Solved Malware infested and crudware

elcajongunsfan · 2014/10/22

[Solved] Malware infested and crudware

my spouse's employee gave her a computer to look at. It is really slow and loads of junkware on it. It took me three hours just to be able to get to this website..It's really bad.. It has anyprotect, and 1st cleaner pro and junk. Here are the logs. I hope

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/22/2014
Scan Time: 6:07:25 PM
Logfile: mal.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.09.19.05
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 295131
Time Elapsed: 1 hr, 48 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.25.2
Run by User at 20:24:40 on 2014-10-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2005.701 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\click-n-mark\ClickAndMark_wd.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\IMGUpdater\IMGUpdater.exe
C:\Program Files\gorillaprice\gorillaprice.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\V-bates\guardsvc.exe
C:\Windows\system32\nethtsrv.exe
C:\Program Files\V-bates\notifier.exe
C:\Program Files\Norton Zone\Engine\2.0.97.14\NZ.exe
C:\Program Files\PCTechHotline\PCTechHotlineSvc.exe
C:\Program Files\PureLeads\plsapp.exe
C:\Program Files\Quiknowledge\Service\qksvc.exe
C:\Windows\system32\netupdsrv.exe
C:\Program Files\Common Files\Umbrella\Umbrella207.exe
C:\Program Files\Settings Manager\systemk\SystemkService.exe
C:\Program Files\Common Files\Umbrella\Umbrella207.exe
C:\Program Files\V-bates\ExtensionUpdaterService.exe
C:\Users\User\AppData\Roaming\VOPackage\VOsrv.exe
C:\Program Files\005\vulsrsebjh32.exe
C:\Program Files\003\xmkysecqun32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Settings Manager\systemk\SystemkService.exe
C:\Program Files\PureLeads\PureLeadsSvc.exe
C:\Program Files\Settings Manager\systemk\systemku.exe
C:\Program Files\Norton Zone\Engine\2.0.97.14\NZ.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Speed Test 127\BackgroundHost.exe
C:\Program Files\Free Games 111\BackgroundHost.exe
C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files\PureLeads\PureLeads.Service.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\ProgramData\WeCareReminder\ReminderHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.iminent.com/?appid=282a34a5-d269-44f3-b84c-a2529ce00693
uSearch Bar = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfIuH-rgd2B7I-nuRECMIEwQfTlak0a_RO7iir_jNzIjRfIdL5mZlKt3mg9KjMr7g-7K4_XqT79FlYUtyP2GzWgkgCo5w_MIK4eXTr7M3TjsRx23XDsgVjjE4WP_zlZPS2fQ8Z__xK48VVKMjKkUlw,,&q={searchTerms}
uSearch Page = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfIuH-rgd2B7I-nuRECMIEwQfTlak0a_RO7iir_jNzIjRfIdL5mZlKt3mg9KjMr7g-7K4_XqT79FlYUtyP2GzWgkgCo5w_MIK4eXTr7M3TjsRx23XDsgVjjE4WP_zlZPS2fQ8Z__xK48VVKMjKkUlw,,&q={searchTerms}
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0F0A0E0E0AyEtC0D0CyCtBtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCtB0BtDyEtByDtG0D0CyDyEtGtDtA0ByBtG0ByE0A0AtGyD0CyBzztB0DtCtAzy0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByC0EyCyEyBzy0AtGtBzzzzyCtG0C0F0BtDtGtB0C0B0BtGyDzy0E0B0E0D0BzztA0B0E0D2Q&cr=1330409231&ir=
uProxyServer = hxxp=127.0.0.1:13081;
uProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfIuH-rgd2B7I-nuRECMIEwQfTlak0a_RO7iir_jNzIjRfIdL5mZlKt3mg9KjMr7g-7K4_XqT79FlYUtyP2GzWgkgCo5w_MIK4eXTr7M3TjsRx23XDsgVjjE4WP_zlZPS2fQ8Z__xK48VVKMjKkUlw,,&q={searchTerms}
uURLSearchHooks: FLV Toolbar: {06197747-A47F-41FB-83D1-A00E9E00E276} - c:\program files\flv toolbar\ie\9.9\flvToolbarIE.dll
BHO: PruinceCoUpono: {00afa7a2-97d3-4c47-beff-906762fe2db0} - c:\programdata\pruincecoupono\tzIjStV9yGdskN.dll
BHO: FLV Toolbar: {06197747-A47F-41FB-83D1-A00E9E00E276} - c:\program files\flv toolbar\ie\9.9\flvToolbarIE.dll
BHO: Speed Test 127: {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - c:\program files\speed test 127\ScriptHost.dll
BHO: V-bates: {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - c:\program files\v-bates\Extension32.dll
BHO: SahoepPerMaseter: {23537EB7-6A82-52C5-3CBC-3E4FA7B7A930} - c:\programdata\sahoeppermaseter\qYpT9TJv4M.dll
BHO: Rich Media View: {261c16ea-977f-442a-89e2-ee01da147fae} -
BHO: TidyNetwork: {27C6307E-AF6D-39AF-DF3C-4BB6BEBE0F0F} - c:\program files\tidynetwork\petn.dll
BHO: SafeFinder SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Quiknowledge: {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - c:\program files\quiknowledge\ie\QuiknowledgeClientIE.dll
BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - c:\users\user\appdata\roaming\slick savings\Coupons.dll
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - c:\program files\linkey\ieextension\iedll.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\21.6.0.32\ips\ipsbho.dll
BHO: SaveSense: {71e129ff-6c2a-4984-818c-7e2c998b8d99} - c:\users\user\appdata\local\savesense\SaveSenseIE.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - <orphaned>
BHO: Media Buzz: {8849f31e-0b2f-434a-a1e8-d0a0886c4224} -
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - c:\program files\iminent\Minibar.InternetExplorer.BHOx86.dll
BHO: ClickaFoorSale: {bd9bdf8e-98c3-4f10-b07f-2a39828be494} - c:\programdata\clickafoorsale\SUcjdScRlkFrVT.dll
BHO: EaisyTuoshiop: {C38E8F51-6F8E-B8A0-D00A-B40DC9A60DF8} - c:\programdata\eaisytuoshiop\zX_oXWG.dll
BHO: Free Games 111: {C45EC9F0-8333-465D-9728-074BD41985C9} - c:\program files\free games 111\ScriptHost.dll
BHO: DOcaToTeXTCooNveratt: {D18B63F6-CD43-16AA-1F82-F2BD0CCF57C0} - c:\programdata\docatotextcoonveratt\xnAW.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: mysearchdial Helper Object: {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - c:\program files\mysearchdial\1.8.29.0\bh\mysearchdial.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.6.0.32\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: mysearchdial Toolbar: {3004627E-F8E9-4E8B-909D-316753CBA923} - c:\program files\mysearchdial\1.8.29.0\mysearchdialTlbr.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\21.6.0.32\coieplg.dll
TB: SafeFinder Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: FLV Toolbar: {06197747-A47F-41FB-83D1-A00E9E00E276} - c:\program files\flv toolbar\ie\9.9\flvToolbarIE.dll
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect "
dRunOnce: [Application Restart #0] c:\program files\google\chrome\application\chrome.exe --app=http://www.iminent.com/front/activation?refid=1 --app-window=640,480 --flag-switches-begin --disable-instant-extended-api --flag-switches-end --restore-last-session
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
LSP: c:\windows\system32\plsapp.dll
DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} - hxxps://myaccount.cox.net/internettools/scripts/Inspector.cab
TCP: NameServer = 192.168.1.1 68.105.28.12 68.105.29.12
TCP: Interfaces\{0F68B558-24BF-42D0-9423-1FDD72E87EC7} : DHCPNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1506000.020\symds.sys [2014-10-15 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1506000.020\symefa.sys [2014-10-15 936152]
R1 {42e50651-9669-456e-9081-d5a836274274}Gw;{42e50651-9669-456e-9081-d5a836274274}Gw;c:\windows\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw.sys [2014-4-25 52920]
R1 {42e50651-9669-456e-9081-d5a836274274}w;{42e50651-9669-456e-9081-d5a836274274}w;c:\windows\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}w.sys [2014-5-23 52920]
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w;{6fcd6092-9615-4f7f-8898-8df53980e5d2}w;c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [2014-7-7 52920]
R1 BHDrvx86;BHDrvx86;c:\program files\norton internet security\nortondata\21.0.0.100\definitions\bashdefs\20140606.001\BHDrvx86.sys [2014-6-10 1101616]
R1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\nis\1506000.020\ccsetx86.sys [2014-10-15 127064]
R1 ccSet_NZ;Norton Zone Settings Manager;c:\windows\system32\drivers\nz\0200610.00e\ccsetx86.sys [2014-7-28 127064]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files\settings manager\systemk\systemkmgrc1.cfg [2014-5-18 31120]
R1 IDSVix86;IDSVix86;c:\program files\norton internet security\nortondata\21.0.0.100\definitions\ipsdefs\20140611.001\IDSvix86.sys [2014-6-11 395992]
R1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-7-8 31744]
R1 nethfdrv;nethfdrv;c:\windows\system32\drivers\nethfdrv.sys [2014-10-8 40528]
R1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys [2014-2-5 52752]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1506000.020\ironx86.sys [2014-10-15 209624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nis\1506000.020\symnets.sys [2014-10-15 447704]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2014-10-10 990584]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-7-13 44544]
R2 GlobalUpdater;GlobalUpdater;c:\program files\common files\imgupdater\IMGUpdater.exe [2014-7-6 378152]
R2 GorillaPrice;GorillaPrice;c:\program files\gorillaprice\gorillaprice.exe -service --> c:\program files\gorillaprice\gorillaprice.exe -service [?]
R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2014-2-21 202080]
R2 Mext Guard;Mext Guard;c:\program files\v-bates\guardsvc.exe [2014-5-18 131920]
R2 NetHttpService;Network HTTP Support Service;c:\windows\system32\nethtsrv.exe [2014-10-8 180224]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\21.6.0.32\nis.exe [2014-10-15 276376]
R2 NZ;Norton Zone;c:\program files\norton zone\engine\2.0.97.14\nz.exe [2014-7-28 521504]
R2 PCTechHotlineSvc;PCTechHotlineService;c:\program files\pctechhotline\PCTechHotlineSvc.exe [2014-4-8 701800]
R2 plsapp;plsapp;c:\program files\pureleads\plsapp.exe [2014-1-23 3690784]
R2 PlsvcV1;PlsvcV1;c:\program files\pureleads\PureLeadsSvc.exe [2014-1-23 91936]
R2 PlsvcV2;PlsvcV2;c:\program files\pureleads\PureLeads.Service.exe [2014-1-23 24352]
R2 qksvc;Quiknowledge Client Service;c:\program files\quiknowledge\service\qksvc.exe [2014-2-5 273000]
R2 ServiceUpdater;Network Support Service Updater;c:\windows\system32\netupdsrv.exe [2014-10-8 161792]
R2 SProtection;SProtection;c:\program files\common files\umbrella\Umbrella207.exe [2014-8-11 3329184]
R2 SystemkService;Systemk Service;c:\program files\settings manager\systemk\SystemkService.exe [2014-5-18 3543056]
R2 V-bates Updater;V-bates Updater;c:\program files\v-bates\ExtensionUpdaterService.exe [2014-5-18 215376]
R2 VOsrv;Service Component of VO;c:\users\user\appdata\roaming\vopackage\VOsrv.exe [2014-2-24 353792]
R2 vulsrsebjh32;vulsrsebjh32;c:\program files\005\vulsrsebjh32.exe run options=01110010050000000000000000000000 sourceguid=c464b0d7-294a-4204-89da-9fb9b010fdb9 --> c:\program files\005\vulsrsebjh32.exe run options=01110010050000000000000000000000 sourceguid=C464B0D7-294A-4204-89DA-9FB9B010FDB9 [?]
R2 xmkysecqun32;xmkysecqun32;c:\program files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=48a0c3fc-2898-45e4-b2b9-147d27d29d45 --> c:\program files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45 [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-6-11 109872]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-9-19 38440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 savesenselive;SaveSenseLive Service (savesenselive);c:\program files\savesenselive\update\SaveSenseLive.exe [2014-3-2 146920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-24 108032]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-10-22 114904]
S3 savesenselivem;SaveSenseLive Service (savesenselivem);c:\program files\savesenselive\update\SaveSenseLive.exe [2014-3-2 146920]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-8-13 1343400]
.
=============== Created Last 30 ================
.
2014-10-23 03:21:05 687 ----a-w- C:\awhA63D.tmp
2014-10-23 01:01:37 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-23 01:00:50 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-23 01:00:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-23 01:00:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-23 01:00:49 -------- d-----w- c:\programdata\Malwarebytes
2014-10-23 01:00:49 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-23 00:48:10 687 ----a-w- C:\awh8C.tmp
2014-10-23 00:39:14 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84a6bd9d-2fce-4785-80ae-65526d928b9e}\mpengine.dll
2014-10-23 00:32:10 687 ----a-w- C:\awhD5A6.tmp
2014-10-23 00:03:18 -------- d-----w- c:\windows\pss
2014-10-23 00:01:37 687 ----a-w- C:\awh6D52.tmp
2014-10-19 19:27:40 687 ----a-w- C:\awhC428.tmp
2014-10-19 18:49:52 -------- d-----w- c:\programdata\PruinceCoUpono
2014-10-19 18:30:13 -------- d-----w- c:\programdata\ClickaFoorSale
2014-10-19 18:15:42 687 ----a-w- C:\awhD039.tmp
2014-10-16 00:42:22 687 ----a-w- C:\awh13BE.tmp
2014-10-16 00:28:31 -------- d-----w- c:\program files\iPod
2014-10-16 00:28:30 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-16 00:28:30 -------- d-----w- c:\program files\iTunes
2014-10-16 00:25:19 447704 ----a-w- c:\windows\system32\drivers\nis\1506000.020\symnets.sys
2014-10-16 00:25:18 936152 ----a-w- c:\windows\system32\drivers\nis\1506000.020\symefa.sys
2014-10-16 00:25:18 367704 ----a-r- c:\windows\system32\drivers\nis\1506000.020\symds.sys
2014-10-16 00:25:18 21520 ----a-r- c:\windows\system32\drivers\nis\1506000.020\symelam.sys
2014-10-16 00:25:17 664792 ----a-w- c:\windows\system32\drivers\nis\1506000.020\srtsp.sys
2014-10-16 00:25:17 32984 ----a-w- c:\windows\system32\drivers\nis\1506000.020\srtspx.sys
2014-10-16 00:25:17 209624 ----a-w- c:\windows\system32\drivers\nis\1506000.020\ironx86.sys
2014-10-16 00:25:16 127064 ----a-w- c:\windows\system32\drivers\nis\1506000.020\ccsetx86.sys
2014-10-16 00:24:18 30068 ----a-w- c:\windows\system32\drivers\nis\1506000.020\symvtcer.dat
2014-10-16 00:24:18 -------- d-----w- c:\windows\system32\drivers\nis\1506000.020
2014-10-16 00:08:53 687 ----a-w- C:\awhAC16.tmp
2014-10-16 00:04:29 -------- d-----w- c:\program files\Application Updater
2014-10-16 00:04:26 -------- d-----w- c:\program files\FLV Toolbar
2014-10-08 08:40:28 40528 ----a-w- c:\windows\system32\drivers\nethfdrv.sys
2014-10-08 08:39:56 161792 ----a-w- c:\windows\system32\netupdsrv.exe
2014-10-08 08:39:44 110592 ----a-w- c:\windows\system32\installd.exe
2014-10-08 08:39:30 180224 ----a-w- c:\windows\system32\nethtsrv.exe
2014-10-08 08:39:14 108544 ----a-w- c:\windows\system32\hfnapi.dll
2014-10-08 08:38:58 246784 ----a-w- c:\windows\system32\hfpapi.dll
2014-09-27 10:41:22 687 ----a-w- C:\awh8C76.tmp
2014-09-26 10:41:51 687 ----a-w- C:\awhB25D.tmp
2014-09-25 10:31:32 687 ----a-w- C:\awhA505.tmp
2014-09-25 05:29:32 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-25 05:23:40 687 ----a-w- C:\awh9D19.tmp
2014-09-25 04:47:10 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-25 03:30:20 -------- d-----w- c:\windows\CheckSur
2014-09-25 03:21:43 687 ----a-w- C:\awhC01.tmp
2014-09-25 03:20:14 -------- d-----w- c:\users\user\appdata\local\4649
.
==================== Find3M ====================
.
2014-10-02 22:53:02 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 04:03:48 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 04:03:48 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-25 04:03:34 3675824 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-09-18 20:00:01 687 ----a-w- C:\awh403A.tmp
2014-09-17 19:25:36 687 ----a-w- C:\awhA39E.tmp
2014-09-13 22:07:23 687 ----a-w- C:\awh3320.tmp
2014-09-09 10:30:32 687 ----a-w- C:\awh8CF3.tmp
2014-09-08 21:09:22 687 ----a-w- C:\awhAF61.tmp
2014-09-08 20:33:23 687 ----a-w- C:\awh943.tmp
2014-09-05 17:16:33 687 ----a-w- C:\awh1489.tmp
2014-09-05 01:52:10 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 01:47:39 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-03 20:52:17 687 ----a-w- C:\awh19D6.tmp
2014-08-23 01:46:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42:53 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-08-13 10:35:49 687 ----a-w- C:\awh1F14.tmp
2014-08-12 10:41:40 687 ----a-w- C:\awhDA.tmp
2014-08-12 07:35:24 687 ----a-w- C:\awh9304.tmp
2014-08-10 10:39:57 687 ----a-w- C:\awh447E.tmp
2014-08-09 10:32:30 687 ----a-w- C:\awh3F9E.tmp
2014-08-08 23:24:11 687 ----a-w- C:\awh6E2.tmp
2014-08-08 00:52:16 687 ----a-w- C:\awh6289.tmp
2014-08-05 20:21:31 687 ----a-w- C:\awhB163.tmp
2014-08-03 18:16:08 687 ----a-w- C:\awh49EB.tmp
2014-08-01 11:35:06 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-07-25 09:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
============= FINISH: 20:26:33.84 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2013 9:50:00 AM
System Uptime: 10/22/2014 8:14:57 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0DR845
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU | 2327/1333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 42.752 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP131: 9/26/2014 3:00:25 AM - Windows Update
RP132: 9/27/2014 3:00:31 AM - Windows Update
RP133: 10/15/2014 5:06:44 PM - Windows Backup
RP134: 10/15/2014 5:09:18 PM - Windows Update
RP135: 10/19/2014 11:15:31 AM - Windows Update
RP136: 10/19/2014 12:23:44 PM - New Restore
RP137: 10/22/2014 5:02:23 PM - Windows Update
RP138: 10/22/2014 5:04:57 PM - Windows Backup
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: DatamngrCoordinator.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: jumpflip - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: searchinstaller.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: searchsettings.exe - tasklist.exe
IFEO: searchsettings64.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: umbrella.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
IFEO: volaro - tasklist.exe
IFEO: vonteera - tasklist.exe
IFEO: websteroids.exe - tasklist.exe
IFEO: websteroidsservice.exe - tasklist.exe
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Advanced System Protector
allday savings
AnyProtect
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Extensions
CDBurnerXP
ClickaFoorSale
ClickAndMark
DesktopWeatherAlerts
deual44mE
DOcaToTeXTCooNveratt
EaisyTuoshiop
Fabulous discounts
FastClean PRO
FindRight
FLV Toolbar v9.9
FLV.com FLV Downloader 9.1
Free Games 111
Google Chrome
gorillaprice
HighliteApp
Iminent
IminentToolbar
Intel(R) Graphics Media Accelerator Driver
ISTCleaner
iTunes
Java 7 Update 25
Java Auto Updater
K-Lite Codec Pack 9.9.5 (Full)
Kaspersky Security Scan
Linkey
Malwarebytes Anti-Malware version 2.0.3.1025
Media Buzz
Media View
Media Watch
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MyPC Backup
Mysearchdial
Norton Internet Security
Norton Security Scan
Norton Zone
OffersWizard Network System Driver
OpenOffice 4.0.0
OpenSoftwareUpdater
Optimizer Pro v3.2
Paint.NET v3.5.10
PC Fix Speed 1.2.0.24
PC Performer
PC Tech Hotline
PruinceCoUpono
PureLeads
Quiknowledge
RegClean Pro
Rich Media View
SafeFinder Smartbar
SahoepPerMaseter
saveraon
SaveSense
SavetheChildren Reminder by We-Care.com v4.1.26.4
Search Protect
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Settings Manager
Slick Savings
Software Updater version 1.8.3
Software Version Updater
Speed Test 127
StormAlerts
Supra Savings
suprasavings
swMSM
TidyNetwork
V-bates 2.0.0.445
Video Performer
VO Package
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/22/2014 8:16:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: netfilter2
10/22/2014 8:15:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
10/22/2014 8:15:56 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/22/2014 8:13:05 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GorillaPrice service.
10/22/2014 5:53:36 PM, Error: Service Control Manager [7031] - The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
10/22/2014 5:48:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB3000869).
10/22/2014 5:48:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2957509).
10/22/2014 5:44:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/22/2014 5:44:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/22/2014 5:44:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/22/2014 5:33:19 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB3000988).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2973337).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2970228).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2984972).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2973201).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2972280).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2961072).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2957189).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2968294).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2894844).
10/22/2014 5:33:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Cumulative Security Update for Internet Explorer 11 for Windows 7 (KB2987107).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB3001554).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2952664).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2800095).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB3000061).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2977292).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2971850).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2957503).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2939576).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2979570).
10/22/2014 5:33:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2972100).
10/22/2014 5:10:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: System Update Readiness Tool for Windows 7 (KB947821) [May 2014].
10/19/2014 12:22:59 PM, Error: Service Control Manager [7034] - The plsapp service terminated unexpectedly. It has done this 1 time(s).
10/19/2014 12:22:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network HTTP Support Service service to connect.
10/19/2014 12:22:15 PM, Error: Service Control Manager [7000] - The Network HTTP Support Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2014 11:10:25 AM, Error: Service Control Manager [7000] - The PCTechHotlineService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/19/2014 11:10:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PCTechHotlineService service to connect.
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2973337).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 (KB2800095).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2973201).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2972280).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2971850).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2961072).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2957509).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2957503).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2957189).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 (KB2939576).
10/15/2014 5:15:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2894844).
10/15/2014 5:05:02 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================

