Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome Freezes up


  • This topic is locked This topic is locked
5 replies to this topic

#1 bdnh85

bdnh85

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 15 January 2016 - 12:52 PM

Intel Core 2 Quad CPUT Q6600 @ 2.40 GHz 

Memory: 4.00 GB

System Type: 64 Bit Operating System

 

 For several months I have been experiencing Google Chrome freeze up and it would take several seconds to come back. Sometimes I have to restart the computer. 

 

So far I have un-installed and re-installed and still having the same issues. 

 

I have attached a document containing Farbar (FRST) that I was instructed to run per Malware Response Team *Jo

 

  • Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01

    Ran by Deputy Devereaux (administrator) on DEVEREAUX-PC (15-01-2016 11:47:48)

    Running from C:\Users\Deputy Devereaux\Downloads

    Loaded Profiles: Deputy Devereaux & UpdatusUser (Available Profiles: Deputy Devereaux & UpdatusUser)

    Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)

    Internet Explorer Version 9 (Default browser: Chrome)

    Boot Mode: Normal

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

     

    ==================== Processes (Whitelisted) =================

     

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

     

    (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

    (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe

    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Premium\ioloGovernor64.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe

    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

    (Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe

    (Firetrust) C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe

    (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    (DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe

    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\n360.exe

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

    (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe

    (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

    (Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe

    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Premium\SMSystemAnalyzer.exe

    (Apple Inc.) C:\Program Files\iTunes\iTunes.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

    (Microsoft Corporation) C:\WINDOWS\splwow64.exe

    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Microsoft Corporation) C:\WINDOWS\SysWOW64\dllhost.exe

    (AOL Inc.) C:\Program Files (x86)\AIM\aim.exe

    (Davis Instuments Corp.) C:\WeatherLink\WeatherLink 6.0.3.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (ProScan) C:\Program Files (x86)\ProScan\ProScan.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    (RealNetworks, Inc.) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

     

     

    ==================== Registry (Whitelisted) ===========================

     

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

     

    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)

    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [198160 2015-02-17] (RealNetworks, Inc.)

    HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)

    HKLM\...\Policies\Explorer: [NoViewOnDrive] 0

    HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0

    HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

    HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0

    HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

    HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

    HKLM\...\Policies\Explorer: [NoShellSearchButton] 0

    HKLM\...\Policies\Explorer: [NoFind] 0

    HKLM\...\Policies\Explorer: [NoFile] 0

    HKLM\...\Policies\Explorer: [HideClock] 0

    HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0

    HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0

    HKLM\...\Policies\Explorer: [NoSetFolders] 0

    HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0

    HKLM\...\Policies\Explorer: [NoSetTaskbar] 0

    HKLM\...\Policies\Explorer: [NoDeletePrinter] 0

    HKLM\...\Policies\Explorer: [NoDFSTab] 0

    HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

    HKLM\...\Policies\Explorer: [NoLogoff] 0

    HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0

    HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0

    HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0

    HKLM\...\Policies\Explorer: [NoResolveSearch] 0

    HKLM\...\Policies\Explorer: [NoSaveSettings] 0

    HKLM\...\Policies\Explorer: [NoHardwareTab] 0

    HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0

    HKLM\...\Policies\Explorer: [NoDesktop] 0

    HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0

    HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0

    HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0

    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0

    HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0

    HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0

    HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0

    HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0

    HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0

    HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0

    HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0

    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0

    HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0

    HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0

    HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0

    HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [4331392 2012-05-30] (AOL Inc.)

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\system: [NoDispAppearancePage] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\system: [NoDispBackgroundPage] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\system: [NoDispSettingsPage] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoViewOnDrive] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoViewContextMenu] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoShellSearchButton] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoFind] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoFile] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [HideClock] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoTrayContextMenu] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoSetFolders] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoSetTaskbar] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoDeletePrinter] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoDFSTab] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoChangeStartMenu] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoLogoff] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoWindowsUpdate] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoEncryptOnMove] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoResolveSearch] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoSaveSettings] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoHardwareTab] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\MountPoints2: {764a744e-3d00-11e0-80ce-001fc64da9a5} - J:\setup.exe -a

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\MountPoints2: {808fff4d-688a-11e2-a38e-001fc64da9a5} - K:\MotoCastSetup.exe -a

    HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\MountPoints2: {eeb711a5-f5ce-11e4-86b5-001fc64da9a5} - K:\VZW_Software_upgrade_assistant.exe

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\system: [NoDispAppearancePage] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\system: [NoDispBackgroundPage] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\system: [NoDispSettingsPage] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoViewOnDrive] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [DisableLocalMachineRun] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [DisableCurrentUserRun] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoViewContextMenu] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoShellSearchButton] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoFind] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoFile] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [HideClock] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoTrayContextMenu] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoTrayItemsDisplay] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoSetFolders] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoDevMgrUpdate] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoSetTaskbar] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoDeletePrinter] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoDFSTab] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoChangeStartMenu] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoLogoff] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoWindowsUpdate] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoEncryptOnMove] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoRunasInstallPrompt] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoResolveSearch] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoSaveSettings] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoHardwareTab] 0

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\...\Policies\Explorer: [NoStartMenuSubFolders] 0

    HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

    HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"

    HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0

    HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0

    HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0

    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0

    HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0

    HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0

    HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0

    HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0

    AppInit_DLLs: C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll => No File

    AppInit_DLLs:  C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => No File

    AppInit_DLLs-x32: C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb.dll => No File

    HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll

    ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

    ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

    ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-11-26]

    ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)

    Startup: C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasherPro.lnk [2015-11-04]

    ShortcutTarget: MailWasherPro.lnk -> C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe (Firetrust)

    BootExecute: autocheck autochk * 4

    ҄rsautocheck smrgdf C:\Users\DEPUTY~1\AppData\Roaming\iolo\

     

    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    CHR HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

     

    ==================== Internet (Whitelisted) ====================

     

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

     

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    Tcpip\..\Interfaces\{1E6C176C-A2FA-4ED1-9311-0C4F2F822321}: [DhcpNameServer] 192.168.1.1

    Tcpip\..\Interfaces\{4AAC2EBC-F378-4F9D-8C0F-14E37B6AC89E}: [NameServer] 208.69.150.252,208.69.150.250

    Tcpip\..\Interfaces\{91D95F1B-7719-4933-84DA-BEAA18F26D43}: [NameServer] 208.69.150.252,208.69.150.250

     

    Internet Explorer:

    ==================

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com

    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32

    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32

    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32

    HKU\S-1-5-21-1658940081-1430581035-328123134-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32

    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}

    SearchScopes: HKLM -> {C9395E3C-F44F-40FA-9C18-99188BD28217} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =

    SearchScopes: HKLM-x32 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20111209221216237&tb_oid=09-12-2011&tb_mrud=09-12-2011

    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}

    SearchScopes: HKLM-x32 -> {C9395E3C-F44F-40FA-9C18-99188BD28217} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> DefaultScope {68057A38-A6D7-46AB-B328-B878E423BAA5} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=924581&p={searchTerms}

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {68057A38-A6D7-46AB-B328-B878E423BAA5} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=924581&p={searchTerms}

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1005 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1005 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}

    SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1005 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760

    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File

    BHO: No Name -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> No File

    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)

    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

    BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File

    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-28] (Oracle Corporation)

    BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)

    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-28] (Oracle Corporation)

    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)

    Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()

    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

    Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-11-12] (Microsoft Corporation)

    Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

    Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()

    Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File

    Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

    DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

    DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()

     

    FireFox:

    ========

    FF ProfilePath: C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205

    FF NewTab: google.com

    FF DefaultSearchEngine: Yahoo!

    FF DefaultSearchEngine.US: Google

    FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=

    FF SearchEngineOrder.1: default-search.net

    FF SearchEngineOrder.3: Bing

    FF SelectedSearchEngine: Yahoo!

    FF Homepage: hxxp://www.google.com/

    FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=924581&p=

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()

    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)

    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)

    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)

    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-28] (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-28] (Oracle Corporation)

    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

    FF Plugin-x32: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-02-17] (RealNetworks, Inc.)

    FF Plugin-x32: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2015-02-17] (RealNetworks, Inc.)

    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2015-02-17] (RealNetworks, Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)

    FF Plugin HKU\S-1-5-21-1658940081-1430581035-328123134-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Deputy Devereaux\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2009-11-30] (Unity Technologies ApS)

    FF user.js: detected! => C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\user.js [2014-12-03]

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-28] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-28] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-28] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-28] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-28] (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)

    FF SearchPlugin: C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\searchplugins\.xml [2013-05-02]

    FF SearchPlugin: C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\searchplugins\google-default.xml [2015-09-27]

    FF SearchPlugin: C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\searchplugins\norton-safe-search.xml [2015-11-07]

    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2014-05-01]

    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-12-03]

    FF Extension: Adguard AdBlocker - C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\Extensions\adguardadblocker@adguard.com.xpi [2016-01-03]

    FF Extension: United States English Spellchecker - C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\Extensions\en-US@dictionaries.addons.mozilla.org [2016-01-04]

    FF Extension: Adblock Plus - C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]

    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2015-12-18]

    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-08] [not signed]

    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-05] [not signed]

    FF HKLM-x32\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\ProgramData\iWin Games\firefox

    FF Extension: iWinGames Plugin - C:\ProgramData\iWin Games\firefox [2012-05-09] [not signed]

    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

    FF HKU\S-1-5-21-1658940081-1430581035-328123134-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

     

    Chrome:

    =======

    CHR HomePage: Default -> hxxp://www.google.com/

    CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U039&ocid=U039DHP&dt=071613","hxxp://google.com/"

    CHR NewTab: Default -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"

    CHR Profile: C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Slides) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]

    CHR Extension: (Downloads) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahigpjeolkfgjdaeodlmaceggigbpeoh [2015-09-27]

    CHR Extension: (Google Docs) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]

    CHR Extension: (Google Drive) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]

    CHR Extension: (Adguard AdBlocker) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-01-03]

    CHR Extension: (YouTube) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

    CHR Extension: (Adblock Plus) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]

    CHR Extension: (Norton Security Toolbar) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-09]

    CHR Extension: (Ad guard For App) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjcpdikeemlcjlpnnoilmdndgbcpfpm [2016-01-03]

