6429795414257906.exe
C:\Users\Cecilia\0.6679203515506513.exe
C:\Users\Cecilia\0.6927015856188907.exe
C:\Users\Cecilia\0.6932005810309299.exe
C:\Users\Cecilia\0.6978631576983204.exe
C:\Users\Cecilia\0.7512294839233663.exe
C:\Users\Cecilia\0.7535155403768783.exe
C:\Users\Cecilia\0.8139544038391864.exe
C:\Users\Cecilia\0.8271501524394349.exe
C:\Users\Cecilia\0.871629174102834.exe
C:\Users\Cecilia\0.9109150348216986.exe
C:\Users\Cecilia\0.9631266642927945.exe
C:\Users\Cecilia\0.9733031312178324.exe
C:\Users\Cecilia\0.9937522860440025.exe
C:\Users\Cecilia\FRST64.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-24 11:29
 
==================== End of FRST.txt ============================
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:32 PM

Posted 25 December 2015 - 11:05 AM

Hi "Merry Christmas" & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    FromDocToPDF Internet Explorer Toolbar
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 December 2015 - 12:26 PM

Hi Jürgen,

 

Thank you for your help. I have run Revo uninstaller and AdwCleaner as you stated. However, I am unable to post the AdwCleaner log file. When the computer rebooted, I got an error saying that Acrobat Reader could not open the AdwCleaner.txt file and had to close. I closed Acrobat Reader and the file never opened. I do not know why Acrobat is set to open the file in the first place. I looked in the desktop to see if the file was written there so that I could manually open it with notepad and report the contents. 

 

Please advise on what I should do next. Is there a particular location where the file is written that I can access and report the contents?

 

Thanks again.



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:32 PM

Posted 25 December 2015 - 12:33 PM

Hi,

Is there a particular location where the file is written that I can access and report the contents?


Yes, please open the file with notepad:

C:\AdwCleaner\AdwCleaner[Cx].txt

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 December 2015 - 02:01 PM

I completed all 3 steps. Below is the output from the AdwCleaner log file:

 

 

# AdwCleaner v5.026 - Logfile created 25/12/2015 at 11:00:12
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : Cecilia - HOME
# Running from : C:\Users\Cecilia\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : FromDocToPDF_65Service
[-] Service Deleted : YahooAUService
[!] Service Not Deleted : FromDocToPDF_65Service
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Program Files\Conduit
[#] Folder Deleted : C:\Program Files (x86)\Bench
[#] Folder Deleted : C:\Program Files (x86)\Conduit
[#] Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
[#] Folder Deleted : C:\Program Files (x86)\Freeze.com
[#] Folder Deleted : C:\Program Files (x86)\Smartdl
[#] Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
[#] Folder Deleted : C:\Program Files (x86)\Yahoo!\Companion
[#] Folder Deleted : C:\Program Files (x86)\FromDocToPDF_65
[#] Folder Deleted : C:\ProgramData\Babylon
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\DriverCure
[#] Folder Deleted : C:\ProgramData\ParetoLogic
[#] Folder Deleted : C:\ProgramData\ValueApps
[#] Folder Deleted : C:\ProgramData\WeCareReminder
[#] Folder Deleted : C:\ProgramData\Yahoo! Companion
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\BenchUpdater
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\Conduit
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\iac
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\ShieldApps
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\FromDocToPDF_65
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
[#] Folder Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
[#] Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\Conduit
[#] Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\HPAppData
[#] Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\iac
[#] Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\PriceGong
[#] Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\Yahoo! Companion
[#] Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\Yahoo!\Companion
[#] Folder Deleted : C:\Users\Cecilia\AppData\LocalLow\FromDocToPDF_65
[#] Folder Deleted : C:\Users\Cecilia\AppData\Roaming\DriverCure
[#] Folder Deleted : C:\Users\Cecilia\AppData\Roaming\Yahoo!\Companion
[#] Folder Deleted : C:\Windows\SysNative\Tasks\pcreg
[#] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\components\AskSearch.js
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lcnnhcneegeeojhgpfijnlnocjdmlaon_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_toolbar.avg.com_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.vaccint.com_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.best-deals-products.com_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxps_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pricegong.conduitapps.com_0.localstorage
[-] File Deleted : C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
[-] File Deleted : C:\Users\Cecilia\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Windows\SysNative\roboot64.exe
[-] File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : bench-sys
[-] Task Deleted : pcreg
[-] Task Deleted : bench-S-1-5-21-3113189444-1855527629-3296059688-1000
[-] Task Deleted : bench-sys
[-] Task Deleted : bench-S-1-5-21-3113189444-1855527629-3296059688-1000
[-] Task Deleted : bench-sys
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
[-] Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Bench Communicator Watcher]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Bench Settings Cleaner]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BService]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Wd]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@FromDocToPDF_65.com/Plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.FeedManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLMenu.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.HTMLPanel.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.MultipleButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.RadioSettings.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ScriptButton.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ThirdPartyInstaller.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector
[-] Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF EPM Support]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF Search Scope Monitor]
[-] Key Deleted : HKCU\Software\5e08dd0b768e943
[-] Key Deleted : HKLM\SOFTWARE\5e08dd0b768e943
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2903595
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72D05120-DF65-4C27-921E-899B5267FEF2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{017d68f2-19b3-41ae-9d8a-8b09dbd25479}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2bd4465d-669a-42e6-b449-636b0b10ebb8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3700b685-d795-4e17-9b78-73bcee5d4086}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3e6260ac-bc6f-44b4-942b-1568c367543a}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ffa72ec-9fd9-4b2b-92a5-68b60885fd8a}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{504b4aa9-9952-4490-b0e1-80a5321c35f7}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{72d05120-df65-4c27-921e-899b5267fef2}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{ae84501a-2cb6-41d6-b3a7-9679bdbdfa0b}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{afa196f4-80e5-47ad-b7bc-c671487d36fb}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b7fd68f7-d28b-431e-9ee8-e45d915b7f17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{cd1d181e-c654-4ca5-9d09-b3648537fd7d}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1EF6208B-483A-48F6-B9E5-9B6C54200F8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{316A2A46-F832-49B3-95E0-D460BD88D6B4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6467B28C-D408-4066-8B26-056335875D3D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{777CEBBF-A763-42BE-ABBF-FF264689666B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{87509D74-1F24-4B10-A14E-0AACF713CE14}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9FD6C2C1-C847-410A-995A-AEE5F27F0674}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1747AE4D-0A83-4336-84D4-48500BF1554F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2C9D27D8-C81E-4968-8026-E725E01650C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BB1BA04-1B88-4690-9AD3-0D38412F5FF1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EFEC319-72E8-42AA-AC38-8CF8A0661CDD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6191571E-F7EE-47C3-B229-2DFAC70DB5D2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{840AE8AE-D547-433E-985C-6BF6C74F5084}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A85ACA7E-5CD2-461B-877A-994CCCCF491C}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF6FDBB8-7CD5-402D-AB4F-E4F13D3490C8}
[!] Key Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F63AAEDC-3602-49EF-AA45-262380A98980}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A235E1E3-6296-4710-AF39-104A7FAA6C7C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F236CA79-3123-4AFB-9F74-E98117AD5625}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F63AAEDC-3602-49EF-AA45-262380A98980}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63AAEDC-3602-49EF-AA45-262380A98980}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E1C4699E-5E74-4F30-A4A2-378E45D44F07}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63AAEDC-3602-49EF-AA45-262380A98980}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2bd4465d-669a-42e6-b449-636b0b10ebb8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{bc7e25d7-4681-46a3-af5a-9a1b865783ed}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cbbea4b9-b183-47ac-8b1f-fd526ac99a8d}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e1c4699e-5e74-4f30-a4a2-378e45d44f07}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FC2B119B-2352-4E7A-9197-B9E1BBADE61B}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-68784B0B762B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701f5c41-bb30-46da-a56b-68784b0b762b}
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e0c3a839-0e5e-4ebc-9f8f-e56f8fc732ce}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1EF6208B-483A-48F6-B9E5-9B6C54200F8C}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{314D051A-F3B4-4B7A-AAB4-1122FB82A0B5}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{316A2A46-F832-49B3-95E0-D460BD88D6B4}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{37E2C8D2-3EF0-46D4-AD11-A8DA53942034}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{463A3C2B-3B87-4FAD-A9A6-CD1B93ED836C}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4AD8E6E4-3DFE-458D-845D-55F516C7C3B0}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{62D88F68-AC05-4FBF-AC16-E76B3B7B6531}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6467B28C-D408-4066-8B26-056335875D3D}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{777CEBBF-A763-42BE-ABBF-FF264689666B}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{87509D74-1F24-4B10-A14E-0AACF713CE14}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9CB19259-5D60-49A7-8AF7-2B7CAF36C124}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9FD6C2C1-C847-410A-995A-AEE5F27F0674}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1F3E70D-04BA-47FB-ACCA-CC8FCFA74D41}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7C6FA4E-F2A1-4D4B-90CB-2757143E7AAB}
[!] Key Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9141680-DC75-4DD7-B86D-9CC2A83DCB9B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
[-] Key Deleted : HKCU\Software\BABSOLUTION
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Delta
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Proxy
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\StartSearch
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKCU\Software\wecarereminder
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\FromDocToPDF_65
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\AppDataLow\Software\FromDocToPDF_65
[-] Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
[-] Key Deleted : HKLM\SOFTWARE\Bench
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Delta
[-] Key Deleted : HKLM\SOFTWARE\Freeze.com
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Proxy
[-] Key Deleted : HKLM\SOFTWARE\Start Savin
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\{F2E9660B-98AF-42c0-8258-9CDDF07BF95D}
[-] Key Deleted : HKLM\SOFTWARE\ShieldApps
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\FromDocToPDF_65
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Firefox
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NetAssistant 3.8.3
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FromDocToPDF_65bar Uninstall Internet Explorer
[-] Key Deleted : [x64] HKLM\SOFTWARE\Start Savin
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[!] Data Not Restored : HKCU\Software\Microsoft\Internet Explorer\Main [bProtector Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{21586B30-C20E-46C6-BCA5-1E073756F5B1}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7CD2274A-3DD2-475E-A3F5-2A477D05A3C0}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CD2274A-3DD2-475E-A3F5-2A477D05A3C0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adbabylon.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ippkomaaonokjnfjoikaemidanojkfmm
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lcnnhcneegeeojhgpfijnlnocjdmlaon
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ojpijjmpahflnipadmlpgbjmagmjchkk
[-] [C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ojpijjmpahflnipadmlpgbjmagmjchkk
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [31357 bytes] ##########


#6 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 December 2015 - 02:02 PM

Here's the output from Combofix:

 

 