What's interesting above is that malware bytes doesnt show anything. AT the end of the scan it said almost 4000 items and 3 were malicious

thanks

broni · 2014/10/23

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit to your desktop.

Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.

Double click on downloaded file. OK self extracting prompt.

MBAR will start. Click "Next" to continue.

Click in the following screen "Update" to obtain the latest malware definitions.

Once the update is complete select "Next" and click "Scan ".

When the scan is finished and no malware has been found select "Exit ".

If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.

Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:

"mbar-log-{date} (xx-xx-xx).txt "

"system-log.txt "

elcajongunsfan · 2014/10/23

Rogue killer seems to be stuck at 80%. Program is not frozen. but it's been an hour at 80% checking nethfdrv.

broni · 2014/10/23

Try to run it from safe mode.
How to start Windows in Safe Mode

If still same issue proceed with MBAR.

elcajongunsfan · 2014/10/23

Rogue Killer worked in safe mode but now Keyboard is dead. Tried another and same thing .Rebooted a couple times but still no go..Device Manager sez there is not driver.. Jeez.. num lite comes on during boot up but goes off at welcome screen

Computer said access is denied when installing a device driver. Was finally able to do it in safe mode. Now going to go back to normal mode and see if I can create the restore point.. I dont see it in safe mode

elcajongunsfan · 2014/10/23

RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User : User [Administrator]
Mode : Delete -- Date : 10/23/2014 18:30:03

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 124 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{71e129ff-6c2a-4984-818c-7e2c998b8d99} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{9B7B034B-944A-4261-B487-862F642F7615} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{C45EC9F0-8333-465D-9728-074BD41985C9} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8} -> Not selected
[PUP] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C45EC9F0-8333-465D-9728-074BD41985C9} -> Not selected
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} -> Not selected
[PUP] HKEY_USERS\S-1-5-21-2110635249-3450809219-4216027046-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71e129ff-6c2a-4984-818c-7e2c998b8d99} -> Not selected
[PUP] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files\Google\Chrome\Application\chrome.exe --app=http://www.iminent.com/front/activation?refid=1 --app-window=640,480 --flag-switches-begin --disable-instant-extended-api --flag-switches-end --restore-last-session -> Not selected
[PUP] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files\Google\Chrome\Application\chrome.exe --app=http://www.iminent.com/front/activation?refid=1 --app-window=640,480 --flag-switches-begin --disable-instant-extended-api --flag-switches-end --restore-last-session -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Application Updater ( "C:\Program Files\Application Updater\ApplicationUpdater.exe ") -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ca82e1a5 ( "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll ",ServiceMain) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 (\??\C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GlobalUpdater (C:\Program Files\Common Files\IMGUpdater\IMGUpdater.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter (system32\drivers\netfilter.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\qknfd (system32\drivers\qknfd.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\savesenselive (C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /svc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\savesenselivem (C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /medsvc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SProtection (C:\Program Files\Common Files\Umbrella\Umbrella207.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SystemkService (C:\Program Files\Settings Manager\systemk\SystemkService.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VOsrv (C:\Users\User\AppData\Roaming\VOPackage\VOsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\xmkysecqun32 (C:\Program Files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Application Updater ( "C:\Program Files\Application Updater\ApplicationUpdater.exe ") -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ca82e1a5 ( "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll ",ServiceMain) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 (\??\C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GlobalUpdater (C:\Program Files\Common Files\IMGUpdater\IMGUpdater.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter (system32\drivers\netfilter.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qknfd (system32\drivers\qknfd.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\savesenselive (C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /svc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\savesenselivem (C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /medsvc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SProtection (C:\Program Files\Common Files\Umbrella\Umbrella207.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SystemkService (C:\Program Files\Settings Manager\systemk\SystemkService.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VOsrv (C:\Users\User\AppData\Roaming\VOPackage\VOsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmkysecqun32 (C:\Program Files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Application Updater ( "C:\Program Files\Application Updater\ApplicationUpdater.exe ") -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BackupStack (C:\Program Files\MyPC Backup\BackupStack.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ca82e1a5 ( "C:\Windows\system32\rundll32.exe" "c:\progra~1\optimi~1\OptProCrashSvc.dll ",ServiceMain) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\F06DEFF2-5B9C-490D-910F-35D3A9119622 (\??\C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GlobalUpdater (C:\Program Files\Common Files\IMGUpdater\IMGUpdater.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\netfilter (system32\drivers\netfilter.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nethfdrv (\??\C:\Windows\system32\drivers\nethfdrv.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetHttpService (C:\Windows\system32\nethtsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\qknfd (system32\drivers\qknfd.sys) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\savesenselive (C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /svc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\savesenselivem (C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe /medsvc) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ServiceUpdater (C:\Windows\system32\netupdsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SProtection (C:\Program Files\Common Files\Umbrella\Umbrella207.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SystemkService (C:\Program Files\Settings Manager\systemk\SystemkService.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VOsrv (C:\Users\User\AppData\Roaming\VOPackage\VOsrv.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xmkysecqun32 (C:\Program Files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=48A0C3FC-2898-45E4-B2B9-147D27D29D45) -> Not selected
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-21-2110635249-3450809219-4216027046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Not selected
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&...GyDzy0E0B0E0D0BzztA0B0E0D2Q&cr=1330409231&ir= -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2110635249-3450809219-4216027046-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfIuH-rgd2B7I-nuRECMIEwQfTlak0a_RO7iir_jNzIjRfIdL5mZlKt3mg9KjMr7g-7K4_XqT79FlYUtyP2GzWgkgCo5w_MIK4eXTr7M3TjsRx23XDsgVjjE4WP_zlZInDM-MZk4QCtZbt3v9_dY6g,,&q={searchTerms} -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.105.28.12 68.105.29.12 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.105.28.12 68.105.29.12 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 68.105.28.12 68.105.29.12 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0F68B558-24BF-42D0-9423-1FDD72E87EC7} | DhcpNameServer : 192.168.1.1 68.105.28.12 68.105.29.12 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0F68B558-24BF-42D0-9423-1FDD72E87EC7} | DhcpNameServer : 192.168.1.1 68.105.28.12 68.105.29.12 -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0F68B558-24BF-42D0-9423-1FDD72E87EC7} | DhcpNameServer : 192.168.1.1 68.105.28.12 68.105.29.12 -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2110635249-3450809219-4216027046-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] AmiUpdXp.job -- C:\Users\User\AppData\Local\4649\a26552.exe -> Deleted
[Suspicious.Path] istcleaner Task.job -- C:\Users\User\AppData\Roaming\UpdateServ\ISTCleaner.exe (-run) -> Deleted
[Suspicious.Path] SaveSense.job -- C:\Users\User\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc0000061]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] ko8uap3p.default : Free Games 111 [freegames4357@BestOffers] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD800JD-75MSA3 ATA Device +++++
--- User ---
[MBR] 5228cdc372702a2b31146f6eed041927
[BSP] b36d015dcd4ee4a734a8bbe60b3d5745 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76191 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_10232014_182922.log

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.23.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17280
User :: 755-02 [administrator]

10/23/2014 7:02:34 PM
mbar-log-2014-10-23 (19-02-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 290619
Time elapsed: 13 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun32 (Trojan.Agent.SVR) -> Delete on reboot. [4a770e09a0dcf93d65b4c3c08e73ea16]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\WINDOWS\SYSTEM32\drivers\qknfd.sys (PUP.Optional.Quiknowledge.A) -> Delete on reboot. [516c2b75d2129a9dabc3e4c20b9ba5d0]
C:\Program Files\003\xmkysecqun32.exe (Trojan.Agent.SVR) -> Delete on reboot. [4a770e09a0dcf93d65b4c3c08e73ea16]
C:\Windows\System32\drivers\nethfdrv.sys (PUP.Optional.OffersWizard.A) -> Delete on reboot. [15dbc52e208a12f0b16f8cc80493d41b]
C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [9d79fb273e4ec8273fffb50e96df89c0]
C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [3f2bac8eab7191649740507892113997]
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys (PUP.Optional.Sanbreel.A) -> Delete on reboot. [3d725df31ddd1a83fd84752e8b4dc207]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17280

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.327000 GHz
Memory total: 2101985280, free: 1140686848

Downloaded database version: v2014.10.23.09
Downloaded database version: v2014.10.22.01
Initializing...
======================
------------ Kernel report ------------
10/23/2014 19:02:22
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NIS\1506000.020\SYMDS.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\NIS\1506000.020\SYMEFA.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\NIS\1506000.020\ccSetx86.sys
\SystemRoot\system32\drivers\NZ\0200610.00E\ccSetx86.sys
\SystemRoot\system32\drivers\NIS\1506000.020\Ironx86.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\system32\drivers\nethfdrv.sys
\SystemRoot\system32\drivers\qknfd.sys
\SystemRoot\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys
\SystemRoot\system32\drivers\netfilter.sys
\SystemRoot\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}w.sys
\SystemRoot\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\NIS\1506000.020\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT.SYS
\SystemRoot\system32\drivers\NIS\1506000.020\SRTSPX.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140611.001\IDSvix86.sys
\??\C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HECI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\UsbFltr.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\kernel32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ole32.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\shell32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\comdlg32.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\user32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\userenv.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85833030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\
Lower Device Object: 0xffffffff85372908
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85833030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85832128, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85833030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85372908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File C:\WINDOWS\SYSTEM32\drivers\qknfd.sys will be destroyed
Infected: C:\WINDOWS\SYSTEM32\drivers\qknfd.sys --> [PUP.Optional.Quiknowledge.A]
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 97BE5B6A

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 156041104

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-156230000-156250000)...
Done!
Infected: C:\Program Files\003\xmkysecqun32.exe --> [Trojan.Agent.SVR]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun32 --> [Trojan.Agent.SVR]
File C:\Windows\System32\drivers\nethfdrv.sys will be destroyed
Infected: C:\Windows\System32\drivers\nethfdrv.sys --> [PUP.Optional.OffersWizard.A]
File C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw.sys will be destroyed
Infected: C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw.sys --> [PUP.Optional.Sanbreel.A]
File C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w.sys will be destroyed
Infected: C:\Windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w.sys --> [PUP.Optional.Sanbreel.A]
File C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys will be destroyed
Infected: C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys --> [PUP.Optional.Sanbreel.A]
Scan finished
Creating System Restore point...
Cleaning up...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

broni · 2014/10/23

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

elcajongunsfan · 2014/10/23

There is still a program that called pc performer that starts up shortly after desktop..