    CHR Extension: (Google Search) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]

    CHR Extension: (Who Deleted Me) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiepnnbjenknnjgabbodaihlnkkpkgll [2015-11-23]

    CHR Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-11-17]

    CHR Extension: (Google Sheets) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]

    CHR Extension: (Google Docs Offline) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]

    CHR Extension: (Anonymous Internet 2015) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnlpnlfbehncbhabmbmjeapjejkpobcg [2015-09-21]

    CHR Extension: (New Tab Redirect) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-04-23]

    CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2014-10-17]

    CHR Extension: (Norton Identity Safe) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-09-06]

    CHR Extension: (Dropdown List of Most Visited Links) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2014-09-03]

    CHR Extension: (WeatherBug) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2015-08-06]

    CHR Extension: (Norton Safe) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-08-08]

    CHR Extension: (Chrome Web Store Payments) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

    CHR Extension: (ScriptSafe) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2015-07-13]

    CHR Extension: (Adblock Plus) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookcoahhikhembadmoepbhiepkmbjija [2015-01-23]

    CHR Extension: (ArcadeFrontier) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2015-11-23]

    CHR Extension: (Gmail) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

    CHR Extension: (Audio Cutter) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\plimnkafgoiilijmlbnfoafihjjijbfp [2015-05-26]

    CHR Extension: (Default-Search) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\poimdfnhgefmnkeefbjibbiemlimdnof [2014-12-03]

    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]

    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>

    CHR HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - <no Path/update_url>

    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-30]

    CHR HKLM-x32\...\Chrome\Extension: [fgnippahjheicjenccifemomfgjofdhp] - <no Path/update_url>

    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

    CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - <no Path/update_url>

    CHR HKLM-x32\...\Chrome\Extension: [poimdfnhgefmnkeefbjibbiemlimdnof] - hxxps://clients2.google.com/service/update2/crx

     

    Opera:

    =======

    OPR Extension: (AdBlock) - C:\Users\Deputy Devereaux\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2013-11-04]

    OPR Extension: (Adblock Plus) - C:\Users\Deputy Devereaux\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2013-11-04]

     

    ==================== Services (Whitelisted) ========================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

    R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)

    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-03] (IObit)

    S4 MotoConnect Service; C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [91456 2010-04-29] ()

    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.5.5.15\N360.exe [282016 2015-11-20] (Symantec Corporation)

    S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]

    S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]

    S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)

    S3 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)

    R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)

    S3 SWAS_Core; C:\Program Files (x86)\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe [1449984 2008-04-15] () [File not signed]

    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

    S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)

    S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [100664 2015-10-10] (Wondershare)

     

    ===================== Drivers (Whitelisted) ==========================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

    R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-08-26] (Emsisoft GmbH)

    R1 AmgHips; C:\Windows\System32\Drivers\AmgHips.sys [31008 2011-12-11] ()

    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160114.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)

    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605050.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)

    S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-08-26] (Emsisoft GmbH)

    S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [54072 2007-01-04] (Samsung Electronics)

    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)

    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-17] (EldoS Corporation)

    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)

    S1 FileDisk; no ImagePath

    R3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)

    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160114.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)

    S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1587968 2010-08-11] (Creative Technology Ltd.)

    S4 LMIRfsClientNP; no ImagePath

    R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160115.005\ENG64.SYS [138488 2015-10-26] (Symantec Corporation)

    R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160115.005\EX64.SYS [2148080 2015-10-26] (Symantec Corporation)

    S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()

    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-28] (EldoS Corporation)

    R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)

    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605050.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)

    R2 supersafer64; C:\Windows\SysWOW64\drivers\supersafer64.sys [238072 2010-08-09] (Spotmau)

    R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)

    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-04] (Symantec Corporation)

    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605050.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)

    R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1605050.00F\SYMTDIV.SYS [477400 2015-11-11] (Symantec Corporation)

    S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)

    S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]

    S3 cpuz134; \??\C:\Users\DEPUTY~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

    S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]

    S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]

    S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]

    S3 EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [X]

    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

    S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

    U2 Messenger; no ImagePath

    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

    S3 SAAppCtl; system32\DRIVERS\saappctl.sys [X]

    U0 SR; no ImagePath

    U2 srservice; no ImagePath

    S0 TfFsMon; system32\drivers\TfFsMon.sys [X]

    S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]

    S0 TFSysMon; system32\drivers\TfSysMon.sys [X]

    U4 vsserv; no ImagePath

     

    ==================== NetSvcs (Whitelisted) ===================

     

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

     

     

    ==================== One Month Created files and folders ========

     

    (If an entry is included in the fixlist, the file/folder will be moved.)