ComboFix 15-12-24.01 - Cecilia 12/25/2015  12:05:13.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4084.1889 [GMT -6:00]
Running from: c:\users\Cecilia\Desktop\ComboFix.exe
AV: Norton 360 Premier *Disabled/Outdated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton 360 Premier *Disabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton 360 Premier *Disabled/Outdated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\runonce\devxexec.exe
c:\program files (x86)\runonce\StartSavin.exe
c:\program files (x86)\Start Savin
c:\program files (x86)\Start Savin\AppFramework\appAPI_bg.js
c:\program files (x86)\Start Savin\AppFramework\appAPI_browseraction.js
c:\program files (x86)\Start Savin\AppFramework\appAPI_common.js
c:\program files (x86)\Start Savin\AppFramework\appAPI_content.js
c:\program files (x86)\Start Savin\AppFramework\appAPI_settings.js
c:\program files (x86)\Start Savin\AppFramework\appAPI_webrequest.js
c:\program files (x86)\Start Savin\AppFramework\jquery.min.js
c:\program files (x86)\Start Savin\background.html
c:\program files (x86)\Start Savin\CanvasFramework\canvas.js
c:\program files (x86)\Start Savin\CanvasFramework\canvas_bg.js
c:\program files (x86)\Start Savin\CanvasFramework\canvas_content.js
c:\program files (x86)\Start Savin\CanvasFramework\canvasscript_engine.js
c:\program files (x86)\Start Savin\CanvasFramework\jquery.min.js
c:\program files (x86)\Start Savin\CanvasFramework\md5.js
c:\program files (x86)\Start Savin\CanvasFramework\registry.js
c:\program files (x86)\Start Savin\CanvasFramework\webrequest.js
c:\program files (x86)\Start Savin\config.xml
c:\program files (x86)\Start Savin\extension_info.json
c:\program files (x86)\Start Savin\framework-ui\browser_button.js
c:\program files (x86)\Start Savin\framework-ui\context_menu.js
c:\program files (x86)\Start Savin\framework-ui\context_menu_item_handler.html
c:\program files (x86)\Start Savin\framework-ui\framework_api.js
c:\program files (x86)\Start Savin\framework-ui\notification.html
c:\program files (x86)\Start Savin\framework-ui\notifications.js
c:\program files (x86)\Start Savin\framework-ui\options.js
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\bottom-left.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\bottom-middle.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\bottom-right.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\middle-left.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\middle-right.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\tail-bottom.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\tail-left.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\tail-right.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\tail-top.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\top-left.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\top-middle.png
c:\program files (x86)\Start Savin\framework-ui\theme\bubble\top-right.png
c:\program files (x86)\Start Savin\framework-ui\ui_base.js
c:\program files (x86)\Start Savin\framework\api.js
c:\program files (x86)\Start Savin\framework\backgroundscript_engine.js
c:\program files (x86)\Start Savin\framework\base.js
c:\program files (x86)\Start Savin\framework\browser.js
c:\program files (x86)\Start Savin\framework\console.js
c:\program files (x86)\Start Savin\framework\core.js
c:\program files (x86)\Start Savin\framework\extension_info.js
c:\program files (x86)\Start Savin\framework\framework.js
c:\program files (x86)\Start Savin\framework\global.js
c:\program files (x86)\Start Savin\framework\i18n.js
c:\program files (x86)\Start Savin\framework\initialize.js
c:\program files (x86)\Start Savin\framework\invoke.js
c:\program files (x86)\Start Savin\framework\invoke_async.js
c:\program files (x86)\Start Savin\framework\io.js
c:\program files (x86)\Start Savin\framework\json2.js
c:\program files (x86)\Start Savin\framework\lang.js
c:\program files (x86)\Start Savin\framework\legacy.js
c:\program files (x86)\Start Savin\framework\loader.js
c:\program files (x86)\Start Savin\framework\message_target.js
c:\program files (x86)\Start Savin\framework\messaging.js
c:\program files (x86)\Start Savin\framework\storage.js
c:\program files (x86)\Start Savin\framework\timer.js
c:\program files (x86)\Start Savin\framework\updater.js
c:\program files (x86)\Start Savin\framework\userscript_client.js
c:\program files (x86)\Start Savin\framework\userscript_engine.js
c:\program files (x86)\Start Savin\framework\utils.js
c:\program files (x86)\Start Savin\framework\xhr.js
c:\program files (x86)\Start Savin\FrameworkBHO.dll
c:\program files (x86)\Start Savin\FrameworkBHO64.dll
c:\program files (x86)\Start Savin\FrameworkEngine.exe
c:\program files (x86)\Start Savin\icons\button.png
c:\program files (x86)\Start Savin\icons\icon100.png
c:\program files (x86)\Start Savin\icons\icon128.png
c:\program files (x86)\Start Savin\icons\icon32.png
c:\program files (x86)\Start Savin\icons\icon48.png
c:\programdata\ntuser.pol
c:\programdata\SPL22B0.tmp
c:\programdata\SPL23B6.tmp
c:\programdata\SPL65E4.tmp
c:\programdata\SPL75CE.tmp
c:\programdata\SPL8621.tmp
c:\programdata\SPL873C.tmp
c:\programdata\SPL8AF8.tmp
c:\programdata\SPL8C3C.tmp
c:\programdata\SPL91E2.tmp
c:\programdata\SPL927E.tmp
c:\programdata\SPL95A9.tmp
c:\programdata\SPL9839.tmp
c:\programdata\SPL9E8F.tmp
c:\programdata\SPL9F3B.tmp
c:\programdata\SPL9FD8.tmp
c:\programdata\SPLA36C.tmp
c:\programdata\SPLA7B4.tmp
c:\programdata\SPLAD10.tmp
c:\programdata\SPLADA.tmp
c:\programdata\SPLB174.tmp
c:\programdata\SPLB328.tmp
c:\programdata\SPLC0FF.tmp
c:\programdata\SPLC735.tmp
c:\programdata\SPLC844.tmp
c:\programdata\SPLCC06.tmp
c:\programdata\SPLD651.tmp
c:\programdata\SPLF2D7.tmp
c:\programdata\SPLFECE.tmp
C:\Recycle.Bin
C:\torrent.exe
c:\users\Cecilia\AppData\Local\Start Savin
c:\users\Cecilia\AppData\Local\Start Savin\canvas.js
c:\users\Cecilia\AppData\Local\Start Savin\chrome_gp_update.js
c:\users\Cecilia\AppData\Local\Start Savin\chrome_installer.js
c:\users\Cecilia\AppData\Local\Start Savin\chrome_workaround.js
c:\users\Cecilia\AppData\Local\Start Savin\clear_cache.js
c:\users\Cecilia\AppData\Local\Start Savin\common.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\AppFramework\appAPI_bg.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\AppFramework\appAPI_browseraction.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\AppFramework\appAPI_common.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\AppFramework\appAPI_content.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\AppFramework\appAPI_settings.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\AppFramework\appAPI_webrequest.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\AppFramework\jquery.min.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\background.html
c:\users\Cecilia\AppData\Local\Start Savin\firefox\bootstrap.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\canvas.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\canvas_bg.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\canvas_content.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\canvasscript_engine.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\jquery.min.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\md5.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\registry.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\CanvasFramework\webrequest.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\chrome.manifest
c:\users\Cecilia\AppData\Local\Start Savin\firefox\extension_info.json
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\browser_button.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\content_notifications.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\contentNotification.tmpl
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\contentNotificationStyle.tmpl
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\context_menu.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\framework_api.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\notifications.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\options.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework-ui\ui_base.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\api.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\backgroundscript_engine.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\base.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\browser.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\chrome_windows.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\console.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\content_proxy.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\core.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\extension_info.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\framework.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\i18n.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\invoke.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\invoke_async.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\io.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\lang.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\legacy.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\loader.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\message_target.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\messaging.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\storage.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\timer.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\uninstall.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\userscript_client.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\userscript_engine.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\utils.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\framework\xhr.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\icons\button.png
c:\users\Cecilia\AppData\Local\Start Savin\firefox\icons\icon100.png
c:\users\Cecilia\AppData\Local\Start Savin\firefox\icons\icon128.png
c:\users\Cecilia\AppData\Local\Start Savin\firefox\icons\icon32.png
c:\users\Cecilia\AppData\Local\Start Savin\firefox\icons\icon48.png
c:\users\Cecilia\AppData\Local\Start Savin\firefox\includes\content.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\includes\content_loader.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\includes\content_messaging.js
c:\users\Cecilia\AppData\Local\Start Savin\firefox\install.rdf
c:\users\Cecilia\AppData\Local\Start Savin\firefox_installer.js
c:\users\Cecilia\AppData\Local\Start Savin\gpedit.exe
c:\users\Cecilia\AppData\Local\Start Savin\icon.ico
c:\users\Cecilia\AppData\Local\Start Savin\ie_installer.js
c:\users\Cecilia\AppData\Local\Start Savin\installer.js
c:\users\Cecilia\AppData\Local\Start Savin\main_installer.js
c:\users\Cecilia\AppData\Local\Start Savin\migrate.js
c:\users\Cecilia\AppData\Local\Start Savin\projectInstaller.js
c:\users\Cecilia\AppData\Local\Start Savin\repair.js
c:\users\Cecilia\AppData\Local\Start Savin\repair_data.json
c:\users\Cecilia\AppData\Local\Start Savin\SoftwareDetector.exe
c:\users\Cecilia\AppData\Local\Start Savin\sqlite3.exe
c:\users\Cecilia\AppData\Local\Start Savin\storageedit.exe
c:\users\Cecilia\AppData\Local\Start Savin\systeminfo.js
c:\users\Cecilia\AppData\Local\Start Savin\systemreport.js
c:\users\Cecilia\AppData\Local\Start Savin\uninstall.exe
c:\users\Cecilia\FRST64.exe
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\1915617f963cd258.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\254ed6519b3700a6.fb
c:\windows\SysWow64\Cache\286d35f8922679e2.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\4afa6e0753a84021.fb
c:\windows\SysWow64\Cache\54a3e2efe40894c1.fb
c:\windows\SysWow64\Cache\5745076677b46d0c.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\695c9d538dc9b0c2.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\99989e199526f6d9.fb
c:\windows\SysWow64\Cache\c5b335ea31960994.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\e4dea463f53337f1.fb
c:\windows\SysWow64\Cache\ebd5d6153fe2bad2.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-25 to 2015-12-25  )))))))))))))))))))))))))))))))
.
.
2015-12-25 18:47 . 2015-12-25 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-12-25 18:47 . 2015-12-25 18:47 -------- d-----w- c:\users\Cecilia\AppData\Local\temp
2015-12-25 16:27 . 2015-12-25 16:27 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-12-25 07:45 . 2015-12-25 07:45 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9088D9D6-92C2-4B92-9504-23E6BCFEAC06}\offreg.972.dll
2015-12-25 07:39 . 2015-11-25 11:02 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9088D9D6-92C2-4B92-9504-23E6BCFEAC06}\mpengine.dll
2015-12-24 18:24 . 2015-12-24 18:28 -------- d-----w- C:\FRST
2015-12-09 22:18 . 2015-11-05 09:07 14848 ----a-w- c:\windows\SysWow64\wshrm.dll
2015-12-09 22:18 . 2015-11-05 08:55 17408 ----a-w- c:\windows\system32\wshrm.dll
2015-12-09 22:18 . 2015-11-05 07:54 140800 ----a-w- c:\windows\system32\drivers\rmcast.sys
2015-12-09 22:11 . 2015-11-06 17:05 648704 ----a-w- c:\windows\SysWow64\user32.dll
2015-12-09 22:11 . 2015-11-06 16:43 820224 ----a-w- c:\windows\system32\user32.dll
2015-12-09 22:11 . 2015-11-06 15:37 2799104 ----a-w- c:\windows\system32\win32k.sys
2015-12-09 22:11 . 2015-11-06 15:20 1073152 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-12-09 21:54 . 2015-11-05 07:42 2048 ----a-w- c:\windows\system32\tzres.dll
2015-12-09 21:54 . 2015-11-05 07:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-12-09 21:50 . 2015-11-10 17:03 1208832 ----a-w- c:\windows\SysWow64\comsvcs.dll
2015-12-09 21:50 . 2015-11-10 17:03 488448 ----a-w- c:\windows\SysWow64\catsrvut.dll
2015-12-09 21:50 . 2015-11-10 16:40 1683968 ----a-w- c:\windows\system32\comsvcs.dll
2015-12-09 21:50 . 2015-11-10 16:40 533504 ----a-w- c:\windows\system32\catsrvut.dll
2015-11-29 03:48 . 2015-11-29 17:50 -------- d-----w- c:\windows\system32\drivers\N360x64\1605050.00F
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-09 21:58 . 2006-11-02 12:35 140158008 ----a-w- c:\windows\system32\mrt.exe
2015-12-09 00:04 . 2013-08-12 21:51 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-09 00:04 . 2011-08-13 18:15 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-02 19:18 . 2009-10-26 20:46 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-10-17 16:01 . 2015-11-12 16:55 501248 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-10-17 15:41 . 2015-11-12 16:55 659456 ----a-w- c:\windows\system32\kerberos.dll
2015-10-14 20:25 . 2015-11-12 16:23 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-10-14 20:25 . 2015-11-12 16:23 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-10-14 15:47 . 2015-11-12 16:23 4691392 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-10-13 14:45 . 2015-11-12 16:26 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2015-10-13 14:44 . 2015-11-12 16:26 94720 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-10-13 07:29 . 2015-10-13 07:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 07:29 . 2015-10-13 07:29 536768 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-10-13 07:22 . 2015-10-13 07:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-13 07:22 . 2015-10-13 07:22 678592 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-10-10 15:48 . 2015-11-12 16:51 736192 ----a-w- c:\windows\system32\drivers\ndis.sys
2014-10-24 02:12 . 2014-10-24 02:12 6000640 ----a-w- c:\program files (x86)\GUT29F.tmp
2011-10-10 04:07 . 2011-10-10 04:07 161784896 ----a-w- c:\program files\N360_5.0.0.125_MS_LOEM_MRF1441_5671.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2012-03-19 347008]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-12-26 149280]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Mirror for Photos"="c:\program files (x86)\Memorex\Mirror for Photos\MMFP.exe" [2010-08-26 2664960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Start Savin-repairJob"="wscript.exe" [2013-10-11 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-18 00:14 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12 00:04]
.
2014-05-11 c:\windows\Tasks\File Helper.job
- c:\program files (x86)\File Helper\1.1.0.1\FileHelper.exe [2009-08-28 00:18]
.
2015-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 16:47]
.
2015-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 16:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-27 757248]
"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2009-09-04 676520]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2009-09-04 16040]
"pcreg"="c:\program files\wrapper_inst\service.exe" [2013-08-17 346720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:3128
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{795828a9-f271-43a8-8536-4484bb991d3d} - (no file)
BHO-{181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - c:\program files (x86)\Start Savin\FrameworkBHO.dll
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exe
Wow6432Node-HKCU-Run-ywcovi - c:\users\Cecilia\AppData\Roaming\uk-UAV.dll
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-FService - c:\program files (x86)\Bench\FService\1.1\fservice.exe
Wow6432Node-HKLM-Run-FService64 - c:\program files (x86)\Bench\FService\1.1\fservice64.exe
WebBrowser-{795828A9-F271-43A8-8536-4484BB991D3D} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-FromDocToPDF Home Page Guard 64 bit - c:\progra~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe
AddRemove-35450_Start Savin - c:\users\Cecilia\AppData\Local\Start Savin\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\22.5.5.15\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\22.5.5.15\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1605050.00F\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\22.5.5.15;c:\program files (x86)\Norton 360\Engine64\22.5.5.15"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2015-12-25  12:52:26
ComboFix-quarantined-files.txt  2015-12-25 18:52
.
Pre-Run: 146,918,322,176 bytes free
Post-Run: 147,154,792,448 bytes free
.
- - End Of File - - F7B168A4740DBA6499DCC199317D9A51
81CD5EC01DB0CE57EDD853F82462EF27