Also, two windows came up during ComboFix that I assume had to do with ERDNT

oNe is error saving file C:windows\erdnt\hiv-backup\system

RegCreateKey ex 5 access is denied

Thanks

ComboFix 14-10-24.01 - User 10/23/2014 19:44:08.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2005.1030 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Free Games 111\ScRIpthost.dll
c:\program files\MyPC Backup
c:\program files\MyPC Backup\aff.conf
c:\program files\MyPC Backup\AlphaVSS.51.x86.dll
c:\program files\MyPC Backup\AlphaVSS.52.x64.dll
c:\program files\MyPC Backup\AlphaVSS.52.x86.dll
c:\program files\MyPC Backup\AlphaVSS.60.x64.dll
c:\program files\MyPC Backup\AlphaVSS.60.x86.dll
c:\program files\MyPC Backup\AlphaVSS.Common.dll
c:\program files\MyPC Backup\AWSSDK.dll
c:\program files\MyPC Backup\BackupStack.exe
c:\program files\MyPC Backup\Config\api.ts2
c:\program files\MyPC Backup\Configuration Updater.exe
c:\program files\MyPC Backup\Crypto32.dll
c:\program files\MyPC Backup\Crypto64.dll
c:\program files\MyPC Backup\Database\mpcb_backup_conf.db
c:\program files\MyPC Backup\Database\mpcb_file_cache.db
c:\program files\MyPC Backup\Database\mpcb_queues.db
c:\program files\MyPC Backup\Database\mpcb_settings.db
c:\program files\MyPC Backup\Database\mpcb_sig_cache.db
c:\program files\MyPC Backup\Database\mpcb_version_queue.db
c:\program files\MyPC Backup\de_DE.mo
c:\program files\MyPC Backup\diffstack.dll
c:\program files\MyPC Backup\es_ES.mo
c:\program files\MyPC Backup\fr_FR.mo
c:\program files\MyPC Backup\GetText.dll
c:\program files\MyPC Backup\it_IT.mo
c:\program files\MyPC Backup\LinqBridge.dll
c:\program files\MyPC Backup\log\AUTH.log
c:\program files\MyPC Backup\log\BACKUP.log
c:\program files\MyPC Backup\log\CLIENT.log
c:\program files\MyPC Backup\log\GRID_RECOVERY_INIT.log
c:\program files\MyPC Backup\log\LICENCE.log
c:\program files\MyPC Backup\log\NETWORK_SHARES.log
c:\program files\MyPC Backup\log\REMOTING.log
c:\program files\MyPC Backup\log\REQUEST.log
c:\program files\MyPC Backup\log\SERVER_DECODE_LOG.log
c:\program files\MyPC Backup\log\SERVICE.log
c:\program files\MyPC Backup\log\SHELL.log
c:\program files\MyPC Backup\log\UPDATER.log
c:\program files\MyPC Backup\log\UTC_MIGRATION.log
c:\program files\MyPC Backup\LogicNP.EZShellExtensions.dll
c:\program files\MyPC Backup\MPCBClient.dll
c:\program files\MyPC Backup\MPCBContextMenu.dll
c:\program files\MyPC Backup\MPCBIconOverlays.dll
c:\program files\MyPC Backup\MyPC Backup.exe
c:\program files\MyPC Backup\mypcbackup.ico
c:\program files\MyPC Backup\ObjectListView.dll
c:\program files\MyPC Backup\pt_PT.mo
c:\program files\MyPC Backup\RegisterExtensionDotNet20_x64.exe
c:\program files\MyPC Backup\RegisterExtensionDotNet20_x86.exe
c:\program files\MyPC Backup\Resources\keycache\_01b5904c-4236-4b2f-8aae-2cd53fb645af_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_01b5904c-4236-4b2f-8aae-2cd53fb645af_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_0b5046f5-c8e4-4234-b2ae-dc7100bede68_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_0b5046f5-c8e4-4234-b2ae-dc7100bede68_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_0bc15d63-a7c9-488a-bb85-9e23d148e5ed_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_0bc15d63-a7c9-488a-bb85-9e23d148e5ed_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_0bc7e50a-1f0a-47d2-a116-ba37211e9835_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_0bc7e50a-1f0a-47d2-a116-ba37211e9835_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_1167ce43-9249-4a51-af19-f21509987952_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_1167ce43-9249-4a51-af19-f21509987952_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_120a05f0-8e0d-4cbb-9239-e52af185bac5_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_120a05f0-8e0d-4cbb-9239-e52af185bac5_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_1940bf7a-b2a4-4e0b-b729-c1d604f7af65_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_1940bf7a-b2a4-4e0b-b729-c1d604f7af65_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_1f2181fb-1812-42bf-8223-68ccec14a818_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_1f2181fb-1812-42bf-8223-68ccec14a818_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_20e530b7-d392-4804-89d1-1c7ad2e7292a_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_20e530b7-d392-4804-89d1-1c7ad2e7292a_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_42c12244-c861-48c8-99a1-1c2a472bfadf_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_42c12244-c861-48c8-99a1-1c2a472bfadf_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_445cb4b3-9f46-4d55-a493-7984602bf15b_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_445cb4b3-9f46-4d55-a493-7984602bf15b_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_454354cf-5b58-4043-9685-7fc52993b5ce_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_454354cf-5b58-4043-9685-7fc52993b5ce_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_47681459-5459-4cbf-a331-57bfdb7bbcf2_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_47681459-5459-4cbf-a331-57bfdb7bbcf2_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_4e62b771-e418-4bc9-a810-3ec0901b40f4_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_4e62b771-e418-4bc9-a810-3ec0901b40f4_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_4eaeb81d-bd30-4f2a-85cc-02667633cc94_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_4eaeb81d-bd30-4f2a-85cc-02667633cc94_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_50904593-d9ac-484d-9667-a0fcb90f700a_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_50904593-d9ac-484d-9667-a0fcb90f700a_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_5734320e-6e45-4313-ae3d-64dc3c94d735_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_5734320e-6e45-4313-ae3d-64dc3c94d735_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_5bc8cbd1-03b4-4b4f-8b4b-df0611c621ca_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_5bc8cbd1-03b4-4b4f-8b4b-df0611c621ca_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_5ddc418b-9592-406f-a82a-80315aa777fc_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_5ddc418b-9592-406f-a82a-80315aa777fc_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_60b81667-b938-475e-a5ed-1c39107f406a_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_60b81667-b938-475e-a5ed-1c39107f406a_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_65ef165f-5cf6-468d-884e-c5391ce90190_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_65ef165f-5cf6-468d-884e-c5391ce90190_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_694e4484-a9bd-485a-b47c-d38caaadf2ae_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_694e4484-a9bd-485a-b47c-d38caaadf2ae_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_6d08f1ca-fc81-4bb6-8bc7-a0d0df1ad2c3_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_6d08f1ca-fc81-4bb6-8bc7-a0d0df1ad2c3_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_7ab92839-c722-4afa-bef5-6df4e0d81dce_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_7ab92839-c722-4afa-bef5-6df4e0d81dce_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_7b795b3f-2717-4541-8a92-7e5bba719077_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_7b795b3f-2717-4541-8a92-7e5bba719077_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_7dc41db6-a8b8-4304-aa5b-bce2d6bfe938_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_7dc41db6-a8b8-4304-aa5b-bce2d6bfe938_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_7ff6d527-26d8-4113-99ed-42805ce8ca46_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_7ff6d527-26d8-4113-99ed-42805ce8ca46_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_81445be4-2d13-4ea1-b8c1-3b640d6875eb_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_81445be4-2d13-4ea1-b8c1-3b640d6875eb_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_8d9147c7-705d-4d23-bdce-645dd764db49_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_8d9147c7-705d-4d23-bdce-645dd764db49_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_900a2c9a-5c5d-4a1d-ae55-1f237713e863_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_900a2c9a-5c5d-4a1d-ae55-1f237713e863_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_97b72379-0805-482a-96ad-b087bd601496_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_97b72379-0805-482a-96ad-b087bd601496_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_9a8abe4f-2e5c-4729-a455-560a770bd523_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_9a8abe4f-2e5c-4729-a455-560a770bd523_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_9f479105-1170-4db9-ac81-424d267cdeb0_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_9f479105-1170-4db9-ac81-424d267cdeb0_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_a22b617c-4957-4b63-a0a0-a0d580ddffa8_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_a22b617c-4957-4b63-a0a0-a0d580ddffa8_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_a638e453-f668-4fad-bdde-68f914b9730f_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_a638e453-f668-4fad-bdde-68f914b9730f_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_a94b5f8c-823e-4e22-b5c9-3852ec372a2a_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_a94b5f8c-823e-4e22-b5c9-3852ec372a2a_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_a9a6b00f-125c-4b0d-b962-53d06ef055b1_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_a9a6b00f-125c-4b0d-b962-53d06ef055b1_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_ac03cd40-00f7-441d-a94d-123554bd8590_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_ac03cd40-00f7-441d-a94d-123554bd8590_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_ae41d404-470a-46a3-9080-f7ed6e486ddc_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_ae41d404-470a-46a3-9080-f7ed6e486ddc_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_b0217afd-2f7e-487f-b0cf-c8a4c41495ec_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_b0217afd-2f7e-487f-b0cf-c8a4c41495ec_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_b145c0fc-316d-479e-8357-bd2741ee3eda_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_b145c0fc-316d-479e-8357-bd2741ee3eda_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_b20d37fa-13c6-44fc-b02c-e6fb88eb4eca_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_b20d37fa-13c6-44fc-b02c-e6fb88eb4eca_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_b82f6dbd-8dd8-4372-a89c-97e15b02c0de_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_b82f6dbd-8dd8-4372-a89c-97e15b02c0de_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_b88c9761-6e96-451d-8b29-6924fbb74023_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_b88c9761-6e96-451d-8b29-6924fbb74023_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_cb181cfe-6af1-4b1e-afb2-2d75e94fca54_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_cb181cfe-6af1-4b1e-afb2-2d75e94fca54_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_cf1ec7b3-99ae-46f4-9040-11cd11c1a66d_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_cf1ec7b3-99ae-46f4-9040-11cd11c1a66d_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_d24ee4a8-e1ac-4aed-8276-0af55375df34_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_d24ee4a8-e1ac-4aed-8276-0af55375df34_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_dac6dc27-292a-4794-8027-da7940e47083_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_dac6dc27-292a-4794-8027-da7940e47083_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_dd7e8f73-f89a-4e1d-bb75-c0b8d1e2f327_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_dd7e8f73-f89a-4e1d-bb75-c0b8d1e2f327_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_e500815c-9332-42d9-8917-24e827f17109_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_e500815c-9332-42d9-8917-24e827f17109_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_e86c378a-c091-47db-b1d0-59f82d33678b_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_e86c378a-c091-47db-b1d0-59f82d33678b_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_eb409084-15dc-4e71-b484-fedea1fbf723_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_eb409084-15dc-4e71-b484-fedea1fbf723_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_ee2199ca-e85a-4c5b-9310-6ff997d1e821_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_ee2199ca-e85a-4c5b-9310-6ff997d1e821_backupKeyCache.tree
c:\program files\MyPC Backup\Resources\keycache\_f744bca8-42fd-4384-8468-e3c4908effc7_backupKeyCache.block
c:\program files\MyPC Backup\Resources\keycache\_f744bca8-42fd-4384-8468-e3c4908effc7_backupKeyCache.tree
c:\program files\MyPC Backup\RestartExplorer.exe
c:\program files\MyPC Backup\Service Start.exe
c:\program files\MyPC Backup\Shared Stack.dll
c:\program files\MyPC Backup\Signup Wizard.exe
c:\program files\MyPC Backup\syncicon.ico
c:\program files\MyPC Backup\syncing.ico
c:\program files\MyPC Backup\tick.ico
c:\program files\MyPC Backup\uninst.exe
c:\program files\MyPC Backup\UnRegisterExtensions.exe
c:\program files\MyPC Backup\Updater.exe
c:\program files\MyPC Backup\x64\System.Data.SQLite.dll
c:\program files\MyPC Backup\x86\System.Data.SQLite.dll
c:\program files\SaveSenseLive
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdate.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\psmachine.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\psuser.dll
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHelper.msi
c:\program files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe
c:\program files\SaveSenseLive\Update\SaveSenseLive.exe
c:\programdata\ClickaFoorSale
c:\programdata\ClickaFoorSale\SUcjdScRlkFrVT.dat
c:\programdata\ClickaFoorSale\SUcjdScRlkFrVT.dll
c:\programdata\ClickaFoorSale\SUcjdScRlkFrVT.exe
c:\programdata\ClickaFoorSale\SUcjdScRlkFrVT.tlb
c:\programdata\PrinceCoeupon
c:\programdata\PrinceCoeupon\yAhaR3wkRKdjiz.dat
c:\programdata\PrinceCoeupon\yAhaR3wkRKdjiz.dll
c:\programdata\PrinceCoeupon\yAhaR3wkRKdjiz.exe
c:\programdata\PrinceCoeupon\yAhaR3wkRKdjiz.tlb
c:\programdata\SaveSenseLive
c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log
c:\users\user\appdata\local\fabulous_07281835\fabulous_07281835.exe
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjbfbocdmndlnndlgoafpkppjifack
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjbfbocdmndlnndlgoafpkppjifack\2.2\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjbfbocdmndlnndlgoafpkppjifack\2.2\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjbfbocdmndlnndlgoafpkppjifack\2.2\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjbfbocdmndlnndlgoafpkppjifack\2.2\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\170\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\170\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\170\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\170\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgaofoblihpmholkpioedjelemgjpafl\170\Tm.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\higenhmbdldeaeimmbjlhijmlpckejnc
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\higenhmbdldeaeimmbjlhijmlpckejnc\1.2\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\higenhmbdldeaeimmbjlhijmlpckejnc\1.2\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\higenhmbdldeaeimmbjlhijmlpckejnc\1.2\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\higenhmbdldeaeimmbjlhijmlpckejnc\1.2\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcoebcjaiiejopnadjlknjhifadnlg
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcoebcjaiiejopnadjlknjhifadnlg\143\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcoebcjaiiejopnadjlknjhifadnlg\143\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcoebcjaiiejopnadjlknjhifadnlg\143\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcoebcjaiiejopnadjlknjhifadnlg\143\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbcoebcjaiiejopnadjlknjhifadnlg\143\X16Y.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgjnhglhidbpdjbabpaglmpfofcidnm
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgjnhglhidbpdjbabpaglmpfofcidnm\157\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgjnhglhidbpdjbabpaglmpfofcidnm\157\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgjnhglhidbpdjbabpaglmpfofcidnm\157\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgjnhglhidbpdjbabpaglmpfofcidnm\157\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgjnhglhidbpdjbabpaglmpfofcidnm\157\MWrGE.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcbaflbkefenncpoknkphcbhebpibgf
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcbaflbkefenncpoknkphcbhebpibgf\3.2_0\background.html
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcbaflbkefenncpoknkphcbhebpibgf\3.2_0\content.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcbaflbkefenncpoknkphcbhebpibgf\3.2_0\lsdb.js
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngcbaflbkefenncpoknkphcbhebpibgf\3.2_0\manifest.json
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fopjniahfjckihdmagonnkjlfghdbjoh_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fopjniahfjckihdmagonnkjlfghdbjoh_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gpdjbfbocdmndlnndlgoafpkppjifack_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gpdjbfbocdmndlnndlgoafpkppjifack_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgaofoblihpmholkpioedjelemgjpafl_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hgaofoblihpmholkpioedjelemgjpafl_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_higenhmbdldeaeimmbjlhijmlpckejnc_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_higenhmbdldeaeimmbjlhijmlpckejnc_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mdgjnhglhidbpdjbabpaglmpfofcidnm_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mdgjnhglhidbpdjbabpaglmpfofcidnm_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ngcbaflbkefenncpoknkphcbhebpibgf_0.localstorage-journal
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ngcbaflbkefenncpoknkphcbhebpibgf_0.localstorage
c:\users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default\extensions\staged\R@QvC38P.net
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default\extensions\staged\R@QvC38P.net\bootstrap.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default\extensions\staged\R@QvC38P.net\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default\extensions\staged\R@QvC38P.net\content\bg.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default\extensions\staged\R@QvC38P.net\install.rdf
c:\users\User\AppData\Roaming\SaveSense
c:\users\User\AppData\Roaming\SaveSense\UpdateProc\config.dat
c:\users\User\AppData\Roaming\SaveSense\UpdateProc\info.dat
c:\users\User\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT
c:\users\User\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT
c:\users\User\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe
c:\windows\system32\config\systemprofile\AppData\LocalLow\.2.7.dat
c:\windows\system32\Tasks\FF Watcher {7FCA32FF-A77E-4936-800D-1FCF60B7E102}
c:\windows\system32\Tasks\FF Watcher {CF8CF68A-9C05-4096-937C-0660CD03CF3C}
c:\windows\Tasks\FF Watcher {7FCA32FF-A77E-4936-800D-1FCF60B7E102}.job
c:\windows\Tasks\FF Watcher {CF8CF68A-9C05-4096-937C-0660CD03CF3C}.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_nethfdrv
-------\Service_NetHttpService
-------\Service_savesenselive
-------\Service_ServiceUpdater
-------\Service_BackupStack
-------\Service_savesenselivem
-------\Service_BackupStack
-------\Service_savesenselivem
.
.
((((((((((((((((((((((((( Files Created from 2014-09-24 to 2014-10-24 )))))))))))))))))))))))))))))))
.
.
2014-10-24 02:24 . 2014-10-24 02:24 687 ----a-w- C:\awh4865.tmp
2014-10-24 02:14 . 2014-10-24 02:40 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A6BD9D-2FCE-4785-80AE-65526D928B9E}\offreg.dll
2014-10-24 02:04 . 2014-10-24 02:04 687 ----a-w- C:\awh9896.tmp
2014-10-24 02:02 . 2014-10-24 02:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-24 01:44 . 2014-10-24 01:44 687 ----a-w- C:\awh5456.tmp
2014-10-24 00:13 . 2014-10-24 00:13 687 ----a-w- C:\awh4D25.tmp
2014-10-24 00:12 . 2014-10-24 01:26 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-24 00:12 . 2014-10-24 00:12 -------- d-----w- c:\programdata\RogueKiller
2014-10-23 04:12 . 2014-10-23 04:12 687 ----a-w- C:\awh9397.tmp
2014-10-23 04:02 . 2014-10-23 04:02 -------- d-----w- c:\program files\PruinceCoUpono
2014-10-23 03:57 . 2014-10-23 03:57 -------- d-----w- c:\program files\SahoepPerMaseter
2014-10-23 03:48 . 2014-10-23 03:48 687 ----a-w- C:\awhD9EA.tmp
2014-10-23 03:32 . 2014-10-23 03:32 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2014-10-23 03:31 . 2014-10-23 03:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-10-23 03:21 . 2014-10-23 03:21 687 ----a-w- C:\awhA63D.tmp
2014-10-23 01:01 . 2014-10-24 02:02 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-23 01:00 . 2014-10-24 02:01 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-23 01:00 . 2014-10-01 18:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-23 01:00 . 2014-10-01 18:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-23 01:00 . 2014-10-23 01:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-23 01:00 . 2014-10-23 01:00 -------- d-----w- c:\programdata\Malwarebytes
2014-10-23 00:48 . 2014-10-23 00:48 687 ----a-w- C:\awh8C.tmp
2014-10-23 00:39 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A6BD9D-2FCE-4785-80AE-65526D928B9E}\mpengine.dll
2014-10-23 00:32 . 2014-10-23 00:32 687 ----a-w- C:\awhD5A6.tmp
2014-10-23 00:01 . 2014-10-23 00:01 687 ----a-w- C:\awh6D52.tmp
2014-10-19 19:27 . 2014-10-19 19:27 687 ----a-w- C:\awhC428.tmp
2014-10-19 18:49 . 2014-10-23 04:06 -------- d-----w- c:\programdata\PruinceCoUpono
2014-10-19 18:15 . 2014-10-19 18:15 687 ----a-w- C:\awhD039.tmp
2014-10-16 00:42 . 2014-10-16 00:42 687 ----a-w- C:\awh13BE.tmp
2014-10-16 00:28 . 2014-10-16 00:28 -------- d-----w- c:\program files\iPod
2014-10-16 00:28 . 2014-10-16 00:29 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-16 00:28 . 2014-10-16 00:29 -------- d-----w- c:\program files\iTunes
2014-10-16 00:24 . 2014-10-16 00:35 -------- d-----w- c:\windows\system32\drivers\NIS\1506000.020
2014-10-16 00:08 . 2014-10-16 00:08 687 ----a-w- C:\awhAC16.tmp
2014-10-16 00:04 . 2014-10-16 00:04 -------- d-----w- c:\program files\Application Updater
2014-10-16 00:04 . 2014-10-16 00:04 -------- d-----w- c:\program files\FLV Toolbar
2014-10-08 08:39 . 2014-10-08 08:39 161792 ----a-w- c:\windows\system32\netupdsrv.exe
2014-10-08 08:39 . 2014-10-08 08:39 110592 ----a-w- c:\windows\system32\installd.exe
2014-10-08 08:39 . 2014-10-08 08:39 180224 ----a-w- c:\windows\system32\nethtsrv.exe
2014-10-08 08:39 . 2014-10-08 08:39 108544 ----a-w- c:\windows\system32\hfnapi.dll
2014-10-08 08:38 . 2014-10-08 08:38 246784 ----a-w- c:\windows\system32\hfpapi.dll
2014-09-27 10:41 . 2014-09-27 10:41 687 ----a-w- C:\awh8C76.tmp
2014-09-26 10:41 . 2014-09-26 10:41 687 ----a-w- C:\awhB25D.tmp
2014-09-25 10:31 . 2014-09-25 10:31 687 ----a-w- C:\awhA505.tmp
2014-09-25 05:29 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-25 05:23 . 2014-09-25 05:23 687 ----a-w- C:\awh9D19.tmp
2014-09-25 04:47 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-25 03:30 . 2014-09-25 03:30 -------- d-----w- c:\windows\CheckSur
2014-09-25 03:21 . 2014-09-25 03:21 687 ----a-w- C:\awhC01.tmp
2014-09-25 03:20 . 2014-09-25 03:20 -------- d-----w- c:\users\User\AppData\Local\4649
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-02 22:53 . 2013-08-13 22:52 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 04:03 . 2013-08-14 17:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 04:03 . 2013-08-14 17:16 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-25 04:03 . 2014-07-10 10:03 3675824 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-09-18 20:00 . 2014-09-18 20:00 687 ----a-w- C:\awh403A.tmp
2014-09-17 19:25 . 2014-09-17 19:25 687 ----a-w- C:\awhA39E.tmp
2014-09-13 22:07 . 2014-09-13 22:07 687 ----a-w- C:\awh3320.tmp
2014-09-09 10:30 . 2014-09-09 10:30 687 ----a-w- C:\awh8CF3.tmp
2014-09-08 21:09 . 2014-09-08 21:09 687 ----a-w- C:\awhAF61.tmp
2014-09-08 20:33 . 2014-09-08 20:33 687 ----a-w- C:\awh943.tmp
2014-09-05 17:16 . 2014-09-05 17:16 687 ----a-w- C:\awh1489.tmp
2014-09-05 01:52 . 2014-09-18 20:36 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-05 01:47 . 2014-09-18 20:36 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-03 20:52 . 2014-09-03 20:52 687 ----a-w- C:\awh19D6.tmp
2014-08-23 01:46 . 2014-09-03 21:25 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-09-03 21:25 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-21 18:24 . 2014-10-24 03:00 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40C6F561-DD25-4D0B-B153-39457AD14785}\mpengine.dll
2014-08-13 10:35 . 2014-08-13 10:35 687 ----a-w- C:\awh1F14.tmp
2014-08-12 10:41 . 2014-08-12 10:41 687 ----a-w- C:\awhDA.tmp
2014-08-12 07:35 . 2014-08-12 07:35 687 ----a-w- C:\awh9304.tmp
2014-08-10 10:39 . 2014-08-10 10:39 687 ----a-w- C:\awh447E.tmp
2014-08-09 10:32 . 2014-08-09 10:32 687 ----a-w- C:\awh3F9E.tmp
2014-08-08 23:24 . 2014-08-08 23:24 687 ----a-w- C:\awh6E2.tmp
2014-08-08 00:52 . 2014-08-08 00:52 687 ----a-w- C:\awh6289.tmp
2014-08-05 20:21 . 2014-08-05 20:21 687 ----a-w- C:\awhB163.tmp
2014-08-03 18:16 . 2014-08-03 18:16 687 ----a-w- C:\awh49EB.tmp
2014-08-01 11:35 . 2014-09-18 20:36 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{27C6307E-AF6D-39AF-DF3C-4BB6BEBE0F0F}]
2014-02-25 00:12 106496 ----a-w- c:\program files\TidyNetwork\petn.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C38E8F51-6F8E-B8A0-D00A-B40DC9A60DF8}]
2014-02-20 23:41 423424 ----a-w- c:\programdata\EaisyTuoshiop\zX_oXWG.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D18B63F6-CD43-16AA-1F82-F2BD0CCF57C0}]
2014-02-20 23:41 423936 ----a-w- c:\programdata\DOcaToTeXTCooNveratt\xnAW.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayExcluded]
@= "{32427327-aea5-4bef-811a-b1bd00daf4b4} "
[HKEY_CLASSES_ROOT\CLSID\{32427327-aea5-4bef-811a-b1bd00daf4b4}]
2014-06-20 02:02 597344 ----a-r- c:\program files\Norton Zone\Engine\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayPending]
@= "{2cfec48b-08ec-4361-8575-7c0da17ab7a5} "
[HKEY_CLASSES_ROOT\CLSID\{2cfec48b-08ec-4361-8575-7c0da17ab7a5}]
2014-06-20 02:02 597344 ----a-r- c:\program files\Norton Zone\Engine\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlaySynced]
@= "{a9e700bc-92b0-403e-96b3-b87b06ff9d3a} "
[HKEY_CLASSES_ROOT\CLSID\{a9e700bc-92b0-403e-96b3-b87b06ff9d3a}]
2014-06-20 02:02 597344 ----a-r- c:\program files\Norton Zone\Engine\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE "= "c:\program files\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir "= "rmdir" [X]
"Application Restart 0 "= "c:\program files\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftwareUpdater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
backup=c:\windows\pss\SoftwareUpdater.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
backup=c:\windows\pss\DesktopWeatherAlerts.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fabulous_07281835.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fabulous_07281835.lnk
backup=c:\windows\pss\fabulous_07281835.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Storm Alerts.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
backup=c:\windows\pss\Storm Alerts.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormAlerts.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
backup=c:\windows\pss\StormAlerts.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Weather Alerts.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
backup=c:\windows\pss\Weather Alerts.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-31 19:15 43816 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE]
2014-01-11 10:29 866584 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-09-01 11:47 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSS]
2014-02-21 22:56 202080 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenSoftwareUpdater]
2014-03-31 19:36 3734016 ----a-w- c:\program files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PureLeads Tray]
2014-01-23 23:12 83232 ----a-w- c:\program files\PureLeads\PureLeadsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2014-10-10 22:06 1611072 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-08-01 22:02 1282048 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 14:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
2;2 PlsvcV2;PlsvcV2;c:\program files\PureLeads\PureLeads.Service.exe [x]
R1 {42e50651-9669-456e-9081-d5a836274274}Gw;{42e50651-9669-456e-9081-d5a836274274}Gw;c:\windows\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}Gw.sys [x]
R1 {42e50651-9669-456e-9081-d5a836274274}w;{42e50651-9669-456e-9081-d5a836274274}w;c:\windows\system32\drivers\{42e50651-9669-456e-9081-d5a836274274}w.sys [x]
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w;{6fcd6092-9615-4f7f-8898-8df53980e5d2}w;c:\windows\system32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w.sys [x]
R1 netfilter2;netfilter2;c:\windows\system32\drivers\netfilter2.sys [x]
R1 qknfd;qknfd;c:\windows\system32\drivers\qknfd.sys [x]
R2 ca82e1a5;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [2009-07-14 44544]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-13 1343400]
R4 SProtection;SProtection;c:\program files\Common Files\Umbrella\Umbrella207.exe [2014-08-11 3329184]
R4 vulsrsebjh32;vulsrsebjh32;c:\program files\005\vulsrsebjh32.exe run options=01110010050000000000000000000000 sourceguid=C464B0D7-294A-4204-89DA-9FB9B010FDB9 [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1506000.020\SYMDS.SYS [2013-08-01 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1506000.020\SYMEFA.SYS [2014-03-04 936152]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [2014-05-10 1101616]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [2014-02-20 127064]
S1 ccSet_NZ;Norton Zone Settings Manager;c:\windows\system32\drivers\NZ\0200610.00E\ccSetx86.sys [2013-09-26 127064]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;c:\program files\Settings Manager\systemk\systemkmgrc1.cfg [2014-05-18 31120]
S1 IDSVix86;IDSVix86;c:\program files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140611.001\IDSvix86.sys [2014-06-04 395992]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-07-08 31744]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [2014-08-06 209624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1506000.020\SYMNETS.SYS [2014-02-18 447704]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2014-10-10 990584]
S2 GlobalUpdater;GlobalUpdater;c:\program files\Common Files\IMGUpdater\IMGUpdater.exe [2014-06-18 378152]
S2 GorillaPrice;GorillaPrice;c:\program files\gorillaprice\gorillaprice.exe [2014-04-01 420864]
S2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-02-21 202080]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [2014-09-21 276376]
S2 NZ;Norton Zone;c:\program files\Norton Zone\Engine\2.0.97.14\NZ.exe [2014-06-20 521504]
S2 plsapp;plsapp;c:\program files\PureLeads\plsapp.exe [2014-01-23 3690784]
S2 PlsvcV1;PlsvcV1;c:\program files\PureLeads\PureLeadsSvc.exe [2014-01-23 91936]
S2 qksvc;Quiknowledge Client Service;c:\program files\Quiknowledge\Service\qksvc.exe [2014-02-05 273000]
S2 SystemkService;Systemk Service;c:\program files\Settings Manager\systemk\SystemkService.exe [2014-05-18 3543056]
S2 VOsrv;Service Component of VO;c:\users\User\AppData\Roaming\VOPackage\VOsrv.exe [2014-02-24 353792]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-06-11 109872]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-17 20:20 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 04:03]
.
2014-10-24 c:\windows\Tasks\ClickAndMark Update.job
- c:\program files\click-n-mark\clandm.exe [2014-02-25 00:12]
.
2014-10-24 c:\windows\Tasks\ClickAndMark_wd.job
- c:\program files\click-n-mark\ClickAndMark_wd.exe [2014-02-25 00:12]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-09 06:08]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-09 06:08]
.
2014-09-27 c:\windows\Tasks\Norton Security Scan for User.job
- c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-19 07:10]
.
2014-09-27 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files\PC Performer\PCPerformer.exe [2014-03-23 21:02]
.
2014-08-13 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files\PC Performer\PCPerformer.exe [2014-03-23 21:02]
.
2014-08-10 c:\windows\Tasks\RegClean Prosch.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-09-24 23:51]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_12_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0F0A0E0E0AyEtC0D0CyCtBtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCtB0BtDyEtByDtG0D0CyDyEtGtDtA0ByBtG0ByE0A0AtGyD0CyBzztB0DtCtAzy0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByC0EyCyEyBzy0AtGtBzzzzyCtG0C0F0BtDtGtB0C0B0BtGyDzy0E0B0E0D0BzztA0B0E0D2Q&cr=1330409231&ir=
uInternet Settings,ProxyServer = http=127.0.0.1:13081;
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfIuH-rgd2B7I-nuRECMIEwQfTlak0a_RO7iir_jNzIjRfIdL5mZlKt3mg9KjMr7g-7K4_XqT79FlYUtyP2GzWgkgCo5w_MIK4eXTr7M3TjsRx23XDsgVjjE4WP_zlZInDM-MZk4QCtZbt3v9_dY6g,,&q={searchTerms}
LSP: c:\windows\system32\plsapp.dll
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} - hxxps://myaccount.cox.net/internettools/scripts/Inspector.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{261c16ea-977f-442a-89e2-ee01da147fae} - c:\program files\RichMediaViewV1\RichMediaViewV1release256\ie\RichMediaViewV1release256.dll
BHO-{6d1c0c1b-9d02-43d8-a64f-f6e067f659da} - c:\programdata\PrinceCoeupon\yAhaR3wkRKdjiz.dll
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{8849f31e-0b2f-434a-a1e8-d0a0886c4224} - c:\program files\MediaBuzzV1\MediaBuzzV1mode1755\ie\MediaBuzzV1mode1755.dll
BHO-{bd9bdf8e-98c3-4f10-b07f-2a39828be494} - c:\programdata\ClickaFoorSale\SUcjdScRlkFrVT.dll
Toolbar-10 - (no file)
MSConfigStartUp-AnyProtect Scanner - c:\program files\AnyProtectEx\AnyProtect.exe
MSConfigStartUp-Browser Extensions - c:\users\User\AppData\Roaming\Slick Savings\CouponsHelper.exe
MSConfigStartUp-Browser Infrastructure Helper - c:\users\User\AppData\Local\Smartbar\Application\SafeFinder.exe
MSConfigStartUp-fabulous_07281835 - c:\users\user\appdata\local\fabulous_07281835\fabulous_07281835.exe
MSConfigStartUp-fastclean - c:\program files\FastClean PRO\fastcleanpro.exe
MSConfigStartUp-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
MSConfigStartUp-PCFixSpeed - c:\program files\PCFixSpeed\PCFixTray.exe
MSConfigStartUp-PCTechHotline - c:\program files\PCTechHotline\PCTechHotline.exe
MSConfigStartUp-Slick Savings - c:\users\User\AppData\Roaming\Slick Savings\CouponsHelper.exe
MSConfigStartUp-V-bates - c:\program files\V-bates\notifier.exe
AddRemove-7072d455-3ad2-4858-a052-2f1ed24f29e6 - c:\program files\click-n-mark\Uninstall.exe
AddRemove-MediaBuzzV1mode1755 - c:\program files\MediaBuzzV1\MediaBuzzV1mode1755\uninstall.exe
AddRemove-MyPC Backup - c:\program files\MyPC Backup\uninst.exe
AddRemove-{09854D8E-46B5-057B-5B6E-BFD2A04AD5AB} - c:\programdata\deual44mE\2sdSAKhs.exe
AddRemove-{6C998B44-82D8-CC7E-D847-4CD73036412A} - c:\programdata\ClickaFoorSale\SUcjdScRlkFrVT.exe
AddRemove-{D86C82B0-1F02-816A-5F3D-6466F6A67566} - c:\programdata\PrinceCoeupon\yAhaR3wkRKdjiz.exe
AddRemove-fabulous_07281835 - c:\users\user\appdata\local\fabulous_07281835\fabulous_07281835.exe
AddRemove-SaveSense - c:\users\User\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe
AddRemove-TidyNetwork - c:\users\User\AppData\Local\TidyNetwork\TidyNetwork.exe
.
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\services\NIS]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \ "NIS\" /m \ "c:\program files\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1 "
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\services\NZ]
"ImagePath "= "\ "c:\program files\Norton Zone\Engine\2.0.97.14\NZ.exe\" /s \ "NZ\" /m \ "c:\program files\Norton Zone\Engine\2.0.97.14\diMaster.dll\" /prefetch:1 "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\services\F06DEFF2-5B9C-490D-910F-35D3A9119622]
"ImagePath "= "\??\c:\program files\Settings Manager\systemk\systemkmgrc1.cfg "
"ImagePath "= "\SystemRoot\System32\Drivers\NIS\1506000.020\SYMNETS.SYS "
"TrustedImagePaths "= "c:\program files\Norton Internet Security\Engine\21.6.0.32 "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\services\GorillaPrice]
"ImagePath "= "c:\program files\gorillaprice\gorillaprice.exe -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\services\GorillaPrice]
@Denied: (A B 2 3) (Everyone)
"Type "=dword:00000010
"Start "=dword:00000002
"ErrorControl "=dword:00000001
"ImagePath "=expand: "c:\\Program Files\\gorillaprice\\gorillaprice.exe -service "
"DisplayName "= "GorillaPrice "
"ObjectName "= "LocalSystem "
"Description "= "This service will show you offers from GorillaPrice in a seperate window, up to 8 offers per day. "
"FailureActions "=hex:01,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,
00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Settings Manager\systemk\systemku.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2014-10-23 20:07:12 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-24 03:07
.
Pre-Run: 48,693,260,288 bytes free
Post-Run: 48,647,446,528 bytes free
.
- - End Of File - - B94121E28D4F4ADDFF641A9C979D8861
A36C5E4F47E84449FF07ED3517B43A31