     

    2016-01-15 11:47 - 2016-01-15 11:48 - 00050125 _____ C:\Users\Deputy Devereaux\Downloads\FRST.txt

    2016-01-15 11:47 - 2016-01-15 11:47 - 00000000 ____D C:\FRST

    2016-01-15 11:45 - 2016-01-15 11:45 - 02370560 _____ (Farbar) C:\Users\Deputy Devereaux\Downloads\FRST64.exe

    2016-01-13 19:00 - 2016-01-10 16:00 - 02721017 _____ (ProScan ) C:\Users\Deputy Devereaux\Downloads\ProScan_8_8.exe

    2016-01-13 18:59 - 2016-01-13 18:59 - 02685915 _____ C:\Users\Deputy Devereaux\Downloads\ProScan_8_8.zip

    2016-01-11 19:13 - 2016-01-11 19:13 - 09022456 _____ C:\Users\Deputy Devereaux\Downloads\pingplotter_install.exe

    2016-01-07 18:32 - 2016-01-10 20:38 - 00036352 _____ C:\Users\Deputy Devereaux\Desktop\Body Building Work Out.xls

    2016-01-06 22:27 - 2016-01-06 22:27 - 00013824 _____ C:\Users\Deputy Devereaux\Desktop\1 Main St.xls

    2016-01-04 22:44 - 2016-01-05 12:34 - 00017408 _____ C:\Users\Deputy Devereaux\Desktop\My Diet.xls

    2016-01-03 22:21 - 2016-01-03 22:21 - 00013824 _____ C:\Users\Deputy Devereaux\Desktop\Book1.xls

    2016-01-03 13:00 - 2016-01-04 09:22 - 00017408 _____ C:\Users\Deputy Devereaux\Desktop\Week 17 Superbowl Yahoo Fant.xls

    2016-01-03 13:00 - 2016-01-03 13:00 - 00016896 _____ C:\Users\Deputy Devereaux\Desktop\2015-2016 Flu Report.xls

    2016-01-01 20:31 - 2016-01-01 20:31 - 00020992 _____ C:\Users\Deputy Devereaux\Desktop\Nashua Phase 1 Channels.xls

    2016-01-01 18:55 - 2016-01-03 19:49 - 00013824 _____ C:\Users\Deputy Devereaux\Desktop\New Fire Patches For 4th Jan 2016.xls

    2016-01-01 18:53 - 2016-01-03 19:49 - 00013824 _____ C:\Users\Deputy Devereaux\Desktop\Patches For Feb.xls

    2016-01-01 18:44 - 2016-01-01 18:54 - 00013824 _____ C:\Users\Deputy Devereaux\Documents\New Fire Patches For 4th Jan 2016.xls

    2015-12-27 12:07 - 2015-12-27 12:08 - 00156896 _____ C:\Users\Deputy Devereaux\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

    2015-12-27 12:07 - 2015-12-27 12:08 - 00110694 _____ C:\Users\Deputy Devereaux\AppData\Local\dd_dotnetfx35install.txt

    2015-12-27 12:07 - 2015-12-27 12:08 - 00001538 _____ C:\Users\Deputy Devereaux\AppData\Local\uxeventlog.txt

    2015-12-27 12:07 - 2015-12-27 12:07 - 00000002 _____ C:\Users\Deputy Devereaux\AppData\Local\dd_dotnetfx35error.txt

    2015-12-22 20:23 - 2015-11-05 04:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll

    2015-12-22 20:23 - 2015-11-05 03:55 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll

    2015-12-22 20:23 - 2015-11-05 02:54 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys

    2015-12-22 20:21 - 2015-11-02 12:04 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll

    2015-12-22 20:21 - 2015-11-02 11:44 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\els.dll

    2015-12-22 20:20 - 2015-11-06 12:05 - 00648704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

    2015-12-22 20:20 - 2015-11-06 11:43 - 00820224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

    2015-12-22 20:20 - 2015-11-06 11:36 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

    2015-12-22 20:20 - 2015-11-06 11:36 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

    2015-12-22 20:20 - 2015-11-06 11:36 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

    2015-12-22 20:20 - 2015-11-06 11:36 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

    2015-12-22 20:20 - 2015-11-06 11:32 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll

    2015-12-22 20:20 - 2015-11-06 11:32 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll

    2015-12-22 20:20 - 2015-11-06 11:32 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll

    2015-12-22 20:20 - 2015-11-06 11:32 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll

    2015-12-22 20:20 - 2015-11-06 11:00 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

    2015-12-22 20:20 - 2015-11-06 10:59 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

    2015-12-22 20:20 - 2015-11-06 10:50 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

    2015-12-22 20:20 - 2015-11-06 10:47 - 01561600 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

    2015-12-22 20:20 - 2015-11-06 10:47 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

    2015-12-22 20:20 - 2015-11-06 10:37 - 02799104 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2015-12-22 20:20 - 2015-11-06 10:27 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

    2015-12-22 20:20 - 2015-11-06 10:26 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

    2015-12-22 20:20 - 2015-11-06 10:20 - 01073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

    2015-12-22 20:20 - 2015-11-06 10:20 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

    2015-12-22 19:40 - 2015-11-05 02:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

    2015-12-22 19:40 - 2015-11-05 02:26 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

    2015-12-22 19:39 - 2015-11-10 12:03 - 01208832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll

    2015-12-22 19:39 - 2015-11-10 12:03 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll

    2015-12-22 19:39 - 2015-11-10 11:40 - 01683968 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll

    2015-12-22 19:39 - 2015-11-10 11:40 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll

    2015-12-22 19:33 - 2015-11-12 16:16 - 17892864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