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:32 PM

Posted 25 December 2015 - 02:05 PM

:thumbup2:

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 December 2015 - 02:55 PM

Malwarebytes results report below:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/25/2015
Scan Time: 1:12:36 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.25.05
Rootkit Database: v2015.12.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Cecilia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 395427
Time Elapsed: 34 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 18
PUP.Optional.StartSavin, HKLM\SOFTWARE\CLASSES\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}, Quarantined, [0a3f2b7e256686b0c482db89689a39c7], 
PUP.Optional.StartSavin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}, Quarantined, [0a3f2b7e256686b0c482db89689a39c7], 
PUP.Optional.StartSavin, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{26C894E6-DB3B-453A-8E4C-CCB69336561E}, Quarantined, [0a3f2b7e256686b0c482db89689a39c7], 
PUP.Optional.StartSavin, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}, Quarantined, [cb7eabfe3457e1551431630192703cc4], 
PUP.Optional.StartSavin, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}, Quarantined, [cb7eabfe3457e1551431630192703cc4], 
PUP.Optional.StartSavin, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}, Quarantined, [cb7eabfe3457e1551431630192703cc4], 
PUP.Optional.MyFreeze, HKLM\SOFTWARE\CLASSES\NetAssistant.NetAssistantBHO, Quarantined, [9bae802991fabb7b40f5ca9831d1e31d], 
PUP.Optional.MyFreeze, HKLM\SOFTWARE\CLASSES\NetAssistant.NetAssistantBHO.1, Quarantined, [8ebb2c7de5a67fb72e070062c04203fd], 
PUP.Optional.MyFreeze, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NetAssistant.NetAssistantBHO, Quarantined, [8ebb2c7de5a67fb72e070062c04203fd], 
PUP.Optional.MyFreeze, HKLM\SOFTWARE\WOW6432NODE\CLASSES\NetAssistant.NetAssistantBHO.1, Quarantined, [8ebb2c7de5a67fb72e070062c04203fd], 
PUP.Optional.MyFreeze, HKLM\SOFTWARE\CLASSES\WOW6432NODE\NetAssistant.NetAssistantBHO, Quarantined, [8ebb2c7de5a67fb72e070062c04203fd], 
PUP.Optional.MyFreeze, HKLM\SOFTWARE\CLASSES\WOW6432NODE\NetAssistant.NetAssistantBHO.1, Quarantined, [8ebb2c7de5a67fb72e070062c04203fd], 
PUP.Optional.WeCare, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ippkomaaonokjnfjoikaemidanojkfmm, Quarantined, [2722b5f4751680b6ef335d6f39ca54ac], 
PUP.Optional.ValueApps, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\lcnnhcneegeeojhgpfijnlnocjdmlaon, Quarantined, [75d4baefb2d92a0ca762d0f98f74b54b], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\OJPIJJMPAHFLNIPADMLPGBJMAGMJCHKK, Quarantined, [b792793093f811251103a218fb07c937], 
PUP.Optional.WeCareReminder, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}, Quarantined, [85c47d2c8dfe44f284a37359b54ee020], 
PUP.Optional.ValueApps, HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lcnnhcneegeeojhgpfijnlnocjdmlaon, Quarantined, [2920d9d0117a39fdbf494782de25a35d], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\OJPIJJMPAHFLNIPADMLPGBJMAGMJCHKK, Quarantined, [24259f0ab6d5e84eed28cfebe71b05fb], 
 
Registry Values: 8
PUP.Optional.ChatZum, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|pcreg, C:\Program Files\wrapper_inst\service.exe, Quarantined, [bb8e2b7e4f3cd26410b081d8828215eb]
PUP.Optional.MindSpark, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|FromDocToPDF Home Page Guard 64 bit, "C:\PROGRA~2\FROMDO~2\bar\1.bin\AppIntegrator64.exe", Quarantined, [4ffa119828632c0a0af3d6b549ba23dd]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ojpijjmpahflnipadmlpgbjmagmjchkk|path, C:\Users\Cecilia\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx, Quarantined, [b792793093f811251103a218fb07c937]
PUP.Optional.SmartApps, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Start Savin-repairJob, wscript.exe "C:\Users\Cecilia\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob", Quarantined, [4801bbeea0ebda5c1697bebb31d27f81]
PUP.Optional.WeCareReminder, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}|Publisher, We-Care.com, Quarantined, [85c47d2c8dfe44f284a37359b54ee020]
PUP.Optional.WeCareReminder, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{B618B8E1-FB71-4237-8361-C3EA3EF15EF7}|DisplayName, ASPCA Reminder by We-Care.com v4.1.18.1, Quarantined, [4009a1088ffc45f18c9b646860a3a45c]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ojpijjmpahflnipadmlpgbjmagmjchkk|path, C:\Users\Cecilia\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx, Quarantined, [24259f0ab6d5e84eed28cfebe71b05fb]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:3128, Quarantined, [2a1fc3e63c4f88aef2e51fd225de837d]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 5
PUP.Optional.ConduitTB.Gen, C:\Users\Cecilia\AppData\Local\CRE, Quarantined, [0e3b2c7d216a0531ef24d4e6fa0853ad], 
PUP.Optional.StartSavin, C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Savin, Quarantined, [8dbcd7d20c7fdf576df41493d230a55b], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com, Delete-on-Reboot, [e564e2c79cef2313ec331e9434ce8977], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\chrome, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
 
Files: 48
PUP.Optional.ChatZum, C:\Program Files\wrapper_inst\service.exe, Quarantined, [bb8e2b7e4f3cd26410b081d8828215eb], 
PUP.Optional.SofTonic, C:\Users\Cecilia\Downloads\SoftonicDownloader_for_slingplayer.exe, Quarantined, [43066643494296a07abdcc61c33efa06], 
PUP.Optional.ConduitTB.Gen, C:\Users\Cecilia\AppData\Local\CRE\ojpijjmpahflnipadmlpgbjmagmjchkk.crx, Quarantined, [0e3b2c7d216a0531ef24d4e6fa0853ad], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.10197212047344983.exe, Quarantined, [9eab01a86d1e92a4a16552e463a0b848], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.215837594675935.exe, Quarantined, [6adf99103d4e8aacc93d48ee29dadc24], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.2172363269330455.exe, Quarantined, [9bae1198177430065fa792a4699a04fc], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.23777053799793857.exe, Quarantined, [b2979415b0db2c0a8f771125ef14946c], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.2884794378556572.exe, Quarantined, [67e28821206b1224b74f55e1db288d73], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.31304098636632616.exe, Quarantined, [1b2e24853853f343976ffb3bee15f10f], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.32759703123524175.exe, Quarantined, [d871bbee5338d85e6f9764d230d3f010], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.3376853800146331.exe, Quarantined, [f3569d0c08839f9707ff88ae22e139c7], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.3461332756119446.exe, Quarantined, [df6a01a83e4d60d6897d43f3df24dd23], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.40812692265156714.exe, Quarantined, [54f5dbce781383b3df2784b22bd803fd], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.4656064243167539.exe, Quarantined, [4bfee0c9107b2d098482979f649f768a], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.47811895307857755.exe, Quarantined, [e8619f0a0d7ef73f8d795fd7c93a1fe1], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5009891863032833.exe, Quarantined, [4ffac0e94a41092d24e270c6b1527b85], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5271609997853948.exe, Quarantined, [8ebb2881eba0b0860600ef471de644bc], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5324059161428474.exe, Quarantined, [d574c3e6e4a74cea5caaf73fb94a45bb], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5379950771145285.exe, Quarantined, [3e0bd0d9ddae63d3dd291a1ca65dbb45], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5550941245127593.exe, Quarantined, [8abf8227424958de7690e4526c97f808], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5775425289729406.exe, Quarantined, [9cad50598efdb185f6106cca9370d22e], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5864763511316429.exe, Quarantined, [c6835554becd73c3709640f62dd68878], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.5990985881490263.exe, Quarantined, [bf8a6049bccf1a1cc83e181e798a619f], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.6429795414257906.exe, Quarantined, [79d02b7e79127bbb35d1181e719243bd], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.6679203515506513.exe, Quarantined, [a2a747626328a98dba4c171f19eaf30d], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.6927015856188907.exe, Quarantined, [2722a60391faa690a85ec274e91a9f61], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.6932005810309299.exe, Quarantined, [a4a53d6ccebdfd39937341f5de25a45c], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.6978631576983204.exe, Quarantined, [20292089f19a93a3d23460d6768d2fd1], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.7512294839233663.exe, Quarantined, [6edbeebbeaa1c76fbf47bc7a689b9f61], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.7535155403768783.exe, Quarantined, [d673c5e42b60a4924abca195cf345da3], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.8139544038391864.exe, Quarantined, [2722a207b4d7340222e41e18ba49d828], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.8271501524394349.exe, Quarantined, [f1589b0e62291a1cfc0aba7c83802ed2], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.871629174102834.exe, Quarantined, [0544c3e62368023430d650e6a85bc63a], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.9109150348216986.exe, Quarantined, [a0a90d9c8902c373c83e9b9b8f74916f], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.9631266642927945.exe, Quarantined, [a2a7eabf6b205cdab0565adc748f55ab], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.9733031312178324.exe, Quarantined, [bb8ef0b9dbb00a2c12f482b423e050b0], 
Trojan.Agent.Gen, C:\Users\Cecilia\0.9937522860440025.exe, Quarantined, [e66338711972270f5fa7f14556add12f], 
PUP.Optional.ProxyHijacker, C:\Users\Cecilia\AppData\Local\proxy.log, Quarantined, [4ffa1891f596eb4bcfbee823ec1826da], 
PUP.Optional.Conduit, C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.vaccint.com_0.localstorage, Quarantined, [d1789316cbc0989e84a63bd37094f10f], 
PUP.Optional.StartSavin, C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Savin\Browser Guardian Settings.url, Quarantined, [8dbcd7d20c7fdf576df41493d230a55b], 
PUP.Optional.StartSavin, C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Savin\Browser Guardian.lnk, Quarantined, [8dbcd7d20c7fdf576df41493d230a55b], 
PUP.Optional.StartSavin, C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Savin\Uninstall.lnk, Quarantined, [8dbcd7d20c7fdf576df41493d230a55b], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\chrome.manifest, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\install.rdf, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\chrome\rgtextlinks.jar, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.js, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
PUP.Optional.GamesVance, C:\Users\Cecilia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.xpt, Quarantined, [e564e2c79cef2313ec331e9434ce8977], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 December 2015 - 03:13 PM