broni · 2014/10/23

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fabulous_07281835.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
c:\windows\Tasks\ClickAndMark Update.job
c:\windows\Tasks\ClickAndMark_wd.job
c:\windows\Tasks\PC Performer_DEFAULT.job
c:\windows\Tasks\PC Performer_UPDATES.job


Folder::
c:\program files\PruinceCoUpono
c:\program files\SahoepPerMaseter
c:\programdata\PruinceCoUpono
c:\users\User\AppData\Local\4649
c:\program files\TidyNetwork
c:\programdata\EaisyTuoshiop
c:\programdata\DOcaToTeXTCooNveratt
c:\program files\Common Files\Spigot
c:\program files\005
c:\program files\Quiknowledge
c:\program files\Settings Manager
c:\users\User\AppData\Roaming\VOPackage
c:\program files\click-n-mark
c:\program files\PC Performer

DDS::
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=cmi_14_12_ch&cd=XzuyEtN2Y1L1QzutDtDtC0EyE0F0A0E0E0AyEtC0D0CyCtBtN0D0Tzu0SzztCtDtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCtB0BtDyEtByDtG0D0CyDyEtGtDtA0ByBtG0ByE0A0AtGyD0CyBzztB0DtCtAzy0CyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByC0EyCyEyBzy0AtGtBzzzyCtG0C0F0BtDtGtB0C0B0 BtGyDzy0E0B0E0D0BzztA0B0E0D2Q&cr=1330409231&ir=
uInternet Settings,ProxyServer = http=127.0.0.1:13081;
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfIuH-rgd2B7I-nuRECMIEwQfTlak0a_RO7iir_jNzIjRfIdL5mZlKt3mg9KjMr7g-7K4_XqT79FlYUtyP2GzWgkgCo5w_MIK4eXTr7M3TjsRx23XDsgVjjE4WP_zlZInDM-MZk4QCtZbt3v9_dY6g,,&q={searchTerms}

Driver::
PlsvcV2
{42e50651-9669-456e-9081-d5a836274274}Gw
{42e50651-9669-456e-9081-d5a836274274}w
{6fcd6092-9615-4f7f-8898-8df53980e5d2}w
qknfd
ca82e1a5
vulsrsebjh32
qksvc
SystemkService
VOsrv

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{27C6307E-AF6D-39AF-DF3C-4BB6BEBE0F0F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{C38E8F51-6F8E-B8A0-D00A-B40DC9A60DF8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D18B63F6-CD43-16AA-1F82-F2BD0CCF57C0}]
[-HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fabulous_07281835.lnk]
[-HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopWeatherAlerts.lnk]
[-HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Storm Alerts.lnk]
[-HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StormAlerts.lnk]
[-HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Weather Alerts.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\services\GorillaPrice]


ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

elcajongunsfan · 2014/10/24

Definitely running much better. In the beginning, I had dozens of windows popping up and the internet was erratic, and task manager wouldnt work or msconfig to try to stop some processes