    2015-12-22 19:33 - 2015-11-12 16:13 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

    2015-12-22 19:33 - 2015-11-12 16:09 - 10937856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

    2015-12-22 19:33 - 2015-11-12 16:08 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

    2015-12-22 19:33 - 2015-11-12 16:08 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

    2015-12-22 19:33 - 2015-11-12 16:07 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

    2015-12-22 19:33 - 2015-11-12 16:07 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

    2015-12-22 19:33 - 2015-11-12 16:06 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

    2015-12-22 19:33 - 2015-11-12 16:06 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

    2015-12-22 19:33 - 2015-11-12 16:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

    2015-12-22 19:33 - 2015-11-12 16:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

    2015-12-22 19:33 - 2015-11-12 16:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

    2015-12-22 19:33 - 2015-11-12 15:39 - 01814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

    2015-12-22 19:33 - 2015-11-12 15:37 - 12389376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

    2015-12-22 19:33 - 2015-11-12 15:36 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

    2015-12-22 19:33 - 2015-11-12 15:34 - 09753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

    2015-12-22 19:33 - 2015-11-12 15:34 - 01140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

    2015-12-22 19:33 - 2015-11-12 15:33 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

    2015-12-22 19:33 - 2015-11-12 15:32 - 00718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

    2015-12-22 19:33 - 2015-11-12 15:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

    2015-12-22 19:33 - 2015-11-12 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

    2015-12-22 19:33 - 2015-11-12 15:31 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

    2015-12-22 19:33 - 2015-11-12 15:31 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

    2015-12-22 19:33 - 2015-11-12 15:31 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

    2015-12-22 19:33 - 2015-11-12 15:31 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

    2015-12-22 19:33 - 2015-11-12 15:31 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    2015-12-22 19:33 - 2015-11-12 15:31 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

    2015-12-18 16:53 - 2016-01-12 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    2015-12-16 22:08 - 2015-12-16 22:08 - 00001752 _____ C:\Users\Public\Desktop\AIM.lnk

    2015-12-16 22:08 - 2015-12-16 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM

    2015-12-16 22:08 - 2015-12-16 22:08 - 00000000 ____D C:\Program Files (x86)\AIM

    2015-12-16 22:07 - 2015-12-16 22:08 - 00000375 ____H C:\IPH.PH

     

    ==================== One Month Modified files and folders ========

     

    (If an entry is included in the fixlist, the file/folder will be moved.)

     

    2016-01-15 11:47 - 2006-11-02 08:33 - 00000000 ____D C:\WINDOWS

    2016-01-15 11:26 - 2010-12-05 09:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2016-01-15 11:10 - 2012-05-28 19:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

    2016-01-15 10:42 - 2015-11-04 13:21 - 00000000 ____D C:\Program Files (x86)\ProScan

    2016-01-15 10:42 - 2010-12-23 18:45 - 00000000 ____D C:\WeatherLink

    2016-01-15 10:40 - 2006-11-02 10:22 - 00004144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

    2016-01-15 10:40 - 2006-11-02 10:22 - 00004144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

    2016-01-14 22:26 - 2010-12-05 09:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2016-01-14 22:03 - 2010-12-06 18:23 - 00000000 ____D C:\Users\Deputy Devereaux\AppData\Local\CrashDumps

    2016-01-14 20:04 - 2012-03-07 14:42 - 00000000 ____D C:\Users\Deputy Devereaux\Documents\IPN Calls

    2016-01-14 18:31 - 2013-05-02 17:29 - 00000390 _____ C:\Windows\Tasks\shield check.job

    2016-01-14 18:00 - 2013-07-16 13:29 - 00000488 _____ C:\Windows\Tasks\ParetoLogic Registration.job

    2016-01-13 19:01 - 2015-11-04 13:21 - 00000615 _____ C:\Users\Public\Desktop\ProScan.lnk

    2016-01-13 19:01 - 2015-11-04 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProScan

    2016-01-10 11:19 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\inf

    2016-01-10 11:19 - 2006-11-02 07:46 - 00763630 _____ C:\Windows\system32\PerfStringBackup.INI

    2016-01-09 20:52 - 2013-08-22 15:20 - 00017408 _____ C:\Users\Deputy Devereaux\Documents\Book1.xls

    2016-01-02 09:10 - 2014-09-27 21:14 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2016-01-02 09:10 - 2014-09-27 21:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2016-01-02 09:10 - 2012-05-28 19:07 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2016-01-01 10:39 - 2014-08-05 22:03 - 00000000 ____D C:\ProgramData\ProductData

    2016-01-01 10:37 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT

    2015-12-23 20:49 - 2006-11-02 10:21 - 00397864 _____ C:\Windows\system32\FNTCACHE.DAT

    2015-12-23 20:48 - 2015-01-12 19:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

    2015-12-23 20:48 - 2012-04-24 17:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    2015-12-23 20:45 - 2006-11-02 10:42 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT

    2015-12-22 20:23 - 2015-01-12 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

    2015-12-22 20:19 - 2015-02-04 20:11 - 00000000 ____D C:\Windows\system32\MRT

    2015-12-22 19:43 - 2006-11-02 07:35 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