FRST.txt output:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Cecilia (administrator) on HOME (25-12-2015 14:08:16)
Running from C:\Users\Cecilia\Desktop\FRS
Loaded Profiles: Cecilia (Available Profiles: Cecilia)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
( ) C:\Windows\System32\lxducoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\n360.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\n360.exe
() C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Windows\vVX3000.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(EasyBits Software AS) C:\ProgramData\GameXN\GameXNGO.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Imation Corp) C:\Program Files (x86)\Memorex\Mirror for Photos\MMFP.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HP Remote Software] => C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe [172032 2009-02-06] ()
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [915512 2009-03-05] (Hewlett-Packard)
HKLM\...\Run: [VX3000] => C:\Windows\vVX3000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2009-09-04] ()
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [3453440 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2009-09-04] ()
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] => c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [210216 2009-02-02] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424 2009-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640 2009-04-10] (CyberLink)
HKLM-x32\...\Run: [DVDAgent] => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2009-03-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [118624 2009-07-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-12-26] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Mirror for Photos] => C:\Program Files (x86)\Memorex\Mirror for Photos\MMFP.exe [2664960 2010-08-26] (Imation Corp)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-10] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [GameXN GO] => C:\ProgramData\GameXN\GameXNGO.exe [347008 2012-03-19] (EasyBits Software AS)
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3079168 2009-04-10] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-02-22]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk [2009-05-27]
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{44983826-B96D-483B-B502-983A02AB6905}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D44FC3A4-5C45-465B-A6BD-C8D7EE5E35DE}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {736A98FF-BCE5-4BA1-A824-756A8171A0A1} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM -> {7CD2274A-3DD2-475E-A3F5-2A477D05A3C0} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {736A98FF-BCE5-4BA1-A824-756A8171A0A1} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> {736A98FF-BCE5-4BA1-A824-756A8171A0A1} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2009-09-04] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-12-26] (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-11-12] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-08-14] (Skype Technologies S.A.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-10] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2009-10-30] (the VideoLAN Team)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3113189444-1855527629-3296059688-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\Cecilia\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll [2010-02-01] ( )
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-30] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U17) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Cecilia\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Norton Identity Safe) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-18]
CHR Extension: (Skype Click to Call) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-05]
CHR Extension: (Google Wallet) - C:\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-19]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-08-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-03-17] (Hewlett-Packard Company) [File not signed]
R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [33960 2009-08-19] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1044136 2009-08-19] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [594600 2009-08-19] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciServiceHost; C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [315392 2011-09-09] (Alcatel-Lucent) [File not signed]
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; no ImagePath
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-10] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150822.002\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150822.002\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-22] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMTDIV.SYS [477400 2015-11-11] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-25 13:09 - 2015-12-25 13:59 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-25 13:09 - 2015-12-25 13:09 - 00000903 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-25 13:09 - 2015-12-25 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-25 13:09 - 2015-12-25 13:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-25 13:09 - 2015-12-25 13:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-25 13:09 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-25 13:09 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-25 13:09 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-25 12:52 - 2015-12-25 12:52 - 00031658 _____ C:\ComboFix.txt
2015-12-25 12:00 - 2015-12-25 12:52 - 00000000 ____D C:\Qoobox
2015-12-25 12:00 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-25 12:00 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-25 12:00 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-25 12:00 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-25 12:00 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-25 12:00 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-25 12:00 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-25 12:00 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-25 11:59 - 2015-12-25 12:49 - 00000000 ____D C:\Windows\erdnt
2015-12-25 11:55 - 2015-12-25 11:53 - 05641584 ____R (Swearware) C:\Users\Cecilia\Desktop\ComboFix.exe
2015-12-25 11:52 - 2015-12-25 11:53 - 05641584 _____ (Swearware) C:\Users\Cecilia\Downloads\ComboFix.exe
2015-12-25 10:34 - 2015-12-25 10:33 - 01743360 _____ C:\Users\Cecilia\Desktop\AdwCleaner.exe
2015-12-25 10:33 - 2015-12-25 10:33 - 01743360 _____ C:\Users\Cecilia\Downloads\AdwCleaner.exe
2015-12-25 10:27 - 2015-12-25 10:27 - 00001061 _____ C:\Users\Cecilia\Desktop\Revo Uninstaller.lnk
2015-12-25 10:27 - 2015-12-25 10:27 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-25 10:27 - 2015-12-25 10:27 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-24 12:24 - 2015-12-25 14:08 - 00000000 ____D C:\FRST
2015-12-24 12:18 - 2015-12-25 14:08 - 00000000 ____D C:\Users\Cecilia\Desktop\FRS
2015-12-24 12:09 - 2015-12-24 12:09 - 02370560 _____ (Farbar) C:\Users\Cecilia\Downloads\FRST64.exe
2015-12-11 23:23 - 2015-12-11 23:23 - 00703017 _____ C:\Users\Cecilia\Documents\Marcecheque.pdf
2015-12-11 23:22 - 2015-12-11 23:22 - 00701099 _____ C:\Users\Cecilia\Documents\12-11-2015 11;22;06PM.pdf
2015-12-11 22:32 - 2015-12-11 22:32 - 02548934 _____ C:\Users\Cecilia\Documents\marcetaxes1.pdf
2015-12-11 22:26 - 2015-12-11 22:26 - 01195352 _____ C:\Users\Cecilia\Documents\12-11-2015 10;25;49PM.pdf
2015-12-11 22:25 - 2015-12-11 22:25 - 02550136 _____ C:\Users\Cecilia\Documents\12-11-2015 10;24;47PM.pdf
2015-12-11 22:07 - 2015-12-11 22:07 - 00851654 _____ C:\Users\Cecilia\Documents\marcetaxes.pdf
2015-12-11 22:05 - 2015-12-11 22:05 - 00848871 _____ C:\Users\Cecilia\Documents\12-11-2015 10;05;39PM.pdf
2015-12-09 16:18 - 2015-11-05 03:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-09 16:18 - 2015-11-05 02:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-09 16:18 - 2015-11-05 01:54 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-09 16:12 - 2015-11-06 10:36 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-12-09 16:12 - 2015-11-06 10:36 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-12-09 16:12 - 2015-11-06 10:36 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-12-09 16:12 - 2015-11-06 10:36 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-12-09 16:12 - 2015-11-06 10:32 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-12-09 16:12 - 2015-11-06 10:00 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-12-09 16:12 - 2015-11-06 09:59 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-12-09 16:12 - 2015-11-06 09:50 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-12-09 16:12 - 2015-11-06 09:47 - 01561600 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-09 16:12 - 2015-11-06 09:47 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-09 16:12 - 2015-11-06 09:27 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-12-09 16:12 - 2015-11-06 09:26 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-12-09 16:12 - 2015-11-06 09:20 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-12-09 16:12 - 2015-11-02 11:04 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-09 16:12 - 2015-11-02 10:44 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-09 16:11 - 2015-11-06 11:05 - 00648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 16:11 - 2015-11-06 10:43 - 00820224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-09 16:11 - 2015-11-06 09:37 - 02799104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-09 16:11 - 2015-11-06 09:20 - 01073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-09 15:54 - 2015-11-05 01:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-09 15:54 - 2015-11-05 01:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-09 15:50 - 2015-11-10 11:03 - 01208832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 15:50 - 2015-11-10 11:03 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 15:50 - 2015-11-10 10:40 - 01683968 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-09 15:50 - 2015-11-10 10:40 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 15:38 - 2015-11-12 15:16 - 17892864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 15:38 - 2015-11-12 15:13 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 15:38 - 2015-11-12 15:09 - 10937856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 15:38 - 2015-11-12 15:08 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 15:38 - 2015-11-12 15:08 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 15:38 - 2015-11-12 15:07 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 15:38 - 2015-11-12 15:07 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 15:38 - 2015-11-12 15:06 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 15:38 - 2015-11-12 15:06 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 15:38 - 2015-11-12 15:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-12-08 15:38 - 2015-11-12 15:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-12-08 15:38 - 2015-11-12 15:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-12-08 15:38 - 2015-11-12 14:39 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-08 15:38 - 2015-11-12 14:37 - 12389376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-08 15:38 - 2015-11-12 14:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-08 15:38 - 2015-11-12 14:34 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-08 15:38 - 2015-11-12 14:34 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-08 15:38 - 2015-11-12 14:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-08 15:38 - 2015-11-12 14:32 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-08 15:38 - 2015-11-12 14:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-12-08 15:38 - 2015-11-12 14:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-12-08 15:38 - 2015-11-12 14:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-08 15:38 - 2015-11-12 14:31 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-08 15:38 - 2015-11-12 14:31 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-12-08 15:09 - 2015-12-08 15:09 - 02444328 _____ C:\Users\Cecilia\Documents\12-08-2015 03;08;52PM.pdf
2015-11-29 11:58 - 2015-11-29 11:58 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2015-11-29 11:51 - 2015-11-29 11:51 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-25 14:04 - 2013-08-12 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-25 14:03 - 2009-08-27 20:26 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Skype
2015-12-25 14:02 - 2011-11-27 20:18 - 00000000 ____D C:\ProgramData\GameXN
2015-12-25 13:58 - 2011-08-16 17:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-25 13:57 - 2006-11-02 09:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-25 13:57 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-25 13:57 - 2006-11-02 09:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-25 13:57 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\Cursors
2015-12-25 13:56 - 2006-11-02 09:42 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-25 13:51 - 2011-10-10 07:03 - 00000000 ____D C:\Users\Cecilia\AppData\Local\CrashDumps
2015-12-25 13:48 - 2013-08-16 20:35 - 00000000 ____D C:\Program Files\wrapper_inst
2015-12-25 13:48 - 2009-08-25 23:32 - 00000000 ____D C:\Users\Cecilia
2015-12-25 13:13 - 2011-08-16 17:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-25 12:52 - 2006-11-02 07:33 - 00000000 ____D C:\Windows
2015-12-25 12:48 - 2006-11-02 06:34 - 00000215 _____ C:\Windows\system.ini
2015-12-25 12:46 - 2014-01-08 14:55 - 00000000 ____D C:\Program Files (x86)\runonce
2015-12-25 11:11 - 2014-01-08 16:48 - 00000000 ____D C:\Users\Cecilia\AppData\LocalLow\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A}
2015-12-25 11:08 - 2011-10-24 18:29 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\go
2015-12-25 11:04 - 2012-09-08 14:51 - 00000000 ____D C:\Users\Cecilia\AppData\LocalLow\Yahoo!
2015-12-25 11:04 - 2010-04-02 20:29 - 00000000 ____D C:\Users\Cecilia\AppData\Roaming\Yahoo!
2015-12-25 11:04 - 2010-02-22 17:37 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-12-25 11:00 - 2014-01-04 17:27 - 00000000 ____D C:\AdwCleaner
2015-12-22 23:27 - 2011-06-06 23:03 - 00011000 _____ C:\Users\Cecilia\Documents\Gastos Mensuales.xlsx
2015-12-22 22:06 - 2014-02-28 16:33 - 00752706 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-22 22:06 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\inf
2015-12-22 22:06 - 2006-11-02 06:46 - 00752706 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-17 22:28 - 2011-03-15 12:52 - 00068285 _____ C:\Users\Cecilia\Documents\Acumulados Gross & Taxes.xlsx
2015-12-17 22:18 - 2013-07-28 17:52 - 00012662 _____ C:\Users\Cecilia\Documents\Copy of Copy of Movimiento Bancos.xlsx
2015-12-17 22:06 - 2009-09-01 01:00 - 00000000 ____D C:\Users\Cecilia\Documents\Jani King
2015-12-17 22:05 - 2010-05-17 19:50 - 00000000 ____D C:\ProgramData\Lx_cats
2015-12-17 18:19 - 2013-03-12 20:38 - 00001943 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-11 22:27 - 2006-11-02 07:33 - 00000000 ____D C:\Windows\rescache
2015-12-11 21:55 - 2006-11-02 09:21 - 00394576 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-11 21:54 - 2009-05-27 16:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 16:21 - 2009-09-01 00:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 16:18 - 2010-06-04 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 16:11 - 2013-08-15 19:55 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 16:01 - 2011-03-16 16:50 - 00011308 _____ C:\Users\Cecilia\Documents\taxes form 941.xlsx
2015-12-09 15:58 - 2006-11-02 06:35 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-12-08 18:04 - 2013-08-12 15:51 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-08 18:04 - 2013-08-12 15:51 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-08 18:04 - 2011-08-13 12:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-04 21:08 - 2011-08-16 17:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 21:08 - 2011-08-16 17:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 13:18 - 2009-10-26 14:46 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-29 12:07 - 2010-05-18 20:05 - 00002545 _____ C:\Users\Cecilia\Desktop\ABBYY FineReader 6.0 Sprint.lnk
2015-11-29 11:53 - 2011-10-09 22:08 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2015-11-29 11:51 - 2015-08-30 10:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-11-29 11:51 - 2015-08-22 20:34 - 00001977 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
 