Thanks

ComboFix 14-10-24.01 - User 10/24/2014 17:11:58.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2005.774 [GMT -7:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\cfscript.txt
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk "
"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fabulous_07281835.lnk "
"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk "
"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk "
"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk "
"c:\windows\Tasks\ClickAndMark Update.job "
"c:\windows\Tasks\ClickAndMark_wd.job "
"c:\windows\Tasks\PC Performer_DEFAULT.job "
"c:\windows\Tasks\PC Performer_UPDATES.job "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\005
c:\program files\005\vulsrsebjh32.exe
c:\program files\click-n-mark
c:\program files\click-n-mark\153.dat
c:\program files\click-n-mark\a.db
c:\program files\click-n-mark\b.db
c:\program files\click-n-mark\clandm.exe
c:\program files\click-n-mark\ClickAndMark_wd.exe
c:\program files\click-n-mark\ClickAndMark153.bin
c:\program files\click-n-mark\ClickAndMark153.ini
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx
c:\program files\Common Files\Spigot\GC\saamazon_1.0.crx
c:\program files\Common Files\Spigot\GC\saebay_1.1.crx
c:\program files\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files\Common Files\Spigot\Search Settings\config.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files\Common Files\Spigot\Search Settings\searchcom_ff.xml
c:\program files\Common Files\Spigot\Search Settings\searchcom_ie.xml
c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files\Common Files\Spigot\Search Settings\SearchSettings64.exe
c:\program files\Common Files\Spigot\Search Settings\wth189.dll
c:\program files\Common Files\Spigot\Search Settings\wthx189.dll
c:\program files\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files\Common Files\Spigot\Search Settings\yandextr_ff.xml
c:\program files\Common Files\Spigot\Search Settings\yandextr_ie.xml
c:\program files\PC Performer
c:\program files\PC Performer\Chinese_rcp.ini
c:\program files\PC Performer\CleanSchedule.exe
c:\program files\PC Performer\Danish_rcp.ini
c:\program files\PC Performer\Dutch_rcp.ini
c:\program files\PC Performer\eng_rcp.ini
c:\program files\PC Performer\Finnish_rcp_fi.ini
c:\program files\PC Performer\French_rcp.ini
c:\program files\PC Performer\German_rcp.ini
c:\program files\PC Performer\greek_rcp_el.ini
c:\program files\PC Performer\install_left_image.bmp
c:\program files\PC Performer\isxdl.dll
c:\program files\PC Performer\Italian_rcp.ini
c:\program files\PC Performer\Japanese_rcp.ini
c:\program files\PC Performer\korean_rcp_ko.ini
c:\program files\PC Performer\Norwegian_rcp.ini
c:\program files\PC Performer\PCPerformer.dll
c:\program files\PC Performer\PCPerformer.exe
c:\program files\PC Performer\polish_rcp_pl.ini
c:\program files\PC Performer\portugese_rcp_pt.ini
c:\program files\PC Performer\Portuguese_rcp.ini
c:\program files\PC Performer\russian_rcp_ru.ini
c:\program files\PC Performer\Spanish_rcp.ini
c:\program files\PC Performer\Swedish_rcp.ini
c:\program files\PC Performer\TraditionalCn_rcp_zh-tw.ini
c:\program files\PC Performer\turkish_rcp_tr.ini
c:\program files\PC Performer\unins000.dat
c:\program files\PC Performer\unins000.exe
c:\program files\PC Performer\unins000.msg
c:\program files\PC Performer\xmllite.dll
c:\program files\PruinceCoUpono
c:\program files\Quiknowledge
c:\program files\Quiknowledge\3rd Party Licenses\buildcrx-license.txt
c:\program files\Quiknowledge\3rd Party Licenses\Info-ZIP-license.txt
c:\program files\Quiknowledge\3rd Party Licenses\nsJSON-license.txt
c:\program files\Quiknowledge\3rd Party Licenses\SimpleSC-license.txt
c:\program files\Quiknowledge\3rd Party Licenses\UAC-license.txt
c:\program files\Quiknowledge\Chrome\dfgikfbdnbkcddjkkcfjchpbgoeiecaj.crx
c:\program files\Quiknowledge\IE\QuiknowledgeClientIE.dll
c:\program files\Quiknowledge\Service\qksvc.exe
c:\program files\Quiknowledge\terms-of-service.rtf
c:\program files\Quiknowledge\Uninstall.exe
c:\program files\SahoepPerMaseter
c:\program files\Settings Manager
c:\program files\Settings Manager\systemk\del_DM_DLL_nsqA8DF.dll
c:\program files\Settings Manager\systemk\del_DM_LL_nsqA8DF.dll
c:\program files\Settings Manager\systemk\del_mg_nsqA8DF.dll
c:\program files\Settings Manager\systemk\favicon.ico
c:\program files\Settings Manager\systemk\Helper.dll
c:\program files\Settings Manager\systemk\Internet Explorer Settings.exe
c:\program files\Settings Manager\systemk\sysapcrt.dll
c:\program files\Settings Manager\systemk\syskldr.dll
c:\program files\Settings Manager\systemk\syskldr_u.dll
c:\program files\Settings Manager\systemk\systemkbho.dll
c:\program files\Settings Manager\systemk\systemkChrome.dll
c:\program files\Settings Manager\systemk\systemkmgrc1.cfg
c:\program files\Settings Manager\systemk\SystemkService.exe
c:\program files\Settings Manager\systemk\systemku.exe
c:\program files\Settings Manager\systemk\tbicon.exe
c:\program files\Settings Manager\systemk\Uninstall.exe
c:\program files\TidyNetwork
c:\program files\TidyNetwork\petn.dll
c:\program files\TidyNetwork\petn64.dll
c:\programdata\DOcaToTeXTCooNveratt
c:\programdata\DOcaToTeXTCooNveratt\xnAW.dat
c:\programdata\DOcaToTeXTCooNveratt\xnAW.dll
c:\programdata\DOcaToTeXTCooNveratt\xnAW.exe
c:\programdata\DOcaToTeXTCooNveratt\xnAW.tlb
c:\programdata\EaisyTuoshiop
c:\programdata\EaisyTuoshiop\zX_oXWG.dat
c:\programdata\EaisyTuoshiop\zX_oXWG.dll
c:\programdata\EaisyTuoshiop\zX_oXWG.exe
c:\programdata\EaisyTuoshiop\zX_oXWG.tlb
c:\programdata\PruinceCoUpono
c:\users\User\AppData\Local\4649
c:\users\User\AppData\Local\4649\a26552.exe
c:\users\User\AppData\Local\4649\status.cfg
c:\users\User\AppData\Local\4649\Updater.xml
c:\users\User\AppData\Roaming\VOPackage
c:\users\User\AppData\Roaming\VOPackage\Uninstall.exe
c:\users\User\AppData\Roaming\VOPackage\VOPackage.exe
c:\users\User\AppData\Roaming\VOPackage\VOsrv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_QKNFD
-------\Legacy_{42E50651-9669-456E-9081-D5A836274274}GW
-------\Legacy_{42E50651-9669-456E-9081-D5A836274274}W
-------\Legacy_{6FCD6092-9615-4F7F-8898-8DF53980E5D2}W
-------\Service_{42e50651-9669-456e-9081-d5a836274274}Gw
-------\Service_{42e50651-9669-456e-9081-d5a836274274}w
-------\Service_{6fcd6092-9615-4f7f-8898-8df53980e5d2}w
-------\Service_ca82e1a5
-------\Service_PlsvcV2
-------\Service_qknfd
-------\Service_qksvc
-------\Service_SystemkService
-------\Service_VOsrv
-------\Service_vulsrsebjh32
-------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622
-------\Legacy_F06DEFF2-5B9C-490D-910F-35D3A9119622
-------\Service_F06DEFF2-5B9C-490D-910F-35D3A9119622
-------\Service_F06DEFF2-5B9C-490D-910F-35D3A9119622
.
.
((((((((((((((((((((((((( Files Created from 2014-09-25 to 2014-10-25 )))))))))))))))))))))))))))))))
.
.
2014-10-25 00:25 . 2014-08-21 18:24 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26731C5F-3330-4965-8E1B-65EDE1264DCA}\mpengine.dll
2014-10-25 00:23 . 2014-10-25 00:26 -------- d-----w- c:\users\User\AppData\Local\temp
2014-10-24 02:24 . 2014-10-24 02:24 687 ----a-w- C:\awh4865.tmp
2014-10-24 02:04 . 2014-10-24 02:04 687 ----a-w- C:\awh9896.tmp
2014-10-24 02:02 . 2014-10-24 02:59 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-24 01:44 . 2014-10-24 01:44 687 ----a-w- C:\awh5456.tmp
2014-10-24 00:13 . 2014-10-24 00:13 687 ----a-w- C:\awh4D25.tmp
2014-10-24 00:12 . 2014-10-24 01:26 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-24 00:12 . 2014-10-24 00:12 -------- d-----w- c:\programdata\RogueKiller
2014-10-23 04:12 . 2014-10-23 04:12 687 ----a-w- C:\awh9397.tmp
2014-10-23 03:48 . 2014-10-23 03:48 687 ----a-w- C:\awhD9EA.tmp
2014-10-23 03:32 . 2014-10-23 03:32 -------- d-----w- c:\users\User\AppData\Local\Mozilla
2014-10-23 03:31 . 2014-10-23 03:31 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-10-23 03:21 . 2014-10-23 03:21 687 ----a-w- C:\awhA63D.tmp
2014-10-23 01:01 . 2014-10-24 02:02 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-23 01:00 . 2014-10-24 02:01 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-23 01:00 . 2014-10-01 18:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-23 01:00 . 2014-10-01 18:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-23 01:00 . 2014-10-23 01:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-23 01:00 . 2014-10-23 01:00 -------- d-----w- c:\programdata\Malwarebytes
2014-10-23 00:48 . 2014-10-23 00:48 687 ----a-w- C:\awh8C.tmp
2014-10-23 00:39 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A6BD9D-2FCE-4785-80AE-65526D928B9E}\mpengine.dll
2014-10-23 00:32 . 2014-10-23 00:32 687 ----a-w- C:\awhD5A6.tmp
2014-10-23 00:01 . 2014-10-23 00:01 687 ----a-w- C:\awh6D52.tmp
2014-10-19 19:27 . 2014-10-19 19:27 687 ----a-w- C:\awhC428.tmp
2014-10-19 18:31 . 2014-09-04 05:04 372736 ----a-w- c:\windows\system32\rastls.dll
2014-10-19 18:30 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-19 18:29 . 2014-09-13 01:40 67072 ----a-w- c:\windows\system32\packager.dll
2014-10-19 18:15 . 2014-10-19 18:15 687 ----a-w- C:\awhD039.tmp
2014-10-16 00:42 . 2014-10-16 00:42 687 ----a-w- C:\awh13BE.tmp
2014-10-16 00:28 . 2014-10-16 00:28 -------- d-----w- c:\program files\iPod
2014-10-16 00:28 . 2014-10-16 00:29 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-16 00:28 . 2014-10-16 00:29 -------- d-----w- c:\program files\iTunes
2014-10-16 00:24 . 2014-10-16 00:35 -------- d-----w- c:\windows\system32\drivers\NIS\1506000.020
2014-10-16 00:08 . 2014-10-16 00:08 687 ----a-w- C:\awhAC16.tmp
2014-10-16 00:04 . 2014-10-16 00:04 -------- d-----w- c:\program files\Application Updater
2014-10-16 00:04 . 2014-10-16 00:04 -------- d-----w- c:\program files\FLV Toolbar
2014-10-08 08:39 . 2014-10-08 08:39 161792 ----a-w- c:\windows\system32\netupdsrv.exe
2014-10-08 08:39 . 2014-10-08 08:39 110592 ----a-w- c:\windows\system32\installd.exe
2014-10-08 08:39 . 2014-10-08 08:39 180224 ----a-w- c:\windows\system32\nethtsrv.exe
2014-10-08 08:39 . 2014-10-08 08:39 108544 ----a-w- c:\windows\system32\hfnapi.dll
2014-10-08 08:38 . 2014-10-08 08:38 246784 ----a-w- c:\windows\system32\hfpapi.dll
2014-09-27 10:41 . 2014-09-27 10:41 687 ----a-w- C:\awh8C76.tmp
2014-09-26 10:41 . 2014-09-26 10:41 687 ----a-w- C:\awhB25D.tmp
2014-09-25 10:31 . 2014-09-25 10:31 687 ----a-w- C:\awhA505.tmp
2014-09-25 05:29 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-25 05:23 . 2014-09-25 05:23 687 ----a-w- C:\awh9D19.tmp
2014-09-25 04:47 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-25 03:30 . 2014-09-25 03:30 -------- d-----w- c:\windows\CheckSur
2014-09-25 03:21 . 2014-09-25 03:21 687 ----a-w- C:\awhC01.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-02 22:53 . 2013-08-13 22:52 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-09-25 04:03 . 2013-08-14 17:16 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 04:03 . 2013-08-14 17:16 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-25 04:03 . 2014-07-10 10:03 3675824 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-09-18 20:00 . 2014-09-18 20:00 687 ----a-w- C:\awh403A.tmp
2014-09-17 19:25 . 2014-09-17 19:25 687 ----a-w- C:\awhA39E.tmp
2014-09-13 22:07 . 2014-09-13 22:07 687 ----a-w- C:\awh3320.tmp
2014-09-09 10:30 . 2014-09-09 10:30 687 ----a-w- C:\awh8CF3.tmp
2014-09-08 21:09 . 2014-09-08 21:09 687 ----a-w- C:\awhAF61.tmp
2014-09-08 20:33 . 2014-09-08 20:33 687 ----a-w- C:\awh943.tmp
2014-09-05 17:16 . 2014-09-05 17:16 687 ----a-w- C:\awh1489.tmp
2014-09-03 20:52 . 2014-09-03 20:52 687 ----a-w- C:\awh19D6.tmp
2014-08-23 01:46 . 2014-09-03 21:25 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-13 10:35 . 2014-08-13 10:35 687 ----a-w- C:\awh1F14.tmp
2014-08-12 10:41 . 2014-08-12 10:41 687 ----a-w- C:\awhDA.tmp
2014-08-12 07:35 . 2014-08-12 07:35 687 ----a-w- C:\awh9304.tmp
2014-08-10 10:39 . 2014-08-10 10:39 687 ----a-w- C:\awh447E.tmp
2014-08-09 10:32 . 2014-08-09 10:32 687 ----a-w- C:\awh3F9E.tmp
2014-08-08 23:24 . 2014-08-08 23:24 687 ----a-w- C:\awh6E2.tmp
2014-08-08 00:52 . 2014-08-08 00:52 687 ----a-w- C:\awh6289.tmp
2014-08-05 20:21 . 2014-08-05 20:21 687 ----a-w- C:\awhB163.tmp
2014-08-03 18:16 . 2014-08-03 18:16 687 ----a-w- C:\awh49EB.tmp
2014-08-01 11:35 . 2014-09-18 20:36 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayExcluded]
@= "{32427327-aea5-4bef-811a-b1bd00daf4b4} "
[HKEY_CLASSES_ROOT\CLSID\{32427327-aea5-4bef-811a-b1bd00daf4b4}]
2014-06-20 02:02 597344 ----a-r- c:\program files\Norton Zone\Engine\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlayPending]
@= "{2cfec48b-08ec-4361-8575-7c0da17ab7a5} "
[HKEY_CLASSES_ROOT\CLSID\{2cfec48b-08ec-4361-8575-7c0da17ab7a5}]
2014-06-20 02:02 597344 ----a-r- c:\program files\Norton Zone\Engine\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1NZOverlaySynced]
@= "{a9e700bc-92b0-403e-96b3-b87b06ff9d3a} "
[HKEY_CLASSES_ROOT\CLSID\{a9e700bc-92b0-403e-96b3-b87b06ff9d3a}]
2014-06-20 02:02 597344 ----a-r- c:\program files\Norton Zone\Engine\2.0.97.14\nzovrlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE "= "c:\program files\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir "= "rmdir" [X]
"Application Restart 0 "= "c:\program files\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftwareUpdater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
backup=c:\windows\pss\SoftwareUpdater.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2014-07-31 19:15 43816 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE]
2014-01-11 10:29 866584 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 02:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 02:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2014-09-01 11:47 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KSS]
2014-02-21 22:56 202080 ----a-w- c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenSoftwareUpdater]
2014-03-31 19:36 3734016 ----a-w- c:\program files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 02:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PureLeads Tray]
2014-01-23 23:12 83232 ----a-w- c:\program files\PureLeads\PureLeadsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-08-01 22:02 1282048 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 14:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 netfilter2;netfilter2;c:\windows\system32\drivers\netfilter2.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-08-13 1343400]
R4 SProtection;SProtection;c:\program files\Common Files\Umbrella\Umbrella207.exe [2014-08-11 3329184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1506000.020\SYMDS.SYS [2013-08-01 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1506000.020\SYMEFA.SYS [2014-03-04 936152]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [2014-05-10 1101616]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [2014-02-20 127064]
S1 ccSet_NZ;Norton Zone Settings Manager;c:\windows\system32\drivers\NZ\0200610.00E\ccSetx86.sys [2013-09-26 127064]
S1 IDSVix86;IDSVix86;c:\program files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140611.001\IDSvix86.sys [2014-06-04 395992]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-07-08 31744]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [2014-08-06 209624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1506000.020\SYMNETS.SYS [2014-02-18 447704]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2014-10-10 990584]
S2 GlobalUpdater;GlobalUpdater;c:\program files\Common Files\IMGUpdater\IMGUpdater.exe [2014-06-18 378152]
S2 GorillaPrice;GorillaPrice;c:\program files\gorillaprice\gorillaprice.exe [2014-04-01 420864]
S2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2014-02-21 202080]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [2014-09-21 276376]
S2 NZ;Norton Zone;c:\program files\Norton Zone\Engine\2.0.97.14\NZ.exe [2014-06-20 521504]
S2 plsapp;plsapp;c:\program files\PureLeads\plsapp.exe [2014-01-23 3690784]
S2 PlsvcV1;PlsvcV1;c:\program files\PureLeads\PureLeadsSvc.exe [2014-01-23 91936]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-06-11 109872]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 9600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-17 20:20 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-14 04:03]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-09 06:08]
.
2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-09 06:08]
.
2014-09-27 c:\windows\Tasks\Norton Security Scan for User.job
- c:\progra~1\NORTON~2\Engine\403~1.27\Nss.exe [2013-12-19 07:10]
.
2014-08-10 c:\windows\Tasks\RegClean Prosch.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2013-09-24 23:51]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:13081;
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9ho1IAoH5LYnFv7JfIuH-rgd2B7I-nuRECMIEwQfTlak0a_RO7iir_jNzIjRfIdL5mZlKt3mg9KjMr7g-7K4_XqT79FlYUtyP2GzWgkgCo5w_MIK4eXTr7M3TjsRx23XDsgVjjE4WP_zlZInDM-MZk4QCtZbt3v9_dY6g,,&q={searchTerms}
LSP: c:\windows\system32\plsapp.dll
TCP: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} - hxxps://myaccount.cox.net/internettools/scripts/Inspector.cab
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PC Performer_is1 - c:\program files\PC Performer\unins000.exe
AddRemove-Quiknowledge - c:\program files\Quiknowledge\Uninstall.exe
AddRemove-Settings Manager - c:\program files\Settings Manager\systemk\Uninstall.exe
AddRemove-VOPackage - c:\users\User\AppData\Roaming\VOPackage\uninstall.exe
AddRemove-{532970A2-464B-73CB-BBC4-F209EAD3EEBE} - c:\programdata\EaisyTuoshiop\zX_oXWG.exe
AddRemove-{7A9162C6-CEE2-E501-23B7-E4706037263C} - c:\programdata\DOcaToTeXTCooNveratt\xnAW.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\User\AppData\Local\4649\a26552.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath "= "\ "c:\program files\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \ "NIS\" /m \ "c:\program files\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1 "
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NZ]
"ImagePath "= "\ "c:\program files\Norton Zone\Engine\2.0.97.14\NZ.exe\" /s \ "NZ\" /m \ "c:\program files\Norton Zone\Engine\2.0.97.14\diMaster.dll\" /prefetch:1 "
"ImagePath "= "\SystemRoot\System32\Drivers\NIS\1506000.020\SYMNETS.SYS "
"TrustedImagePaths "= "c:\program files\Norton Internet Security\Engine\21.6.0.32 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GorillaPrice]
"ImagePath "= "c:\program files\gorillaprice\gorillaprice.exe -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "ChromeHTML "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GorillaPrice]
@Denied: (A B 2 3) (Everyone)
"Type "=dword:00000010
"Start "=dword:00000002
"ErrorControl "=dword:00000001
"ImagePath "=expand: "c:\\Program Files\\gorillaprice\\gorillaprice.exe -service "
"DisplayName "= "GorillaPrice "
"ObjectName "= "LocalSystem "
"Description "= "This service will show you offers from GorillaPrice in a seperate window, up to 8 offers per day. "
"FailureActions "=hex:01,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,
00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00,01,00,00,00,64,00,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2014-10-24 17:30:44 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-25 00:30
ComboFix2.txt 2014-10-24 03:07
.
Pre-Run: 48,450,932,736 bytes free
Post-Run: 47,841,398,784 bytes free
.
- - End Of File - - B738543A0B996DC50EFC8FC0B46B4078
A36C5E4F47E84449FF07ED3517B43A31

broni · 2014/10/24

There was a lot of crapware and I still see some more...

Uninstall RegClean Pro.

Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

elcajongunsfan · 2014/10/24

Had one web popup come up during my copy and paste. Its a click.cpvdvr. blah blah blah website that normally has no content in it. This time it had an eyeball.. In the beginning, it would come up several times and i could kill it through task manager.

Thanks

# AdwCleaner v4.001 - Report created 24/10/2014 at 18:09:29
# DB v2014-10-23.2
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : User - 755-02
# Running from : C:\Users\User\Desktop\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Application Updater
Service Deleted : GlobalUpdater
Service Deleted : netfilter
[#] Service Deleted : SProtection

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\User\AppData\Local\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\DataMngr
Folder Deleted : C:\Program Files\FindRight
Folder Deleted : C:\Program Files\FLVM Player
Folder Deleted : C:\Program Files\Free Games 111
Folder Deleted : C:\Users\User\AppData\Local\genienext
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Users\User\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl
Folder Deleted : C:\Program Files\Common Files\IMGUpdater
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Linkey
Folder Deleted : C:\Users\User\AppData\Local\Local_Weather_LLC
Folder Deleted : C:\Users\User\AppData\Local\Mobogenie
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Folder Deleted : C:\Users\User\Documents\Mobogenie
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\User\AppData\Roaming\newnext.me
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Users\User\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\User\Documents\Optimizer Pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer
Folder Deleted : C:\Program Files\PCFixSpeed
Folder Deleted : C:\Users\User\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\User\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\User\AppData\Local\SaveSense
Folder Deleted : C:\Users\User\AppData\Local\SaveSenseLive
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\Windows\system32\SearchProtect
Folder Deleted : C:\Users\User\AppData\Local\Slick Savings
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
Folder Deleted : C:\Program Files\Software Updater
Folder Deleted : C:\Users\User\AppData\Local\SwvUpdater
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\Users\User\AppData\Roaming\Systweak
Folder Deleted : C:\Users\User\AppData\Local\TidyNetwork
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\ProgramData\UpdateCommon
Folder Deleted : C:\Users\User\AppData\Roaming\ValueApps
Folder Deleted : C:\Program Files\V-bates
Folder Deleted : C:\Program Files\Video Performer
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Performer
Folder Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
Folder Deleted : C:\Users\User\AppData\Local\WeatherAlerts
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\deual44mE
Folder Deleted : C:\ProgramData\SahoepPerMaseter
Folder Deleted : C:\ProgramData\saveraon
Folder Deleted : C:\Users\User\AppData\Local\fabulous_07281835
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie
[!] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
[!] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj
[!] Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp
File Deleted : C:\Users\User\AppData\Local\AnyProtectScannerSetup.exe
File Deleted : C:\Users\User\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\User\daemonprocess.txt
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Windows\system32\hfpapi.dll
File Deleted : C:\Windows\system32\installd.exe
File Deleted : C:\Users\User\Desktop\MyPC Backup.lnk
File Deleted : C:\Windows\system32\nethtsrv.exe
File Deleted : C:\Windows\system32\netupdsrv.exe
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : AmiUpdXp
Task Deleted : APSnotifierCA
Task Deleted : FinishInstall igdhbblpcellaljokkpfhcjlagemhgjl
Task Deleted : PC Performer
Task Deleted : SaveSense