    2015-12-21 19:39 - 2012-07-12 08:56 - 00000000 ____D C:\Users\Deputy Devereaux\Documents\Mike NZL111 Unverifed tweets

    2015-12-21 19:39 - 2012-03-04 20:47 - 00000000 ____D C:\Users\Deputy Devereaux\Documents\HL SCHED

    2015-12-21 19:37 - 2012-06-22 11:25 - 00000000 ____D C:\Users\Deputy Devereaux\Documents\IPN Calls From Members

    2015-12-16 22:08 - 2010-12-05 23:18 - 00000000 ____D C:\Users\Deputy Devereaux\AppData\Local\AOL

    2015-12-16 22:08 - 2010-12-05 19:24 - 00000000 ____D C:\Users\Deputy Devereaux\AppData\Local\AIM

     

    ==================== Files in the root of some directories =======

     

    2013-05-30 16:57 - 2013-05-30 16:58 - 0043147 _____ () C:\Program Files (x86)\DLS8Uninstall.log

    2013-07-16 14:48 - 2013-07-16 14:48 - 0000000 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\anyprotecttray.dat

    2012-10-19 08:51 - 2012-10-19 08:52 - 3736610 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\CleanUp!.log

    2011-05-05 17:01 - 2011-05-05 17:01 - 0000697 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\ConvAPIPlugin.log

    2013-06-26 16:54 - 2014-11-01 18:43 - 230343614 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\hkey_local_machine.reg

    2014-10-22 16:27 - 2014-10-22 16:27 - 0000033 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\mp3trimmerdirectorys.txt

    2013-06-26 16:52 - 2010-08-09 13:09 - 0000000 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\SuperSafer.cfg

    2014-03-03 17:00 - 2014-03-03 17:00 - 0026311 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\UserTile.png

    2011-12-25 12:34 - 2011-12-25 12:34 - 0000025 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\dayniw.dll

    2015-07-04 15:45 - 2015-07-04 15:45 - 0000022 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\lnzd232.dll

    2015-04-25 15:20 - 2015-04-25 15:20 - 0000023 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\ml4lnsonia.dll

    2014-10-04 10:26 - 2014-10-04 10:26 - 0000024 _____ () C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\unifyd233max.dll

    2011-02-27 19:24 - 2013-11-03 21:27 - 0001356 _____ () C:\Users\Deputy Devereaux\AppData\Local\d3d9caps.dat

    2013-01-17 17:21 - 2013-11-04 14:01 - 0000732 _____ () C:\Users\Deputy Devereaux\AppData\Local\d3d9caps64.dat

    2012-06-17 19:31 - 2015-07-09 15:40 - 0007168 _____ () C:\Users\Deputy Devereaux\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    2015-12-27 12:07 - 2015-12-27 12:08 - 0156896 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

    2015-12-27 12:07 - 2015-12-27 12:07 - 0000002 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_dotnetfx35error.txt

    2015-12-27 12:07 - 2015-12-27 12:08 - 0110694 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_dotnetfx35install.txt

    2011-11-25 16:55 - 2011-11-25 16:55 - 0365398 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI03E7.txt

    2012-07-13 17:55 - 2012-07-13 17:55 - 0393380 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI32C7.txt

    2014-04-30 16:47 - 2014-04-30 16:47 - 0352980 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI3630.txt

    2013-03-23 19:40 - 2013-03-23 19:40 - 0389216 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI3A95.txt

    2011-11-11 16:57 - 2011-11-11 16:57 - 0384478 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI3F86.txt

    2014-01-15 15:04 - 2014-01-15 15:04 - 0436968 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI5AC7.txt

    2011-11-11 12:21 - 2011-11-11 12:21 - 0389690 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI6C51.txt

    2011-12-25 12:48 - 2011-12-25 12:48 - 0369256 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI6EE9.txt

    2010-12-23 18:26 - 2010-12-23 18:26 - 0408664 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI6F35.txt

    2010-12-23 18:36 - 2010-12-23 18:36 - 0427928 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistMSI76B5.txt

    2011-11-25 16:55 - 2011-11-25 16:55 - 0013334 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI03E7.txt

    2012-07-13 17:55 - 2012-07-13 17:55 - 0011250 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI32C7.txt

    2014-04-30 16:47 - 2014-04-30 16:47 - 0016458 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI3630.txt

    2013-03-23 19:40 - 2013-03-23 19:40 - 0011482 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI3A95.txt

    2011-11-11 16:57 - 2011-11-11 16:57 - 1037494 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI3F86.txt

    2011-11-11 16:57 - 2011-11-11 16:57 - 1036858 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI3F87.txt

    2014-01-15 15:04 - 2014-01-15 15:04 - 0016494 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI5AC7.txt

    2011-11-11 12:21 - 2011-11-11 12:21 - 0012222 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI6C51.txt

    2011-11-11 12:21 - 2011-11-11 12:21 - 0011410 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI6C52.txt

    2011-12-25 12:48 - 2011-12-25 12:48 - 0011410 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI6EE9.txt

    2010-12-23 18:26 - 2010-12-23 18:26 - 0011720 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI6F35.txt