==================== Files in the root of some directories =======
 
2011-10-09 22:07 - 2011-10-09 22:07 - 161784896 _____ (Symantec Corporation) C:\Program Files\N360_5.0.0.125_MS_LOEM_MRF1441_5671.exe
2014-10-23 20:12 - 2014-10-23 20:12 - 6000640 _____ () C:\Program Files (x86)\GUT29F.tmp
2011-10-09 20:46 - 2011-10-13 17:04 - 0011464 _____ () C:\Users\Cecilia\AppData\Roaming\E548.751
2009-08-25 23:43 - 2009-08-25 23:43 - 0000000 _____ () C:\Users\Cecilia\AppData\Roaming\wklnhst.dat
2009-11-25 12:35 - 2015-09-20 19:46 - 0001356 _____ () C:\Users\Cecilia\AppData\Local\d3d9caps.dat
2009-08-31 00:49 - 2013-06-25 11:55 - 0054272 _____ () C:\Users\Cecilia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-09 22:07 - 2011-10-09 22:08 - 0014902 _____ () C:\Users\Cecilia\AppData\Local\dd_vcredistUI48E8.txt
2011-10-09 22:08 - 2011-10-09 22:08 - 0014902 _____ () C:\Users\Cecilia\AppData\Local\dd_vcredistUI493D.txt
2011-02-07 19:40 - 2011-02-16 16:14 - 0004096 ____H () C:\Users\Cecilia\AppData\Local\keyfile3.drm
2011-05-12 13:14 - 2011-06-04 00:15 - 0001940 _____ () C:\Users\Cecilia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2009-08-27 20:31 - 2009-08-27 20:31 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-05-17 19:41 - 2010-05-17 19:42 - 0000252 _____ () C:\ProgramData\FastPics.log
2010-02-22 17:28 - 2010-05-17 16:48 - 0002494 _____ () C:\ProgramData\hpzinstall.log
2011-11-02 19:39 - 2011-11-02 19:39 - 0000071 _____ () C:\ProgramData\lxdu.log
2011-02-07 19:49 - 2015-01-05 21:14 - 0001651 _____ () C:\ProgramData\lxduDiagnostics.log
2010-05-18 09:41 - 2015-04-13 18:54 - 0194830 _____ () C:\ProgramData\lxduJSW.log
2010-05-17 19:30 - 2010-05-17 19:30 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-25 14:04
 
==================== End of FRST.txt ============================


#10 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 December 2015 - 03:15 PM

Addition.txt output:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Cecilia (2015-12-25 14:09:17)
Running from C:\Users\Cecilia\Desktop\FRS
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-07-30 04:55:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3113189444-1855527629-3296059688-500 - Administrator - Disabled)
Cecilia (S-1-5-21-3113189444-1855527629-3296059688-1000 - Administrator - Enabled) => C:\Users\Cecilia
Guest (S-1-5-21-3113189444-1855527629-3296059688-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 Premier (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.5 - )
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0.1 - Microsoft Corporation) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Troubleshoot & Resolve Tool (HKLM-x32\...\ATT-SST) (Version:  - )
att.net Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2602 - CyberLink Corp.)
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocMgr (x32 Version: 100.0.201.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 10.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Facebook Plug-In (HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
File Helper 2.5.2.0 (HKLM-x32\...\{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1) (Version:  - Blitware Technology Inc.)
GameXN GO (HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\Game Organizer) (Version:  - GameXN AS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (HKLM-x32\...\{B84739A3-F943-47E4-95D8-96381EF5AC48}) (Version: 5.7.0.2945 - Hewlett-Packard)
HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
HP Document Manager 1.0 (HKLM\...\HP Document Manager) (Version: 1.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP MediaSmart Demo (HKLM-x32\...\{290CA856-3737-4874-864B-BA142F4823C8}_is1) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.2.2719 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2809 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}) (Version: 2.1.12 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Remote Software (HKLM\...\{5F240DB8-0D74-4F13-86C3-929760392A8D}) (Version: 1.0.5.0 - Hewlett-Packard)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 3.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Support Information (HKLM-x32\...\{1CC069FA-1A86-402E-9787-3F04E652C67A}) (Version: 10.1.0001 - Hewlett-Packard)
HP Total Care Setup (HKLM-x32\...\{784BEA84-FA66-4B19-BB80-7B545F248AC6}) (Version: 1.2.2854.2975 - Hewlett-Packard)
HP Update (HKLM-x32\...\{47F36D92-E58E-456D-B73C-3382737E4C42}) (Version: 4.000.013.003 - Hewlett-Packard)
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1402 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1402 - CyberLink Corp.) Hidden
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version:  - Lexmark International, Inc.)
Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
LightScribe System Software (HKLM-x32\...\{7F10292C-A190-4176-A665-A1ED3478DF86}) (Version: 1.18.3.2 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Memorex Mirror for Photos 1.0 (remove only) (HKLM-x32\...\Mirror for Photos) (Version: 1.0.3.0 - Imation Corp.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{3E061CBA-1DBB-45DD-8873-D100072ADCAD}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{AF5020D9-116A-46AC-A922-087592F37EC9}) (Version: 3.1.8.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.5.15 - Symantec Corporation)
OCR Software by I.R.I.S. 10.0 (HKLM\...\HPOCR) (Version: 10.0 - HP)
PC Registry Shield (HKLM-x32\...\{4A2CE9C0-57DD-4A1C-A216-4DBD95814D08}) (Version: 2.0.4 - ShieldApps)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.12 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2602 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.2602 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2611 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.2611 - CyberLink Corp.) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.6 pywin32-212 (HKLM-x32\...\pywin32-py2.6) (Version: 2.12 - Python Software Foundation)
Python 2.6.1 (HKLM-x32\...\{9CC89170-000B-457D-91F1-53691F85B223}) (Version: 2.6.1150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.11.13348 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.3508 - Sling Media)
SlingPlayer (x32 Version: 2.0.3508 - Sling Media) Hidden
SmartWebPrintingOC (x32 Version: 100.0.189.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Start Savin (HKLM-x32\...\35450_Start Savin) (Version: 1.0 - Stunning Apps)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.13852 - TeamViewer)
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000_Classes\CLSID\{939A0D04-0E07-48FE-A463-6623B70C3A96}\localserver32 -> "C:\Users\Cecilia\AppData\Roaming\ValueApps\IE\ValueApps.exe" => No File
 