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\User\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [freegames4357@bestoffers]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.BackgroundHostObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.Navbar
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.Navbar.1
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.Tool
Key Deleted : HKLM\SOFTWARE\Classes\Free Games 111.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Key Deleted : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Speed Test 127.BackgroundHostObject
Key Deleted : HKLM\SOFTWARE\Classes\Speed Test 127.BackgroundHostObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SafeFinder_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WeatherAlerts_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\SettingsManagerIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\ShopperMaistera.ShopperMaistera
Key Deleted : HKLM\SOFTWARE\Classes\ShopperMaistera.ShopperMaistera.1.7
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292715
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{16F7ED3A-ECD8-46C7-8FD3-E4A8C79884D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C099CD7B-A94C-4229-B6F7-76D3494C88D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1842850-FB16-4471-B327-7343FBAED55C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00afa7a2-97d3-4c47-beff-906762fe2db0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23537EB7-6A82-52C5-3CBC-3E4FA7B7A930}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3061B3C3-8B7F-4DBD-82DF-0B6CE9AA60E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4613B1C1-FBC0-43C3-A4B9-B1D6CD360BB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{08BB1B53-9220-44C1-B29B-7795C8E5965D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38D7B10F-7131-4677-ACE1-B8A071D29901}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{726E90BE-DC22-4965-B215-E0784DC26F47}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B69509B5-4A90-4433-A2DE-BE439F6581F2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ED721A76-8160-4DA0-A18E-7FD7C4574774}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FD58258C-84A6-4DEF-9793-019BE7F491A7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00afa7a2-97d3-4c47-beff-906762fe2db0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23537EB7-6A82-52C5-3CBC-3E4FA7B7A930}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00afa7a2-97d3-4c47-beff-906762fe2db0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23537EB7-6A82-52C5-3CBC-3E4FA7B7A930}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{00afa7a2-97d3-4c47-beff-906762fe2db0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23537EB7-6A82-52C5-3CBC-3E4FA7B7A930}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2492}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Fabulous
Key Deleted : HKCU\Software\FindRight
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\PerformerSoft
Key Deleted : HKCU\Software\SaveSense
Key Deleted : HKCU\Software\SaveSenseLive
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\click-n-mark
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\suprasavings
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DealPlyLive
Key Deleted : HKLM\SOFTWARE\DomaIQ
Key Deleted : HKLM\SOFTWARE\FindRight
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\IMGUPDATER
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Linkey
Key Deleted : HKLM\SOFTWARE\MediaBuzzV1
Key Deleted : HKLM\SOFTWARE\MediaViewV1
Key Deleted : HKLM\SOFTWARE\MediaWatchV1
Key Deleted : HKLM\SOFTWARE\PerformerSoft
Key Deleted : HKLM\SOFTWARE\SaveSenseLive
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Supra Savings
Key Deleted : HKLM\SOFTWARE\SystemK
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\TBID
Key Deleted : HKLM\SOFTWARE\Umbrella
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DesktopWeatherAlerts
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Games 111
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IminentToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\inethnfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video Performer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v33.0 (x86 en-US)

-\\ Google Chrome v32.0.1700.76

*************************

AdwCleaner[R0].txt - [32464 octets] - [24/10/2014 18:07:18]
AdwCleaner[S0].txt - [31182 octets] - [24/10/2014 18:09:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31243 octets] ##########

= End Of Log ============================

elcajongunsfan · 2014/10/24

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Professional x86
Ran by User on Fri 10/24/2014 at 18:13:45.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