    2010-12-23 18:36 - 2010-12-23 18:36 - 0012438 _____ () C:\Users\Deputy Devereaux\AppData\Local\dd_vcredistUI76B5.txt

    2013-12-28 19:06 - 2013-12-28 19:06 - 0004096 ____H () C:\Users\Deputy Devereaux\AppData\Local\keyfile3.drm

    2015-11-07 17:27 - 2015-11-07 17:27 - 0000856 _____ () C:\Users\Deputy Devereaux\AppData\Local\recently-used.xbel

    2015-12-27 12:07 - 2015-12-27 12:08 - 0001538 _____ () C:\Users\Deputy Devereaux\AppData\Local\uxeventlog.txt

    2012-07-08 21:38 - 2012-07-08 21:38 - 0017408 _____ () C:\Users\Deputy Devereaux\AppData\Local\WebpageIcons.db

    2013-01-22 12:47 - 2013-01-22 12:47 - 0000085 _____ () C:\Users\Deputy Devereaux\AppData\Local\ZDManager.ini

    2011-05-18 20:30 - 2011-07-24 13:34 - 0001940 _____ () C:\Users\Deputy Devereaux\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

    2014-04-01 15:30 - 2014-04-01 15:30 - 0350523 _____ () C:\ProgramData\1396384028.bdinstall.bin

    2014-05-01 17:56 - 2014-05-01 17:56 - 0045374 _____ () C:\ProgramData\1398984965.bdinstall.bin

    2014-05-01 17:57 - 2014-05-01 17:57 - 0045803 _____ () C:\ProgramData\1398985010.bdinstall.bin

    2014-05-01 17:57 - 2014-05-01 17:58 - 0044373 _____ () C:\ProgramData\1398985072.12448.bin

    2014-05-01 17:57 - 2014-05-01 17:58 - 0000811 _____ () C:\ProgramData\1398985072.16692.bin

    2014-05-01 17:57 - 2014-05-01 17:58 - 0002062 _____ () C:\ProgramData\1398985072.19768.bin

    2014-05-01 18:11 - 2014-05-01 18:11 - 0129974 _____ () C:\ProgramData\1398985361.bdinstall.bin

    2014-05-01 18:04 - 2014-05-01 18:04 - 0034470 _____ () C:\ProgramData\1398985444.bdinstall.bin

    2012-01-30 11:09 - 2010-06-23 01:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini

    2008-02-25 08:38 - 2013-12-02 19:31 - 0009014 _____ () C:\ProgramData\hpzinstall.log

     

    Files to move or delete:

    ====================

    C:\Windows\Tasks\{D61442B3-97B4-4970-9F95-B38C9C6D9B84}.job

     

     

    Some zero byte size files/folders:

    ==========================

    C:\Windows\System32\BDSandBoxUH.dll

    C:\Windows\System32\BDSandBoxUISkin.dll

    C:\Windows\System32\BDSandBoxUISkin32.dll

    C:\Windows\System32\msmmsp.dll

     

    ==================== Bamital & volsnap =================

     

    (There is no automatic fix for files that do not pass verification.)

     

    C:\Windows\system32\winlogon.exe => File is digitally signed

    C:\Windows\system32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\system32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\system32\services.exe => File is digitally signed

    C:\Windows\system32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\system32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\system32\rpcss.dll => File is digitally signed

    C:\Windows\system32\dnsapi.dll => File is digitally signed

    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

     

     

    LastRegBack: 2016-01-15 00:33

     

    ==================== End of FRST.txt ============

Edited by bdnh85, 15 January 2016 - 01:38 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:50 PM

Posted 16 January 2016 - 11:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll => No File
AppInit_DLLs:  C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => No File
AppInit_DLLs-x32: C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb.dll => No File
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1005 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1005 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: No Name -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> No File
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SearchEngineOrder.1: default-search.net
FF user.js: detected! => C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\user.js [2014-12-03]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2014-05-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-12-03]
FF Extension: Adguard AdBlocker - C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\Extensions\adguardadblocker@adguard.com.xpi [2016-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\ProgramData\iWin Games\firefox
FF Extension: iWinGames Plugin - C:\ProgramData\iWin Games\firefox [2012-05-09] [not signed]
CHR NewTab: Default -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Extension: (Ad guard For App) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjcpdikeemlcjlpnnoilmdndgbcpfpm [2016-01-03]
CHR Extension: (New Tab Redirect) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-04-23]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2014-10-17]
CHR Extension: (ArcadeFrontier) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2015-11-23]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fgnippahjheicjenccifemomfgjofdhp] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - <no Path/update_url>
S1 FileDisk; no ImagePath
S4 LMIRfsClientNP; no ImagePath
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 cpuz134; \??\C:\Users\DEPUTY~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S3 EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U2 Messenger; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 SAAppCtl; system32\DRIVERS\saappctl.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
U4 vsserv; no ImagePath
C:\Program Files (x86)\Settings Manager

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 bdnh85

bdnh85
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 16 January 2016 - 05:56 PM