==================== Restore Points =========================
 
12-11-2015 10:19:46 Windows Update
13-11-2015 00:00:00 Scheduled Checkpoint
16-11-2015 21:17:09 Windows Update
17-11-2015 22:09:03 Scheduled Checkpoint
18-11-2015 17:40:51 Scheduled Checkpoint
19-11-2015 17:05:13 Scheduled Checkpoint
23-11-2015 15:01:00 Windows Update
28-11-2015 21:39:16 Windows Update
29-11-2015 12:38:33 Scheduled Checkpoint
30-11-2015 18:16:26 Scheduled Checkpoint
02-12-2015 21:55:57 Windows Update
04-12-2015 23:03:16 Scheduled Checkpoint
07-12-2015 16:39:47 Scheduled Checkpoint
08-12-2015 15:37:19 Windows Update
09-12-2015 15:39:44 Windows Update
17-12-2015 17:45:49 Windows Update
22-12-2015 21:43:45 Windows Update
24-12-2015 14:49:12 Scheduled Checkpoint
25-12-2015 10:30:04 Revo Uninstaller's restore point - FromDocToPDF Internet Explorer Toolbar
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:34 - 2015-12-25 12:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0048B057-31F1-431E-A487-D8CDB1F6BE6B} - System32\Tasks\{38B45B61-885E-4DD9-B1C1-048089A13E9F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {01066429-9363-48AE-979E-A03026E965D5} - System32\Tasks\{5700942D-E9D4-46C6-A944-686EBD3DB155} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {03C146D8-9FD8-4D06-BC44-74BEBB9AFA1D} - System32\Tasks\{2AA2CB6F-22DE-408F-BF62-EABF9F7B180C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {0413F943-8A76-44BC-BC5E-3CA0C56E05F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {057B3BDC-CE55-4AB7-903A-CE6BD3A3813E} - System32\Tasks\{E44AFEE5-8173-4218-902E-57CFAF2344EB} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {09C9BEF8-30A9-4C7C-98B6-BCE4D6F15939} - System32\Tasks\{AD69E3CA-A70A-4D0E-9968-4D2FFC355F39} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {0F0E459F-49AD-4198-9A37-2AC6E39D5F33} - System32\Tasks\{47C5BCFF-0DB6-4CFA-8BA3-76B3F9C51B43} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {1142E888-D667-47D5-AC7C-6DA5BA00E2C1} - System32\Tasks\{0AA293C1-7310-4CD8-93FC-11AEC9C8C6BF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {115E091D-F411-4005-BD23-F6386C7D75A4} - System32\Tasks\{08595049-C274-4B4A-8A41-F2E5848360BF} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {12897DFB-A0F6-4151-B80B-50DED6B690B3} - System32\Tasks\{B108A115-02D3-4B15-9BBA-C6E427FA81C6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {1426F983-0005-46C0-A302-33DD4C4BA6A9} - System32\Tasks\{ACB3BAE4-5F15-4952-B6FF-2A4AC7708D06} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {15D4786A-4884-4525-BBE6-E095D8A0242D} - System32\Tasks\{B169766B-CA06-46B3-AEFB-9908AFE12BA3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {1ACA622B-1E5A-4454-A3A7-9737AF96C7B6} - System32\Tasks\File Helper => C:\Program Files (x86)\File Helper\1.1.0.1\FileHelper.exe [2009-08-27] ()
Task: {1DF8CCE2-10BB-45AD-99B1-05A32E28EE40} - System32\Tasks\{205A6264-3AE4-4814-AA3D-C9CC6343C48F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {1E73E133-5440-43DE-83E8-57BF10D6F8F8} - System32\Tasks\{7260E2E3-A6F2-4C70-B87A-4B026CEF6095} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {1F89A185-37D0-4950-821A-9FA4F466C7E8} - System32\Tasks\{AE4F93EE-49C9-464D-BF49-C69DADEDB221} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {201FE153-3ED5-46C2-B77E-695FF9037774} - System32\Tasks\{6D84D16B-A07F-42C7-A59F-305B5241523A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {21376DDD-36A1-46EB-AE9D-56E9ACB4A251} - System32\Tasks\{24B8995B-A10B-4A5E-A19B-AE28C557EE8F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {22BD4D58-39C2-492A-8FCF-566A86FEBDA6} - System32\Tasks\844a17a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup2219448224.exe <==== ATTENTION
Task: {25D3653D-61A5-4B28-97C8-9FF4E6716516} - System32\Tasks\44d487a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup1154779040.exe <==== ATTENTION
Task: {270EBBE7-24DB-49C6-8089-09A1F9B64DB3} - System32\Tasks\24d2e3a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup617800608.exe <==== ATTENTION
Task: {2F05737A-45B4-476D-9F8B-AAA0DBE556D7} - System32\Tasks\{DEEA1DE1-404A-4595-864F-9837AF6BEBEE} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {2F980C7E-F0AA-4E74-9AC4-62177BACD3EA} - System32\Tasks\{3EA5C8C9-C044-4EEA-9D35-8BDCAC8B7BB0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {3150EB7B-AD42-4FC1-9A1A-03564F8B4E00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3182C6B8-8871-4979-891D-81EE2BBA6138} - System32\Tasks\{7728EACA-AE30-4F14-8859-9423D8B70EC3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {3AFBCCD8-82C2-4DDF-B565-4F73256B31B3} - System32\Tasks\119cdda0 => C:\Users\Cecilia\AppData\Local\Temp\\setup295493024.exe <==== ATTENTION
Task: {3BEA0DF9-C1E1-4259-B80E-FD3A7382BEE8} - System32\Tasks\{1CA0C5C3-F9A5-4636-8BB4-F538BE5AD633} => pcalua.exe -a "c:\Poker Application\_uninstallation_info\UB\CasinoUninstall.exe"
Task: {410373F8-5584-449F-86EC-3C530C0F51A3} - System32\Tasks\{7E49CC95-E700-494D-9946-0E05F1B3E7E4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {415BA5E5-2535-470E-A353-EE580856E1E5} - System32\Tasks\{AC7C6421-17EC-4C37-81AE-20C5F558CFB5} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {47511D29-D8A3-4BD1-AD99-73D640A422B6} - System32\Tasks\{A2914907-D829-435B-BD01-4EBAA282C710} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {4752F166-61F9-40EA-B17C-04BDBD72927F} - System32\Tasks\c37ee5a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup3279873440.exe <==== ATTENTION
Task: {47925880-A724-462B-BB1C-2163F235D2A5} - System32\Tasks\e6261fa0 => C:\Users\Cecilia\AppData\Local\Temp\\setup3861258144.exe <==== ATTENTION
Task: {48F2FA9B-AD90-4F6D-A983-39402438787B} - System32\Tasks\{72751804-41D5-4C8A-BFB7-67E75F4921C2} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {4E6EE2E4-C794-4429-AC38-30913814DB7B} - System32\Tasks\{8911ED1B-EEB5-4859-98B0-F7EE820411E3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {4F098CC9-5659-4473-9797-5993BD8EEA53} - System32\Tasks\589823a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup1486365600.exe <==== ATTENTION
Task: {4F79DE69-19B0-4A48-AD1F-131AA5E1F567} - System32\Tasks\{86B18DAD-82F9-4DF9-AC2B-9320E62D7412} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {5396D6B2-E50B-4B32-A2D3-F5A256D07EE6} - System32\Tasks\{E09813C4-51A2-4A59-9738-F8807FD68957} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {5517AD77-0358-4421-89E0-13F5B5ACFC1A} - System32\Tasks\{943518A0-B6FF-4A7C-B6AA-C661BB0B1961} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {5716789E-1398-44BC-9A4C-EBD45FA992A8} - System32\Tasks\{FEA424FE-81FD-40C5-9038-A3219814FC30} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {5A1F6FD3-1454-46AA-A3C9-8790E4DD04A1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {5AF7D24E-1766-46D6-AFD2-D1A50629F091} - System32\Tasks\{C7E51819-7B75-4323-A15E-554AA99E27FD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {5CFFF0FE-8FBA-4B27-B636-113A6B3142C8} - System32\Tasks\{3A900C2B-7B53-47AD-A1B0-9FDA07DDC98D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {5D7D322B-C800-477A-8521-29AC65442AA5} - System32\Tasks\{CD282396-D081-4A2E-BD36-1A69D7E795D1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {5F283607-F4A5-446C-BA6E-0B38A6562D14} - System32\Tasks\{6BEC2E3E-C8C1-4677-9752-89A081DF81FD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {6062E1FC-9777-47B7-BF4F-38C81570AFA2} - System32\Tasks\{D37A5F53-A536-425E-9A0D-E8449BEA4B80} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {640B7508-C9C4-45AE-BE35-754A5692211E} - System32\Tasks\{86F4C591-FD1D-4312-857A-A58712D1BB7D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {6692EC31-1970-4E9D-BAD8-51065F9DF88C} - System32\Tasks\{7FB2F4A0-AD0D-4D73-B247-E2E428227A82} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {6B76B74B-AFAF-41A8-A93B-3B63E70923E0} - System32\Tasks\{DC0535AC-DF7B-45A8-96E1-5546E17BF7B7} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {74751691-69E7-4A55-A71E-96ED8029ECBC} - System32\Tasks\{9641B05E-D599-4A5E-98AF-800F1E5094F8} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {74EF7FBC-253E-47B7-990F-7D0B99CB3C69} - System32\Tasks\{77697D0C-D5EE-4A1F-B64F-1F74CEABCFE3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {75944DDB-D7E8-40FA-A0D4-4E9121201CA2} - System32\Tasks\b96cf7a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup3110926240.exe <==== ATTENTION
Task: {78635016-9381-49B9-B6D7-B2A3645841C3} - System32\Tasks\{76B80F5A-0AFF-4541-8EEE-DC089472A8FA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {78B0A506-5D71-4711-938C-15178D1EE727} - System32\Tasks\2624f1a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup85843360.exe <==== ATTENTION
Task: {7AAC8501-D96F-4095-8663-D42F71C14495} - System32\Tasks\d1085ba0 => C:\Users\Cecilia\AppData\Local\Temp\\setup2952873888.exe <==== ATTENTION
Task: {7BFB4EC3-0987-4999-A13F-247A0863ECBD} - System32\Tasks\{AB855542-035E-4A8C-B69D-D9E03CA013F3} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {801FE30A-0A3D-4F31-9DFC-A9818CA95123} - System32\Tasks\{DEA57F4B-4E0B-40F3-A41C-999D8A218DA1} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {8249F8BC-708B-4DE2-A9C0-E5873C61B68A} - System32\Tasks\{1E3FCCC3-52DF-41BA-A490-E847D922CA6D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {861666C4-B024-4A09-91CE-4ACD05E6D5E4} - System32\Tasks\{60A7F4F6-4DD7-4F0D-B8A2-827879B20B7D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {8C02482E-FF2B-404A-A864-E26B92B37D90} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {9134C84C-16C6-4C2C-8438-3268384C1294} - System32\Tasks\{0AA39515-A738-4F86-A65E-B08FC04946BE} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {93120896-5045-40C1-8419-8509EE5876D2} - System32\Tasks\{A9188FA6-9476-416F-82C7-235A8E869F89} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {97DA29CA-12DF-4833-866F-CC17AD22A2D9} - System32\Tasks\{1D2BE89E-3E99-4D01-9E3D-73CA2212B8BD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {982000F5-2DF8-4BD5-AD5B-2A6E438048CD} - System32\Tasks\{C744651F-C517-43E6-B45F-ADBED783E29F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {9E01BBDE-A13E-476D-B230-CA1AF0B71BBB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
Task: {9E578F77-68B5-4518-AFBE-CCFFE7486772} - System32\Tasks\{444F2DF0-6BC6-41A9-A26A-547F7D5F64BA} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {9E6ECAA5-A2F3-46AB-BBDF-B0BAC40B1151} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A88EAED3-E33F-475B-A2C6-5AB0F45DE576} - System32\Tasks\{C219C1B1-B0CB-4480-BBDA-02567495254B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {AACC759A-EB7B-4888-9D9F-0666B8273589} - System32\Tasks\e3eb7da0 => C:\Users\Cecilia\AppData\Local\Temp\\setup3823861152.exe <==== ATTENTION
Task: {AF55724F-ABB3-46A4-A80A-DBE1A0D85BF9} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2009-09-04] ()
Task: {AF9C74BA-D85A-4301-A455-4ADF467E6062} - System32\Tasks\{D7172D3E-B38D-4989-827B-69222C6B7E61} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {B57836A3-2EB8-46C0-997A-71B607C90EDA} - System32\Tasks\{D497A615-2FCD-40E3-9AB1-D2720D9EF559} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {B74E2B21-B07D-424E-911E-15971E13A20C} - System32\Tasks\{38094363-1F6C-442F-A737-8F881020024C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {B771FE26-3377-4B81-94D7-EFBC41DFE4CE} - System32\Tasks\{F157EC77-9345-493B-8A1B-AAA99089EF8C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {B7AE2C9F-45CC-4C8A-81C7-E134F8827EB1} - System32\Tasks\a8aadda0 => C:\Users\Cecilia\AppData\Local\Temp\\setup2829770144.exe <==== ATTENTION
Task: {BB45ADCC-7B8B-4A52-96F8-4644B6E485C8} - System32\Tasks\{EBBC48C0-5D27-450A-90FB-90D5EA38EAD6} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {C3AB36EF-57CA-4136-ABC3-D5B4E00E2C44} - System32\Tasks\{6F1CEA9D-967C-4B50-94E7-FD60E8DC79D0} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {C65AD6D7-32AD-468C-82EE-B4D1E5C103A1} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
Task: {C708D2A2-BB7A-4C42-B7B7-6E780565ABFE} - System32\Tasks\{87C5674C-981C-4EEE-8430-C4241B0EB40F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {C80ED26A-1F86-4E6E-8BDB-690D58D5137A} - System32\Tasks\b6d041a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup3067101600.exe <==== ATTENTION
Task: {CC6DF2C4-FF03-4A5A-A1B0-3DE6301A922D} - System32\Tasks\{81D4A8B2-E455-4CC9-8013-C7E0F9BD274B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {D6536A1A-648B-4CA9-AD58-61EFA8AD39C3} - System32\Tasks\829339a0 => C:\Users\Cecilia\AppData\Local\Temp\\setup1636574624.exe <==== ATTENTION
Task: {D9DA1B36-5429-478B-856D-BE45824BD137} - System32\Tasks\{05FB275F-11A1-4C39-B116-8DBD9C1DC386} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {DAE7506D-F990-4345-A8A7-31DB31FC1651} - System32\Tasks\{FB863C56-492D-4BDE-A37E-0C73A0A7B6DD} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {E07DB948-5158-46A9-92FF-2256E4048AAB} - System32\Tasks\{EE345736-8183-4A7B-B03E-89A381FE12E9} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {ED10D8A6-DC47-408C-A8D6-71A287BF7707} - System32\Tasks\{7100E2E6-5E71-45A2-8661-3F61156B3D7E} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {F5FB3B22-7ED8-4BC3-874F-F08D21EBF5F4} - System32\Tasks\{90B1CF0A-8FE0-47C4-8EFF-512B842286D5} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {F72755B6-E368-4B0C-88C4-811FBE28C50C} - System32\Tasks\ef5ecba0 => C:\Users\Cecilia\AppData\Local\Temp\\setup4015967136.exe <==== ATTENTION
Task: {F920CB84-E10D-43BA-8C73-537A075BB442} - System32\Tasks\{93C6CAF8-7EF3-40B4-A0E4-F9CFCC7498A3} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {F9E5940D-C780-4ABA-BA3F-A115147A25D4} - System32\Tasks\60332da0 => C:\Users\Cecilia\AppData\Local\Temp\\setup1613966752.exe <==== ATTENTION
Task: {F9EBDDC1-ED70-4447-B28A-EDBDF459741C} - System32\Tasks\{D0F0D0C3-FD28-436A-8000-08DC40FCC7AC} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {FF31C831-B5F0-467A-B13C-F47428A53DD1} - System32\Tasks\{58D0ACD3-36F8-4ED2-B9E8-F695C2F10489} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {FFFC4D10-87DA-4916-ACD7-513CF009D5C5} - System32\Tasks\{68348740-6177-475C-BC92-00F7C39AC419} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\File Helper.job => C:\Program Files (x86)\File Helper\1.1.0.1\FileHelper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-05-17 19:46 - 2009-08-19 10:51 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2009-06-26 18:24 - 2009-06-26 18:24 - 00773632 _____ () C:\Windows\system32\LcProxy.ax
2010-05-17 19:38 - 2009-08-19 10:49 - 01400320 _____ () C:\Windows\system32\lxdudrs64.dll
2010-05-17 19:38 - 2009-08-19 10:49 - 00025600 _____ () C:\Windows\system32\lxducaps64.dll
2010-05-17 19:38 - 2009-08-19 10:39 - 00054784 _____ () C:\Windows\system32\lxducnv464.dll
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2009-02-06 14:11 - 2009-02-06 14:11 - 00172032 _____ () C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
2009-02-06 14:11 - 2009-02-06 14:11 - 00385024 _____ () C:\Program Files\Hewlett-Packard\HP Remote\Common.dll
2010-05-17 19:37 - 2009-09-04 01:51 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2013-01-20 20:36 - 2009-09-04 01:51 - 00025256 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
2009-02-06 14:11 - 2009-02-06 14:11 - 00151552 _____ () C:\Program Files\Hewlett-Packard\HP Remote\MCStateSink.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-17 19:37 - 2009-09-04 01:36 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2010-05-17 19:36 - 2009-08-19 10:39 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2010-05-17 19:37 - 2009-09-04 01:36 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2010-05-17 19:37 - 2009-09-04 01:36 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2010-05-17 19:37 - 2009-09-04 01:28 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2013-01-20 20:36 - 2009-02-11 19:38 - 00028672 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2013-01-20 20:36 - 2009-02-11 19:38 - 00036864 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2013-01-20 20:36 - 2009-02-11 19:37 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2013-01-20 20:36 - 2008-03-24 22:53 - 00012288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2009-04-10 00:22 - 2009-04-10 00:22 - 00906536 ____N () C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2012-03-22 10:40 - 2012-03-22 10:40 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
2012-03-22 10:40 - 2012-03-22 10:40 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR250 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR250.SYS => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\...\$talisma_url$ -> hxxps://$talisma_url$
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3113189444-1855527629-3296059688-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Cecilia\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9BF142C6-891C-49F4-B49C-12C784975643}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{A9C90C77-53B2-43AD-801E-7D63878FCE33}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{623B5F91-2971-4D30-8E19-325205182159}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{22D72A4C-56B5-40F6-922D-CC474006D540}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{6A382EA3-7226-4CF1-8013-B9F1E1131EF6}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{38B03BFC-E977-47F6-8CF7-9932C6D77A51}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{C41792B7-74A1-4B71-A95E-5FC6301CA58F}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{DDB6FC7F-A999-4924-A20D-331BF65B627A}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{ECF9675D-3518-4CF3-BB06-414AD7ABAFB0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{04902B38-337A-4D74-ABD2-2265F40AC0C8}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{BBD2E7CC-024B-47EA-B306-0CA53669B8EB}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{78DD4538-2877-468B-AD17-B2E6A087E048}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{3675605E-605D-4D0D-BD08-72F1E1005B2E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{5012BFF1-8326-49AA-A1AD-4F949EA04852}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2A520733-4C0E-488C-B4A5-143E79064713}] => (Allow) svchost.exe
FirewallRules: [{56384E4C-596C-48E8-A731-70224D3BEA00}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{B36387D5-1A08-48D9-9EAF-E17B3850D3FD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{E72646A6-A645-49AD-AF4B-BC5C818AA2F0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{A6776FDB-5C4A-4FFE-B68F-916A2C132810}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{CDDDD442-6300-467A-BC24-1D771EDDCA27}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{C67F9E39-6DA0-422C-AD5F-D3B5BA91EB7E}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{99967F0D-4D30-4181-AE23-A20E9DFD5937}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{5823DF77-62C4-4FCE-8704-C51F89DADA03}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{536641AE-13B2-443A-90AC-B749D69A2446}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{068952DB-6D34-48A1-9F39-6C0A7A62DFEE}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{B6AF660B-DA6A-413E-9C9C-E7B315F588D2}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{23BD1752-9C40-4017-AB28-002819B1C903}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{902FD7DB-8571-4496-9A6D-1E156671CF5D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{2B6A1058-09D9-4368-8D96-65137099760D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{C7A82E36-7B90-430D-806D-C23FADECB526}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{63173231-7D9E-4052-A269-D19833A9C171}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
FirewallRules: [{A0166029-A117-4C5D-9194-ED1F0FDB51D1}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{A4F7702D-C844-4C89-8276-5E5A124A0584}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
FirewallRules: [{EB310FD7-C70C-42E5-99B4-7920B471E210}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{BEEABFAB-0CE3-4A33-8F3A-DDB44416692E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
FirewallRules: [{0343BC82-62DE-440C-8C9D-F299C9AC47CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{F66C0C48-F0A4-44A7-88CA-EED2776ED1B9}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
FirewallRules: [{6EB49FAE-3C79-4745-99CA-6BE6CD038E27}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{3C6DFB50-2AC3-4444-999C-620F0382BF5D}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{C8B441CB-322F-4D17-8308-D672AA50259B}] => (Allow) C:\Windows\system32\lxducoms.exe
FirewallRules: [{5FE9F6DB-C6C0-4DC3-A5D1-B2DED398368B}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
FirewallRules: [{BEE50CD9-C788-4470-A998-E571C8F67ED4}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
FirewallRules: [{D98BF1C4-0D17-4E1B-8D0D-A36A0ECD8DB2}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{B47BAF44-B454-40CF-ACAA-B270C252ABA3}] => (Allow) C:\Windows\system32\lxducoms.exe
FirewallRules: [{8F62776F-E3B6-4A70-9061-626EF08A7092}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
FirewallRules: [{FB6B9848-32FB-48DB-BB33-FE18F7FBEDBE}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
FirewallRules: [{9B43D45C-8A80-41FD-946F-94AEB50A7AFC}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{E7CB0114-0EBE-4568-BEA1-7843B73CA921}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{E4A1C529-501B-4BFF-A5D1-74C1BEB10031}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{58D6F092-E5E4-4C9C-99D5-99E113B25D39}] => (Allow) C:\Windows\system32\lxducoms.exe
FirewallRules: [{A18A393C-B46D-41DD-964C-DCA3E87C7DAE}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdupswx.exe
FirewallRules: [{63654883-42B6-4B1E-AA70-3330E954D110}] => (Allow) C:\Windows\system32\spool\DRIVERS\x64\3\lxdutime.exe
FirewallRules: [{8E9BE3D6-2FC8-4A12-9B08-FBC36E5E3323}] => (Allow) C:\Windows\SysWOW64\lxducoms.exe
FirewallRules: [{94246F9E-7A45-4C95-86FF-7F0F6AA128D7}] => (Allow) LPort=80
FirewallRules: [{B91E7C9D-3C05-4B26-8A65-EE566EFC78CC}] => (Allow) LPort=80
FirewallRules: [{97B4F6C1-1669-40B4-B28D-4DC8792D3D57}] => (Allow) LPort=80
FirewallRules: [{BE97ED15-DAB2-4B05-B431-5F3852892918}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{2D1CE515-4298-4F9D-B342-76DC37ECA701}C:\users\cecilia\appdata\roaming\uglau\yton.exe] => (Block) C:\users\cecilia\appdata\roaming\uglau\yton.exe
FirewallRules: [UDP Query User{00B6192B-2F3A-4A7B-9CAD-8415CFA41E6A}C:\users\cecilia\appdata\roaming\uglau\yton.exe] => (Block) C:\users\cecilia\appdata\roaming\uglau\yton.exe
FirewallRules: [TCP Query User{861AC798-BE64-43BB-8108-72A69502949B}C:\users\cecilia\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\cecilia\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{71DE8531-A6E0-4874-A3C1-C5309244698B}C:\users\cecilia\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\cecilia\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{882A11F9-BB97-49EB-917D-19BB46D39E03}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
FirewallRules: [{3AC8D6FA-B51A-4E9B-BE00-E32DD64F7C61}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
FirewallRules: [{D727B927-04E7-4B66-B3A5-453F846A3E1C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4A69A66-6EB7-495A-964F-46108A6F80A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{79291132-6568-4D99-9F88-727740C1C090}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{841FACB5-6BC5-4FFB-81E1-16C0AFAF6571}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E16B84D-82F2-44B4-BC4B-A716E52EA1CB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{97E9FC24-547D-46FA-88B8-D5E51F83D2A4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{604B523C-73F2-4BCD-BDA7-0A446DF34844}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{BA7DD79E-A199-438E-B5C4-1F107B66AC8A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{C67D3CF0-8AC5-4A5B-95E7-77F35A4166C5}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8A5675F1-F39A-48F9-A5F4-E60B91F56FD3}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{562CF502-AB58-45CB-B090-78357C14F825}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{39AA9BB4-A843-469B-B3C3-C9310DEFBE21}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe
FirewallRules: [{891A1407-ACC9-49B5-865F-2F0E05A843FD}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{1AD926AA-EF36-4458-B4D0-B0DE2AD4474B}] => (Allow) C:\Program Files (x86)\Lexmark 5600-6600 Series\frun.exe
FirewallRules: [{62460E72-3246-41D2-9E39-0A66B8F6DEA2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{40EFC454-4E71-4A93-A2FD-721F5951D8C6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{D4E60F19-5384-4E00-8A1A-632CD079322C}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
FirewallRules: [{0088D33C-9007-4D76-81E8-53F391F84485}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{8BBC90B7-8EFA-4A43-A25C-B86288E83E9D}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
FirewallRules: [{1A4EFBD0-CD9D-4775-A56D-E7CB4827A0D1}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{681996BE-7EB0-4B37-825C-C8E7C3019EB3}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
FirewallRules: [{6941F16D-49ED-4DC9-8B7B-746EA8FCC98A}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{94855DF2-FBF7-43EB-9A24-B5987F9F028C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1C3C2E17-E73E-4E38-A3EA-75C2B7EE1B2E}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
FirewallRules: [{611D46CB-0FD4-4BF0-81D6-97EA3097481F}] => (Allow) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/25/2015 01:59:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/25/2015 01:51:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Safari.exe, version 5.34.57.2, time stamp 0x5009256b, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000,
process id 0x18f0, application start time 0xSafari.exe0.
 
Error: (12/25/2015 12:05:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NircmdB.exe, version 2.3.5.189, time stamp 0x49ec5532, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0xf78, application start time 0xNircmdB.exe0.
 
Error: (12/25/2015 12:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NIRCMD.exe, version 2.3.5.189, time stamp 0x49ec5532, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0x16b4, application start time 0xNIRCMD.exe0.
 
Error: (12/25/2015 12:00:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NIRKMD.3XE, version 2.3.5.189, time stamp 0x49ec5532, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0xdc4, application start time 0xNIRKMD.3XE0.
 
Error: (12/25/2015 12:00:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NirCmdC.3XE, version 2.3.5.189, time stamp 0x49ec5521, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0x16e0, application start time 0xNirCmdC.3XE0.
 
Error: (12/25/2015 12:00:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application handle.3XE, version 3.42.0.0, time stamp 0x492312a9, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0xa14, application start time 0xhandle.3XE0.
 
Error: (12/25/2015 12:00:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rmbr.3XE, version 0.0.0.0, time stamp 0x4cd6dda5, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0x1140, application start time 0xrmbr.3XE0.
 
Error: (12/25/2015 11:59:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application setpath.3XE, version 0.0.0.0, time stamp 0x45e2fb15, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0xfd4, application start time 0xsetpath.3XE0.
 
Error: (12/25/2015 11:59:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NirCmd.3XE, version 2.3.5.189, time stamp 0x49ec5532, faulting module ntdll.dll, version 6.0.6002.19514, time stamp 0x561e7b31, exception code 0xc0000005, fault offset 0x0006f40f,
process id 0x162c, application start time 0xNirCmd.3XE0.
 
 
System errors:
=============
Error: (12/25/2015 01:59:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
 
Error: (12/25/2015 01:59:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt
 
Error: (12/25/2015 01:59:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (12/25/2015 12:48:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (12/25/2015 12:46:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/25/2015 12:42:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (12/25/2015 11:06:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: HP CUE DeviceDiscovery Service%%2147500037
 
Error: (12/25/2015 11:06:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
 
Error: (12/25/2015 11:06:13 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (12/25/2015 11:04:37 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:00:08 AM on 12/25/2015 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-25 14:09:08.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 14:09:07.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 14:09:07.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 14:09:06.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 13:59:43.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 13:40:10.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 13:40:09.457
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 13:40:08.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 13:40:08.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-25 13:40:07.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 58%
Total physical RAM: 4084.27 MB
Available physical RAM: 1710.53 MB
Total Virtual: 8379.8 MB
Available Virtual: 5574.02 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:452 GB) (Free:139.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.76 GB) (Free:1.94 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:32 PM

Posted 26 December 2015 - 10:35 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 26 December 2015 - 10:58 PM

Here's the report from ESET Scanner. Took a long time to run but it finally finished. 

 