Hello. Below are the results

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Deputy Devereaux (2016-01-16 17:36:16) Run:1
Running from C:\Users\Deputy Devereaux\Downloads
Loaded Profiles: Deputy Devereaux & UpdatusUser (Available Profiles: Deputy Devereaux & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll => No File
AppInit_DLLs:  C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => No File
AppInit_DLLs-x32: C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb.dll => No File
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=221&itype=r&ver=14733&tm=551&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NSBU&chn=retail&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1005 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
SearchScopes: HKU\S-1-5-21-1658940081-1430581035-328123134-1005 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wdcxwd3200aaks-61l9a0_wd-wcav2u10932409324&ts=1411614760
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: No Name -> {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} -> No File
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKU\S-1-5-21-1658940081-1430581035-328123134-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF SearchEngineOrder.1: default-search.net
FF user.js: detected! => C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\user.js [2014-12-03]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-03-20] (Coupons, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml [2014-05-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-12-03]
FF Extension: Adguard AdBlocker - C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\Extensions\adguardadblocker@adguard.com.xpi [2016-01-03]
FF HKLM-x32\...\Firefox\Extensions: [{98e34367-8df7-42b4-837b-20b892ff0849}] - C:\ProgramData\iWin Games\firefox
FF Extension: iWinGames Plugin - C:\ProgramData\iWin Games\firefox [2012-05-09] [not signed]
CHR NewTab: Default -> "chrome-extension://icpgjfneehieebagbmdbhnlpiopdcmna/main.html"
CHR Extension: (Ad guard For App) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjcpdikeemlcjlpnnoilmdndgbcpfpm [2016-01-03]
CHR Extension: (New Tab Redirect) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-04-23]
CHR Extension: (WeatherBug (Legacy App)) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak [2014-10-17]
CHR Extension: (ArcadeFrontier) - C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2015-11-23]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx <not found>
CHR HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fgnippahjheicjenccifemomfgjofdhp] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - <no Path/update_url>
S1 FileDisk; no ImagePath
S4 LMIRfsClientNP; no ImagePath
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]
S3 cpuz134; \??\C:\Users\DEPUTY~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
S3 EraserUtilDrv11410; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S3 EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U2 Messenger; no ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]
S3 SAAppCtl; system32\DRIVERS\saappctl.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
U4 vsserv; no ImagePath
C:\Program Files (x86)\Settings Manager
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
"C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb64.dll" => Value data removed successfully.
" C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL" => Value data removed successfully.
"C:\Users\DEPUTY~1\AppData\Local\Linkey\IEEXTE~1\ietlb.dll" => Value data removed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found. 
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found. 
"HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found. 
"HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} => key not found. 
"HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. 
HKU\S-1-5-21-1658940081-1430581035-328123134-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1658940081-1430581035-328123134-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}" => key removed successfully
HKCR\CLSID\{425ED333-6083-428a-92C9-0CFC28B9D1BF} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key removed successfully
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}" => key removed successfully
HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found. 
HKU\S-1-5-21-1658940081-1430581035-328123134-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1658940081-1430581035-328123134-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} => value removed successfully
HKCR\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D} => key not found. 
HKU\S-1-5-21-1658940081-1430581035-328123134-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
Firefox SearchEngineOrder.1 removed successfully
C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\user.js => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml => moved successfully
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml => moved successfully
C:\Users\Deputy Devereaux\AppData\Roaming\Mozilla\Firefox\Profiles\e0ifdjxe.default-1353518558205\Extensions\adguardadblocker@adguard.com.xpi => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849} => value removed successfully
C:\ProgramData\iWin Games\firefox => moved successfully
Chrome NewTab => removed successfully
C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjcpdikeemlcjlpnnoilmdndgbcpfpm => moved successfully
C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna => moved successfully
C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak => moved successfully
C:\Users\Deputy Devereaux\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk" => key removed successfully
"HKU\S-1-5-21-1658940081-1430581035-328123134-1000\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgnippahjheicjenccifemomfgjofdhp" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe" => key removed successfully
FileDisk => service removed successfully
LMIRfsClientNP => service removed successfully
AntiLog32 => service removed successfully
cpuz134 => service removed successfully
EraserUtilDrv11313 => service removed successfully
EraserUtilDrv11410 => service removed successfully
EraserUtilDrv11411 => service removed successfully
EraserUtilDrv11510 => service removed successfully
IpInIp => service removed successfully
keycrypt => service removed successfully
LMIInfo => service removed successfully
MBAMSwissArmy => service removed successfully
Messenger => service removed successfully
NwlnkFlt => service removed successfully
NwlnkFwd => service removed successfully
PcdrNdisuio => service removed successfully
SAAppCtl => service removed successfully
SR => service removed successfully
srservice => service removed successfully
TfFsMon => service removed successfully
TfNetMon => service removed successfully
TFSysMon => service removed successfully
vsserv => service removed successfully
C:\Program Files (x86)\Settings Manager => moved successfully
EmptyTemp: => 1.7 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:43:47 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:50 PM

Posted 17 January 2016 - 08:33 AM

Any remaining issues with this computer?

Edited by nasdaq, 17 January 2016 - 08:34 AM.


#5 bdnh85

bdnh85
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 17 January 2016 - 09:39 AM

Right now I don't see any. If I do I'll re-post back. Thank You



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:50 PM

Posted 23 January 2016 - 09:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users