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2f2616db3bfb9c43ae3fce0e09a8ca74
# end=init
# utc_time=2015-12-26 11:24:43
# local_time=2015-12-26 05:24:43 (-0600, Central Standard Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 27369
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2f2616db3bfb9c43ae3fce0e09a8ca74
# end=updated
# utc_time=2015-12-26 11:26:58
# local_time=2015-12-26 05:26:58 (-0600, Central Standard Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2f2616db3bfb9c43ae3fce0e09a8ca74
# engine=27369
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-12-27 03:45:24
# local_time=2015-12-26 09:45:24 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=3589 16777213 100 57 1450324 213694509 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 0 287786630 0 0
# scanned=578820
# found=74
# cleaned=0
# scan_time=15505
sh=E262DCB663133609DD976740F886911FD404FEE1 ft=1 fh=a04ae9518bd8f7b0 vn="Win64/Toolbar.Conduit.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll.vir"
sh=0FADB783C6C38284E5819BCADED2A1C50503F7AF ft=1 fh=fcdd72b19b62f8d2 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\BService\1.1\bhelper.dll.vir"
sh=5785D6C6E75AA06C941AB3EADBEAE27621BD46B4 ft=1 fh=9ec2a58209724da4 vn="Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Proxy\proc.exe.vir"
sh=F6737481135233960131B48FA9BD074CB53DDCA1 ft=1 fh=c71c00118427ae51 vn="a variant of Win32/AdWare.SmartApps.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Proxy\pwdg.exe.vir"
sh=FF6C5A8C29C241FF6473F523BBC503CA71495828 ft=1 fh=b00fb477ddfbb081 vn="Win32/AdWare.SmartApps.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Bench\Updater\updater.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=0E31E57E91102BC37D9258F7F2F534E9AAA8FCF4 ft=1 fh=63d0b6f83f0b1af7 vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65bar.dll.vir"
sh=D254D90B2FF23EA90CEF3489EE3F37C85302575A ft=1 fh=938f246d5d9c59f7 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65barsvc.exe.vir"
sh=1C40960702BF29E2F157AB54165504E7274F4487 ft=1 fh=382371303252231f vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65bprtct.dll.vir"
sh=F29B52782D5610955A51EEED0B942D4B62B5F167 ft=1 fh=b93a99a52327b9b2 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65datact.dll.vir"
sh=2EF74B0B0318FAD6AC96A55D0E920D9D19C711DD ft=1 fh=0b435f4a11bdc8c0 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65dlghk.dll.vir"
sh=E335A900B93A574E7F1839BC3C758D50E28368D5 ft=1 fh=0c33610e46d2d18b vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65dlghk64.dll.vir"
sh=B69B3DC082507BADF06EE3BA6F6A961DA02325CD ft=1 fh=bfc12436271351c2 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65feedmg.dll.vir"
sh=024746022F2ACD0A47391A2F113AEAE1A2B5B0D8 ft=1 fh=7bb195e761813550 vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65highin.exe.vir"
sh=79ED27974BD9D62FC88B3B829617326F376209C1 ft=1 fh=2c48de0197e4012a vn="a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65htmlmu.dll.vir"
sh=760C137B64083DEB4A451E5D7002A58A1D9B23F1 ft=1 fh=53138d3d623a631c vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65httpct.dll.vir"
sh=B32B67DA0CCF7063140D218B4FE12DD47273DF6D ft=1 fh=007a95ad917b245d vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65idle.dll.vir"
sh=53CC291A7DC7FF946319CF9C85764088769EBD57 ft=1 fh=f30e67def34384ed vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65medint.exe.vir"
sh=E690DAE696691C326BADAA9BD71F1F8691A32532 ft=1 fh=4f662c767cf3d7a1 vn="Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65mlbtn.dll.vir"
sh=CAB6AFE13E13F2A78443DE2880F8D78A42DF905F ft=1 fh=a20766c36a50cc8d vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65Plugin.dll.vir"
sh=E17B4768A91FC15243863C38C64D9B317B5BE754 ft=1 fh=6617b26e59147bc1 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65regfft.dll.vir"
sh=E72CB20D6BF9ED114DE6F0DC788E9E122E61E39F ft=1 fh=f78279cea7eb22c8 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65regiet.dll.vir"
sh=2CFF64646D09E059719EBEABA7FDCCF1B0011FE8 ft=1 fh=e7e2b5f114c9e771 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65script.dll.vir"
sh=CA039495CF1C93EC9CF9CE64D2F72FA5D95C673A ft=1 fh=bd991e43e014d910 vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65skin.dll.vir"
sh=CE68CF07627258B4CDCC086198947744E53F47C8 ft=1 fh=d3e77ece8caefe2d vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65skplay.exe.vir"
sh=CB2894302BDD804E9512C57787B3810C844F8F51 ft=1 fh=89ad719dfa5c40cd vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65SrcAs.dll.vir"
sh=B355592CAE253F6CA01DCCBC57ECE90C831E7283 ft=1 fh=a41538cfcdf235dd vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\65tpinst.dll.vir"
sh=486DC6BD4D21E3994BECF3D7DCEF8388612C7534 ft=1 fh=8876937c1aeab50d vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\APPINTEGRATOR.EXE.vir"
sh=90FBDCEF043452061EFACAC429C5BE208C81126D ft=1 fh=690ec1f68310ac0c vn="Win64/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\AppIntegrator64.exe.vir"
sh=FEC5A95CF834A78FFE7C840061168D865B676B34 ft=1 fh=bc1c99c4ff49239d vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\APPINTEGRATORSTUB.DLL.vir"
sh=A2079FF5FEEC529864CA1CEBE34C147D6D7743DC ft=1 fh=d7aa925d675e2ef6 vn="a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\AppIntegratorStub64.dll.vir"
sh=1BE4139309CA90C7CCCAB057F7578EBC70D44E81 ft=1 fh=f3db83bea5776c0b vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\ASSISTMONITOR.DLL.vir"
sh=2686BBAA1CA358494D8C23E4AB13CC1F8D5F3284 ft=1 fh=5cbd801bada25e50 vn="a variant of Win64/Toolbar.MyWebSearch.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\ASSISTMONITOR64.DLL.vir"
sh=18983D5550F2B65085DF9D0474AF9ED9B78BE316 ft=1 fh=2c9b8882b1cb5a2c vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\CREXT.DLL.vir"
sh=1C593D71DF706AFBBE21115EA4F837E11745FF40 ft=1 fh=46de0f23a0cc3b52 vn="a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\CrExtP65.exe.vir"
sh=F1A18F94D18FBD9AA338BB836393EC02FE656074 ft=1 fh=3da1201ac44f6d08 vn="a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\DPNMNGR.DLL.vir"
sh=3BC8BCC64D6B6FEB0ABF9A34EED3572884B212C5 ft=1 fh=5615086737c7b669 vn="a variant of Win32/Toolbar.MyWebSearch.AO potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\FF-NativeMessagingDispatcher.dll.vir"
sh=E5A8C8C71091AC97E0A5068B8F711A7BC5ED5232 ft=1 fh=2fa00fca290d5c11 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\HiddenToolbarReminder.dll.vir"
sh=B4DA627BB3F631A1A8A432361AE6F8B780F473E7 ft=1 fh=89092dc11c7dce1c vn="a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\HKFXMGR.DLL.vir"
sh=3FDD576A2841E9CED7B4ADCDFEDCE32219CA895F ft=1 fh=bb93073cda74ebd0 vn="a variant of Win64/Toolbar.MyWebSearch.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\HKFXMGR64.DLL.vir"
sh=F544D98953FE424102B8962377D85E1E1E645085 ft=1 fh=cca6509c21ee400f vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\INSTALLENABLER.DLL.vir"
sh=472B82F1BBEBE6C6D0D904ADC5EC7BBED92B2929 ft=1 fh=b8f59ec898673f96 vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\T8EPMSUP.DLL.vir"
sh=1A5C1415D0EF3BDA64B2CD2A5BDC8BBBA888701A ft=1 fh=6376aadf8f42244a vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\T8EXTEX.DLL.vir"
sh=BB81D3135913CB537D9EB348A405B6F12DCC9555 ft=1 fh=c5ee5ff26ba650b4 vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\T8EXTPEX.DLL.vir"
sh=FACDC2EBEFD09FED1C5258DA29A0387923CC4D38 ft=1 fh=452bea108008e126 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\T8HTML.DLL.vir"
sh=A6D346A90C4BC15855C1DEB957754819E2870A15 ft=1 fh=edb78b614c4c04aa vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\T8TICKER.DLL.vir"
sh=CCA403A19B273E524839834D28FEB80E13E1DC09 ft=1 fh=d7d10012832458b1 vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\TOOLBARGUARD.DLL.vir"
sh=00832166C0F30C169544DE2A1816A9A828FFFFE7 ft=1 fh=18c603fd2d4aeada vn="a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\TOOLBARGUARD64.DLL.vir"
sh=8C6A4F16F3A762D58CA1A630A0DA43F9F51AD6A8 ft=1 fh=ba45f1ef305529a0 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\TPIMANAGERCONSOLE.EXE.vir"
sh=DEBD489EC9417D0DDF71AF514C29FC1DE77C91F7 ft=1 fh=1eb1e8397ba0fa43 vn="Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\VERIFY.DLL.vir"
sh=9D8074F615DE95A691CF3269B0C82D53163BE9E8 ft=1 fh=8150ccb43407d896 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\APA\ARBITER.DLL.vir"
sh=475586B2556B7586924DA49F1E3727A835383337 ft=1 fh=bcbea803cfe4d818 vn="a variant of Win64/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\APA\ARBITER64.DLL.vir"
sh=9B37E8516BC47DC3E7B158518BE44B5C0CADB43E ft=1 fh=98ffd67e2355f51a vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\APA\bar\ASSIST.EXE.vir"
sh=DA72759444740C0C13ECBB7C7605004EC269CCCA ft=1 fh=18b4be28de0d6acf vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\APA\dialog\ASSIST.EXE.vir"
sh=C22930AAAA268BB3666487BBE7196B2DD5750293 ft=1 fh=5c8487b7aac1ae7e vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\ie_default_search_provider\ARBITER.DLL.vir"
sh=E36778F4F8A0B19FF3CF84387DECBA5C30AD5282 ft=1 fh=f6938dcd88badaec vn="a variant of Win64/Toolbar.MyWebSearch.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\ie_default_search_provider\ARBITER64.DLL.vir"
sh=B358022D97C76D1F094B68203476FA339EC9341C ft=1 fh=20a74fefcae86859 vn="a variant of Win32/Toolbar.MyWebSearch.AF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\ie_default_search_provider\ASSIST.EXE.vir"
sh=1159D6F2876C3C7D8AF57CBAC1E1B765E2612C7D ft=1 fh=0fff37d516c9255a vn="a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\ie_enable\ARBITER.DLL.vir"
sh=6D70C453BFEF9ED0C5BDEADCCA2F0B3CD4989729 ft=1 fh=c4db26e43772fc12 vn="a variant of Win32/Toolbar.MyWebSearch.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FromDocToPDF_65\bar\3.bin\assists\ie_enable\ARBITER64.DLL.vir"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.31.4.510_0\APISupport\APISupport.dll.vir"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe.vir"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cecilia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.31.4.510_0\plugins\ChromeApiPlugin.dll.vir"
sh=7EE962C3E4ED030820847910E2B25BC9508B7EC2 ft=1 fh=9de7da2d6d70e030 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Cecilia\AppData\LocalLow\FromDocToPDF_65\bar\Cache\000C2C6C.vir"
sh=86A59CA365945FC2C07FA26489B10BFAA7707D17 ft=1 fh=853eeb18c1db5e7e vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\SysNative\roboot64.exe.vir"
sh=CA3FBFC74CB721AC48E02B85FF17D7FD7055A536 ft=1 fh=7f1c9292562352eb vn="a variant of MSIL/Rebrand.LittleRegClean.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\wrapper_inst\file_to_run.exe"
sh=97EDB1723A7DBB7223170A02B516C8C5313E2D4C ft=1 fh=aecbe3f93d84b707 vn="Win32/BundleInstaller.A potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\torrent.exe.vir"
sh=5B64181AD68154943DD0E97FEE49F45AF208D006 ft=1 fh=bc5cc5574d43bb23 vn="multiple threats" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\runonce\StartSavin.exe.vir"
sh=4E5D12FAB2786871CA20B14F458C845B0345333F ft=1 fh=628eb5d53f43006b vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Temp\valueappsinst.exe"
sh=DBC05F7623BBC2EECEAB4BAA62240EF924D69F00 ft=1 fh=d74cff8b5c77cf69 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Temp\user\valueappsinstaller.exe"
sh=2DE0C109628E36F85737D58B332B9A57493A2DEC ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2010-0840.AC trojan" ac=I fn="C:\Users\Cecilia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5accb09b-7a122ba0"
sh=3267038418831A7D7510D9A2BA86153A840CA70C ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Cecilia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\14cb5164-2d703ede"
sh=3CC24DCA34CF40485E3CC32BE4F5834583B205D1 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2011-3544.AZ trojan" ac=I fn="C:\Users\Cecilia\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2628e946-73ab5740"
sh=1BCA7B672F17743B0ECDCF08FC97C22C776F67E3 ft=1 fh=b30ab8dcfceb6496 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Cecilia\AppData\Roaming\Blitware\FileHelper\updates\55ac37e42bc8bb128a2e15ea7fb0c0cf\55ac37e42bc8bb128a2e15ea7fb0c0cf"
sh=1BCA7B672F17743B0ECDCF08FC97C22C776F67E3 ft=1 fh=b30ab8dcfceb6496 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Cecilia\AppData\Roaming\Blitware\FileHelper\updates\55ac37e42bc8bb128a2e15ea7fb0c0cf\filehelper_setup.exe"


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:32 PM

Posted 27 December 2015 - 05:58 AM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 lomonkey1

lomonkey1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 27 December 2015 - 12:26 PM

Thanks for the help so far. The computer appears to be behaving much better. I still see a couple of issues. This morning I noticed a program called "File Helper" was running. I do not know if this is malware, but it looked suspicious to me so I closed it.

 

I also have noticed that I am unable to open the "system properties" and "user accounts". The window appears to open up and immediately closes.

 

Lastly, the way files are displayed on the desktop and within folders is still incorrect. Within folders in windows explorer, no filenames are shown. Only the icons are shown in all different view types: thumbnails, details, list...



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:32 PM

Posted 27 December 2015 - 12:46 PM

You are welcome.
Filehelper isn't a malicious software. However, if there is no need for it, you can uninstall it as well.

Afterwards, please do the following:

Step 1

wraioneu.PNGWindows Repair (All-in-One)tweaking2.png

  • Please download and install Windows Repair.
  • Boot in "safe mode with networking"
  • Right-Click Windows Repair and select Run as administrator to run the tool.
  • Note: Do NOT use your computer whilst the programme is running (can take quite some time!).
  • Upon completion re-enable your Anti-Virusprogram.
  • Using Windows Explorer, navigate to the following folder:
    • 64-bit Systems: C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    • 32-bit Systems: C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
  • Open the log. Copy the contents and paste in your next reply.

1.png
2.png
3.png
4.png
5.png


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users