Failed to stop: [Service] gorillaprice

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util findright
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawlUntemp_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawlUntemp_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\NetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateNetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilNetCrawl_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilNetCrawl_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0CBCAF46-4C82-4DCD-856D-4C3D983AF02D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{26699987-1116-4D66-B57A-532A8EA9DD2E}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\speedtest4354@bestoffers

~~~ Chrome

Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\cdihkdldaicijakhchgojcokhpamkibi
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm
Successfully deleted: [Folder] C:\Users\User\appdata\local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/24/2014 at 18:16:23.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

elcajongunsfan · 2014/10/24

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by User (administrator) on 755-02 on 24-10-2014 18:18:01
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Symantec Corporation) C:\Program Files\Norton Zone\Engine\2.0.97.14\nz.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(PureLeads) C:\Program Files\PureLeads\PureLeadsSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Symantec Corporation) C:\Program Files\Norton Zone\Engine\2.0.97.14\nz.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\gorillaprice\gorillaprice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect "
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)
ShellIconOverlayIdentifiers: [1NZOverlayExcluded] -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files\Norton Zone\Engine\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [1NZOverlayPending] -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files\Norton Zone\Engine\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [1NZOverlaySynced] -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files\Norton Zone\Engine\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13081;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EE37AF826EFCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {61FD993A-5640-40CE-9A43-5A4F01C6EE4D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.12 68.105.29.12

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha6544.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha6544\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha8212.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha8212\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home226.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home226\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaBuzzV1mode1755.net] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1755\ff
FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release256.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release256\ff
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-10-24]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-06-05]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-07-06]
CHR Extension: (Yahoo Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-01-26]
CHR Extension: (Media View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbdbhmogafdppcpkopofaklmcepekan [2014-03-17]
CHR Extension: (Hush private bookmarking) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2014-06-10]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie [2014-07-10]
CHR Extension: (Rich Media View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfplapfifehgmafbfocachabahfabkmb [2014-05-13]
CHR Extension: (Media Watch) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngfemfcpdmfjodfbfkklppjioiidkph [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Media View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjhahmmnaolhiaeiipncpajdmjghbfd [2014-03-11]
CHR Extension: (Media Buzz) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\onidbjmalbdompkeogjnfianpnplliaa [2014-04-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "GorillaPrice" service was unlocked successfully. <===== ATTENTION

R2 GorillaPrice; C:\Program Files\gorillaprice\gorillaprice.exe [420864 2014-04-01] () [File not signed]
R2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-02-21] (Kaspersky Lab ZAO)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NZ; C:\Program Files\Norton Zone\Engine\2.0.97.14\NZ.exe [521504 2014-06-19] (Symantec Corporation)
S2 plsapp; C:\Program Files\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
R2 PlsvcV1; C:\Program Files\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
R1 ccSet_NZ; C:\Windows\system32\drivers\NZ\0200610.00E\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-10] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140611.001\IDSvix86.sys [395992 2014-06-04] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140611.019\NAVENG.SYS [93272 2014-06-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140611.019\NAVEX15.SYS [1612376 2014-06-05] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-06-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-02-17] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-23] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 18:18 - 2014-10-24 18:18 - 00013115 _____ () C:\Users\User\Desktop\FRST.txt
2014-10-24 18:17 - 2014-10-24 18:18 - 00000000 ____D () C:\FRST
2014-10-24 18:16 - 2014-10-24 18:16 - 00002688 _____ () C:\Users\User\Desktop\JRT.txt
2014-10-24 18:13 - 2014-10-24 18:13 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 18:12 - 2014-10-24 18:12 - 00031324 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2014-10-24 18:07 - 2014-10-24 18:09 - 00000000 ____D () C:\AdwCleaner
2014-10-24 18:05 - 2014-10-24 18:05 - 01103360 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-10-24 18:04 - 2014-10-24 18:04 - 01706144 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-10-24 18:03 - 2014-10-24 18:03 - 01962496 _____ () C:\Users\User\Desktop\adwcleaner_4.001.exe
2014-10-24 17:30 - 2014-10-24 17:30 - 00028247 _____ () C:\ComboFix.txt
2014-10-23 19:41 - 2014-10-24 17:30 - 00000000 ____D () C:\Qoobox
2014-10-23 19:41 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-23 19:41 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-23 19:41 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-23 19:40 - 2014-10-24 17:23 - 00000000 ____D () C:\Windows\erdnt
2014-10-23 19:36 - 2014-10-23 19:36 - 05583977 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-10-23 19:24 - 2014-10-23 19:24 - 00000687 _____ () C:\awh4865.tmp
2014-10-23 19:04 - 2014-10-23 19:04 - 00000687 _____ () C:\awh9896.tmp
2014-10-23 19:02 - 2014-10-23 19:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-23 19:01 - 2014-10-23 19:16 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-10-23 18:44 - 2014-10-23 18:44 - 00000687 _____ () C:\awh5456.tmp
2014-10-23 18:31 - 2014-10-23 18:31 - 00018049 _____ () C:\Users\User\Desktop\RKreport_DEL_10232014_183002.log
2014-10-23 17:13 - 2014-10-23 17:13 - 00000687 _____ () C:\awh4D25.tmp
2014-10-23 17:12 - 2014-10-23 18:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-23 17:12 - 2014-10-23 17:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-22 21:47 - 2014-10-22 21:47 - 14349744 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1012.exe
2014-10-22 21:44 - 2014-10-22 21:45 - 16281688 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-10-22 21:12 - 2014-10-22 21:12 - 00000687 _____ () C:\awh9397.tmp
2014-10-22 20:53 - 2014-10-22 20:53 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-22 20:48 - 2014-10-22 20:48 - 00000687 _____ () C:\awhD9EA.tmp
2014-10-22 20:32 - 2014-10-22 20:32 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-10-22 20:31 - 2014-10-22 20:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-22 20:31 - 2014-10-22 20:31 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-22 20:31 - 2014-10-22 20:31 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-22 20:31 - 2014-10-22 20:31 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-22 20:31 - 2014-10-22 20:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-22 20:27 - 2014-10-22 20:27 - 00023007 _____ () C:\Users\User\Desktop\dds1.txt
2014-10-22 20:26 - 2014-10-22 20:27 - 00014841 _____ () C:\Users\User\Desktop\attach.txt
2014-10-22 20:26 - 2014-10-22 20:26 - 00023007 _____ () C:\Users\User\Desktop\dds.txt
2014-10-22 20:24 - 2014-10-22 20:24 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds (1).com
2014-10-22 20:23 - 2014-10-22 20:23 - 00687437 _____ (Swearware) C:\Users\User\Desktop\dds.com
2014-10-22 20:21 - 2014-10-22 20:21 - 00000687 _____ () C:\awhA63D.tmp
2014-10-22 20:01 - 2014-10-22 20:01 - 00001062 _____ () C:\Users\User\Desktop\mal.txt
2014-10-22 18:01 - 2014-10-23 19:02 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 18:01 - 2014-10-22 18:01 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 18:00 - 2014-10-23 19:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 18:00 - 2014-10-22 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 18:00 - 2014-10-22 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 18:00 - 2014-10-22 18:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 18:00 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 18:00 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 17:59 - 2014-10-22 18:01 - 00140160 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.3.1025 (1).exe
2014-10-22 17:56 - 2014-10-22 17:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-22 17:54 - 2014-10-22 17:56 - 04028140 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 17:48 - 2014-10-22 17:48 - 00000687 _____ () C:\awh8C.tmp
2014-10-22 17:32 - 2014-10-22 17:32 - 00000687 _____ () C:\awhD5A6.tmp
2014-10-22 17:03 - 2014-10-22 17:37 - 00000000 ____D () C:\Windows\pss
2014-10-22 17:01 - 2014-10-22 17:01 - 00000687 _____ () C:\awh6D52.tmp
2014-10-19 12:27 - 2014-10-19 12:27 - 00000687 _____ () C:\awhC428.tmp
2014-10-19 11:32 - 2014-10-09 18:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 11:32 - 2014-10-09 18:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 11:32 - 2014-10-09 18:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 11:32 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 11:32 - 2014-09-28 17:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 11:32 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 11:32 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 11:32 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 11:32 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 11:32 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 11:32 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 11:32 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 11:32 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 11:32 - 2014-09-18 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 11:32 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 11:32 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 11:32 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 11:32 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 11:32 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 11:32 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 11:32 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 11:32 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 11:32 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 11:32 - 2014-09-18 17:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 11:32 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 11:32 - 2014-09-18 17:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 11:32 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 11:32 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 11:32 - 2014-09-18 17:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 11:32 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 11:32 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 11:32 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 11:32 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 11:32 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 11:31 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-19 11:31 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 11:31 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 11:31 - 2014-07-16 18:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 11:31 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 11:31 - 2014-07-16 18:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 11:31 - 2014-07-16 18:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-19 11:31 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-19 11:31 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 11:31 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 11:31 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 11:30 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 11:29 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-19 11:15 - 2014-10-19 11:15 - 00000687 _____ () C:\awhD039.tmp
2014-10-15 17:42 - 2014-10-15 17:42 - 00000687 _____ () C:\awh13BE.tmp
2014-10-15 17:29 - 2014-10-15 17:29 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-15 17:29 - 2014-10-15 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-15 17:28 - 2014-10-15 17:29 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-15 17:28 - 2014-10-15 17:29 - 00000000 ____D () C:\Program Files\iTunes
2014-10-15 17:28 - 2014-10-15 17:28 - 00000000 ____D () C:\Program Files\iPod
2014-10-15 17:08 - 2014-10-15 17:08 - 00000687 _____ () C:\awhAC16.tmp
2014-10-15 17:04 - 2014-10-15 17:04 - 00000000 ____D () C:\Program Files\FLV Toolbar
2014-10-08 01:39 - 2014-10-08 01:39 - 00108544 _____ () C:\Windows\system32\hfnapi.dll
2014-09-27 03:41 - 2014-09-27 03:41 - 00000687 _____ () C:\awh8C76.tmp
2014-09-26 03:41 - 2014-09-26 03:41 - 00000687 _____ () C:\awhB25D.tmp
2014-09-25 03:31 - 2014-09-25 03:31 - 00000687 _____ () C:\awhA505.tmp
2014-09-24 22:29 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 22:23 - 2014-09-24 22:23 - 00000687 _____ () C:\awh9D19.tmp
2014-09-24 21:47 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-24 20:30 - 2014-09-24 20:30 - 00000000 ____D () C:\Windows\CheckSur
2014-09-24 20:21 - 2014-09-24 20:21 - 00000687 _____ () C:\awhC01.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 18:18 - 2013-08-26 09:23 - 01818899 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 18:11 - 2014-06-10 13:04 - 00014994 _____ () C:\Windows\PFRO.log
2014-10-24 18:11 - 2014-06-05 07:39 - 00004156 _____ () C:\Windows\setupact.log
2014-10-24 18:11 - 2014-06-04 21:13 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-24 18:11 - 2013-12-08 23:08 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 18:11 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 18:09 - 2014-07-06 17:54 - 00001238 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-24 18:09 - 2014-07-06 17:54 - 00001208 _____ () C:\Users\User\Desktop\Search.lnk
2014-10-24 18:03 - 2013-08-14 10:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 17:33 - 2009-07-13 21:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 17:33 - 2009-07-13 21:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 17:26 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-24 17:24 - 2009-07-13 19:03 - 39845888 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 14417920 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-24 17:23 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-24 17:20 - 2013-12-08 23:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 17:01 - 2009-07-13 21:33 - 00287200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 17:01 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\tracing
2014-10-24 16:59 - 2014-05-06 13:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-24 16:58 - 2011-04-11 19:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-23 20:07 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Default
2014-10-23 20:07 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-10-23 19:40 - 2014-01-28 19:34 - 00000000 ____D () C:\ProgramData\7c4c4ba5742aa27c
2014-10-23 17:29 - 2014-02-24 17:25 - 00000136 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2014-10-23 17:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-22 20:32 - 2014-03-23 10:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-10-22 17:34 - 2014-05-01 11:07 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-10-22 17:21 - 2013-08-13 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-22 17:10 - 2013-08-13 16:35 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 17:40 - 2014-06-04 21:08 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-10-15 17:39 - 2014-06-04 21:11 - 00002423 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-10-15 17:39 - 2014-06-04 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-15 17:28 - 2013-12-31 10:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-15 17:09 - 2013-12-31 10:41 - 00000000 ____D () C:\ProgramData\Apple
2014-10-02 15:53 - 2013-08-13 15:52 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-27 00:04 - 2013-12-18 21:49 - 00000438 ____H () C:\Windows\Tasks\Norton Security Scan for User.job
2014-09-24 21:03 - 2014-07-10 03:03 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-24 21:03 - 2013-08-14 10:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 21:03 - 2013-08-14 10:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-10 13:58

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by User at 2014-10-24 18:19:08
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
allday savings (HKLM\...\C464B0D7-294A-4204-89DA-9FB9B010FDB9) (Version: 2.0.1 - allday savings) <==== ATTENTION
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
FLV Toolbar v9.9 (HKLM\...\{86869ABB-D06B-4FD3-85B8-337B9ECC6E89}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION
FLV.com FLV Downloader 9.1 (HKLM\...\{1a413f37-ed88-4fec-9666-76FAF2D9B362}) (Version: 9.1 - GreenTree Applications SRL)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.76 - Google Inc.)
gorillaprice (HKLM\...\gorillaprice) (Version: - )
HighliteApp (HKLM\...\HighliteApp) (Version: 1.0.0.1 - HighliteApp Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
ISTCleaner (HKLM\...\ISTCleaner) (Version: 1.0.0.1 - ISTCleaner)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kaspersky Security Scan (HKLM\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.808 - Kaspersky Lab)
Kaspersky Security Scan (Version: 12.0.1.808 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
Norton Zone (HKLM\...\NZ) (Version: 2.0.97.14 - Symantec Corporation)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
OpenSoftwareUpdater (HKLM\...\OpenSoftwareUpdater) (Version: - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PureLeads (HKLM\...\PureLeads) (Version: 2.0.17 - PureLeads)
SavetheChildren Reminder by We-Care.com v4.1.26.4 (HKLM\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.4 - We-Care.com)
StormAlerts (HKCU\...\StormAlerts) (Version: 1.0.14.0 - Weather Warnings LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

19-10-2014 19:23:44 New Restore
23-10-2014 00:02:23 Windows Update
23-10-2014 00:04:57 Windows Backup
23-10-2014 03:52:49 Removed FastClean PRO
23-10-2014 05:00:28 Windows Defender Checkpoint
23-10-2014 05:07:06 Windows Update
24-10-2014 01:59:43 mbar
24-10-2014 02:16:09 Malwarebytes Anti-Rootkit Restore Point
24-10-2014 03:51:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2014-10-24 17:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14F2852C-775F-418F-BECE-8EA62FD41B9A} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {1A74E034-D41E-43EE-BD25-0ED059E26801} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3EBC9E94-44DC-4A34-93C1-869B86089ADC} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files\Norton Zone\Engine\2.0.97.14\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {643EF0DC-4D39-4ACA-9564-DA4EC0BD464C} - \FF Watcher {CF8CF68A-9C05-4096-937C-0660CD03CF3C} No Task File <==== ATTENTION
Task: {704A997E-12A7-4612-A257-A499AEA4538E} - System32\Tasks\Norton Security Scan for User => C:\Program Files\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {7BA4D651-A4BD-4E02-AF17-6F927EFAE7FC} - System32\Tasks\istcleaner Task => C:\Users\User\AppData\Roaming\UpdateServ\ISTCleaner.exe
Task: {85FA6ED3-6D71-4A40-AADF-92D80375CD22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {93EFD75C-65FF-4A5B-84A2-6DDED8F9F04E} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files\Norton Zone\Engine\2.0.97.14\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9CB2532B-017A-4DA4-803B-2D6A4AE7CF46} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C7C71302-4EDA-48C2-921E-490E340147AD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D29015A0-8DCD-4CB2-82E8-69DF5B3213D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {EE7C588C-3592-49E9-9343-1B025B579ADD} - \FF Watcher {7FCA32FF-A77E-4936-800D-1FCF60B7E102} No Task File <==== ATTENTION
Task: {F245EF9E-1614-4A1A-B516-DB36FBAEEAD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F72055F1-0039-4414-B621-843F213CDB70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {F90F141D-A832-4006-8D2B-3B28DA51DE3C} - System32\Tasks\TidyNetwork Update => C:\Users\User\AppData\Local\TidyNetwork\petnupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for User.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-28 09:31 - 2014-05-09 06:23 - 41171784 ____R () C:\Program Files\Norton Zone\Engine\2.0.97.14\libcef.dll
2014-04-01 06:32 - 2014-04-01 06:32 - 00420864 _____ () C:\Program Files\gorillaprice\gorillaprice.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => " "= "service "

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: savesenselive => 2
MSCONFIG\Services: savesenselivem => 3
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: V-bates Updater => 2
MSCONFIG\Services: vulsrsebjh32 => 2
MSCONFIG\Services: xmkysecqun32 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftwareUpdater.lnk => C:\Windows\pss\SoftwareUpdater.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe "
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe "
MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: OpenSoftwareUpdater => C:\Program Files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PureLeads Tray => "C:\Program Files\PureLeads\PureLeadsTray.exe "
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe "

========================= Accounts: ==========================

Administrator (S-1-5-21-2110635249-3450809219-4216027046-500 - Administrator - Disabled)
Guest (S-1-5-21-2110635249-3450809219-4216027046-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2110635249-3450809219-4216027046-1003 - Limited - Enabled)
User (S-1-5-21-2110635249-3450809219-4216027046-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 50%
Total physical RAM: 2004.61 MB
Available physical RAM: 997.55 MB
Total Pagefile: 4009.22 MB
Available Pagefile: 2933.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.41 GB) (Free:44.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2014/10/24

Uninstall:
- allday savings
- FLV Toolbar
If any of the above won't uninstall let me know.

Then...

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Re-run FRST "Scan" one more time and post fresh logs.
Make sure you checkmark Addition.txt box so both logs will be produced.

elcajongunsfan · 2014/10/24

Yeah, the FLV would'nt uninstall. The exact error code was
error 1316 The Specified Account already exists.

In the Control Panel programs uninstaller, there was a FLv downloader that uninstalled OK. But trying FLV resulted in the same error code

Thanks

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2014
Ran by User at 2014-10-24 18:54:34 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Program Files\gorillaprice\gorillaprice.exe
C:\Program Files\gorillaprice
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect "
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13081;
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie [2014-07-10]
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie
R2 GorillaPrice; C:\Program Files\gorillaprice\gorillaprice.exe [420864 2014-04-01] () [File not signed]
S2 plsapp; C:\Program Files\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
R2 PlsvcV1; C:\Program Files\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
C:\Program Files\PureLeads
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
EmptyTemp:
C:\*.tmp
C:\Users\User\AppData\Local\temp\Quarantine.exe
C:\Users\User\AppData\Local\temp\sqlite3.dll
Task: {643EF0DC-4D39-4ACA-9564-DA4EC0BD464C} - \FF Watcher {CF8CF68A-9C05-4096-937C-0660CD03CF3C} No Task File <==== ATTENTION
Task: {EE7C588C-3592-49E9-9343-1B025B579ADD} - \FF Watcher {7FCA32FF-A77E-4936-800D-1FCF60B7E102} No Task File <==== ATTENTION

*****************

[3616] C:\Program Files\gorillaprice\gorillaprice.exe => Process closed successfully.
C:\Program Files\gorillaprice => Moved successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie => Moved successfully.
"C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jciibccebcogmkmcbehleciidbhbbgie" => File/Directory not found.
GorillaPrice => Unable to stop service
GorillaPrice => Service deleted successfully.
plsapp => Service deleted successfully.
PlsvcV1 => Service stopped successfully.
PlsvcV1 => Service deleted successfully.
C:\Program Files\PureLeads => Moved successfully.
catchme => Service deleted successfully.
netfilter2 => Service deleted successfully.
C:\*.tmp => Moved successfully.
C:\Users\User\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\User\AppData\Local\temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{643EF0DC-4D39-4ACA-9564-DA4EC0BD464C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{643EF0DC-4D39-4ACA-9564-DA4EC0BD464C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {CF8CF68A-9C05-4096-937C-0660CD03CF3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE7C588C-3592-49E9-9343-1B025B579ADD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE7C588C-3592-49E9-9343-1B025B579ADD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FF Watcher {7FCA32FF-A77E-4936-800D-1FCF60B7E102}" => Key deleted successfully.
EmptyTemp: => Removed 102.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by User (administrator) on 755-02 on 24-10-2014 19:05:43
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Symantec Corporation) C:\Program Files\Norton Zone\Engine\2.0.97.14\nz.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Symantec Corporation) C:\Program Files\Norton Zone\Engine\2.0.97.14\nz.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-18\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)
ShellIconOverlayIdentifiers: [1NZOverlayExcluded] -> {32427327-aea5-4bef-811a-b1bd00daf4b4} => C:\Program Files\Norton Zone\Engine\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [1NZOverlayPending] -> {2cfec48b-08ec-4361-8575-7c0da17ab7a5} => C:\Program Files\Norton Zone\Engine\2.0.97.14\NZOvrlay.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [1NZOverlaySynced] -> {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} => C:\Program Files\Norton Zone\Engine\2.0.97.14\NZOvrlay.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EE37AF826EFCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - {61FD993A-5640-40CE-9A43-5A4F01C6EE4D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=231195&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {F9CD2233-6744-47C1-A6AE-00C30A35F73D} https://myaccount.cox.net/internettools/scripts/Inspector.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.12 68.105.29.12

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ko8uap3p.default
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha6544.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha6544\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha8212.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha8212\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home226.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home226\ff
FF HKLM\...\Firefox\Extensions: [ext@MediaBuzzV1mode1755.net] - C:\Program Files\MediaBuzzV1\MediaBuzzV1mode1755\ff
FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release256.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release256\ff
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn [2014-10-24]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF [2014-06-05]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-07-06]
CHR Extension: (Yahoo Extension) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eihhgekonheiliaidomffpplfhecmkag [2014-01-26]
CHR Extension: (Media View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbdbhmogafdppcpkopofaklmcepekan [2014-03-17]
CHR Extension: (Hush private bookmarking) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjmoaenjknbdehbiaeeijcppnljflkff [2014-06-10]
CHR Extension: (Rich Media View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfplapfifehgmafbfocachabahfabkmb [2014-05-13]
CHR Extension: (Media Watch) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngfemfcpdmfjodfbfkklppjioiidkph [2014-03-22]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Media View) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjhahmmnaolhiaeiipncpajdmjghbfd [2014-03-11]
CHR Extension: (Media Buzz) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\onidbjmalbdompkeogjnfianpnplliaa [2014-04-25]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-02-21] (Kaspersky Lab ZAO)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NZ; C:\Program Files\Norton Zone\Engine\2.0.97.14\NZ.exe [521504 2014-06-19] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2014-02-20] (Symantec Corporation)
R1 ccSet_NZ; C:\Windows\system32\drivers\NZ\0200610.00E\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-10] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140611.001\IDSvix86.sys [395992 2014-06-04] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140611.019\NAVENG.SYS [93272 2014-06-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140611.019\NAVEX15.SYS [1612376 2014-06-05] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-06-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1506000.020\SYMNETS.SYS [447704 2014-02-17] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-23] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 19:03 - 2014-10-24 19:03 - 00030121 _____ () C:\Users\User\Desktop\FRST1.txt
2014-10-24 18:19 - 2014-10-24 18:19 - 00014201 _____ () C:\Users\User\Desktop\Addition.txt
2014-10-24 18:18 - 2014-10-24 19:05 - 00012266 _____ () C:\Users\User\Desktop\FRST.txt
2014-10-24 18:17 - 2014-10-24 19:05 - 00000000 ____D () C:\FRST
2014-10-24 18:16 - 2014-10-24 18:16 - 00002688 _____ () C:\Users\User\Desktop\JRT.txt
2014-10-24 18:13 - 2014-10-24 18:13 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 18:12 - 2014-10-24 18:12 - 00031324 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt
2014-10-24 18:07 - 2014-10-24 18:09 - 00000000 ____D () C:\AdwCleaner
2014-10-24 18:05 - 2014-10-24 18:05 - 01103360 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-10-24 18:04 - 2014-10-24 18:04 - 01706144 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2014-10-24 18:03 - 2014-10-24 18:03 - 01962496 _____ () C:\Users\User\Desktop\adwcleaner_4.001.exe
2014-10-24 17:30 - 2014-10-24 17:30 - 00028247 _____ () C:\ComboFix.txt
2014-10-23 19:41 - 2014-10-24 17:30 - 00000000 ____D () C:\Qoobox
2014-10-23 19:41 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-23 19:41 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-23 19:41 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-23 19:41 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-23 19:40 - 2014-10-24 17:23 - 00000000 ____D () C:\Windows\erdnt
2014-10-23 19:36 - 2014-10-23 19:36 - 05583977 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2014-10-23 19:02 - 2014-10-23 19:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-23 19:01 - 2014-10-23 19:16 - 00000000 ____D () C:\Users\User\Desktop\mbar
2014-10-23 18:31 - 2014-10-23 18:31 - 00018049 _____ () C:\Users\User\Desktop\RKreport_DEL_10232014_183002.log
2014-10-23 17:12 - 2014-10-23 18:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-23 17:12 - 2014-10-23 17:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-22 21:47 - 2014-10-22 21:47 - 14349744 _____ (Malwarebytes Corp.) C:\Users\User\Desktop\mbar-1.07.0.1012.exe
2014-10-22 21:44 - 2014-10-22 21:45 - 16281688 _____ () C:\Users\User\Desktop\RogueKiller.exe
2014-10-22 20:53 - 2014-10-24 18:50 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-22 20:32 - 2014-10-22 20:32 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-10-22 20:31 - 2014-10-22 20:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-22 20:31 - 2014-10-22 20:31 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-22 20:31 - 2014-10-22 20:31 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-22 20:31 - 2014-10-22 20:31 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-22 20:31 - 2014-10-22 20:31 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-22 20:27 - 2014-10-22 20:27 - 00023007 _____ () C:\Users\User\Desktop\dds1.txt
2014-10-22 20:26 - 2014-10-22 20:27 - 00014841 _____ () C:\Users\User\Desktop\attach.txt
2014-10-22 20:26 - 2014-10-22 20:26 - 00023007 _____ () C:\Users\User\Desktop\dds.txt
2014-10-22 20:24 - 2014-10-22 20:24 - 00688992 ____R (Swearware) C:\Users\User\Desktop\dds (1).com
2014-10-22 20:23 - 2014-10-22 20:23 - 00687437 _____ (Swearware) C:\Users\User\Desktop\dds.com
2014-10-22 20:01 - 2014-10-22 20:01 - 00001062 _____ () C:\Users\User\Desktop\mal.txt
2014-10-22 18:01 - 2014-10-23 19:02 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 18:01 - 2014-10-22 18:01 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 18:00 - 2014-10-23 19:01 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 18:00 - 2014-10-22 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 18:00 - 2014-10-22 18:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 18:00 - 2014-10-22 18:00 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-22 18:00 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 18:00 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 17:59 - 2014-10-22 18:01 - 00140160 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.3.1025 (1).exe
2014-10-22 17:56 - 2014-10-22 17:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-22 17:54 - 2014-10-22 17:56 - 04028140 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 17:03 - 2014-10-22 17:37 - 00000000 ____D () C:\Windows\pss
2014-10-19 11:32 - 2014-10-09 18:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-19 11:32 - 2014-10-09 18:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-19 11:32 - 2014-10-09 18:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-19 11:32 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-19 11:32 - 2014-09-28 17:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 11:32 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-19 11:32 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-19 11:32 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-19 11:32 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-19 11:32 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-19 11:32 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-19 11:32 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-19 11:32 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-19 11:32 - 2014-09-18 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-19 11:32 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-19 11:32 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-19 11:32 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-19 11:32 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-19 11:32 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-19 11:32 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-19 11:32 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-19 11:32 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-19 11:32 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-19 11:32 - 2014-09-18 17:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-19 11:32 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-19 11:32 - 2014-09-18 17:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-19 11:32 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-19 11:32 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-19 11:32 - 2014-09-18 17:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-19 11:32 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-19 11:32 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-19 11:32 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-19 11:32 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-19 11:32 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-19 11:31 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-19 11:31 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-19 11:31 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-19 11:31 - 2014-07-16 18:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-19 11:31 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-19 11:31 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-19 11:31 - 2014-07-16 18:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-19 11:31 - 2014-07-16 18:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-19 11:31 - 2014-07-08 18:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-19 11:31 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-19 11:31 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 11:31 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 11:31 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 11:30 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-19 11:29 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 17:29 - 2014-10-15 17:29 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-15 17:29 - 2014-10-15 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-15 17:28 - 2014-10-15 17:29 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-15 17:28 - 2014-10-15 17:29 - 00000000 ____D () C:\Program Files\iTunes
2014-10-15 17:28 - 2014-10-15 17:28 - 00000000 ____D () C:\Program Files\iPod
2014-10-15 17:04 - 2014-10-24 18:51 - 00000000 ____D () C:\Program Files\FLV Toolbar
2014-10-08 01:39 - 2014-10-08 01:39 - 00108544 _____ () C:\Windows\system32\hfnapi.dll
2014-09-24 22:29 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 21:47 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-24 20:30 - 2014-09-24 20:30 - 00000000 ____D () C:\Windows\CheckSur

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 19:05 - 2013-12-08 23:08 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 19:04 - 2009-07-13 21:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:04 - 2009-07-13 21:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:03 - 2013-12-08 23:08 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 19:03 - 2013-08-14 10:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 19:01 - 2013-08-26 09:23 - 01866472 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 18:57 - 2014-02-20 16:41 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-24 18:56 - 2014-06-10 13:04 - 00015336 _____ () C:\Windows\PFRO.log
2014-10-24 18:56 - 2014-06-05 07:39 - 00004212 _____ () C:\Windows\setupact.log
2014-10-24 18:56 - 2014-06-04 21:13 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-24 18:56 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 18:54 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-24 18:09 - 2014-07-06 17:54 - 00001238 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-24 18:09 - 2014-07-06 17:54 - 00001208 _____ () C:\Users\User\Desktop\Search.lnk
2014-10-24 17:26 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-24 17:24 - 2009-07-13 19:03 - 39845888 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 14417920 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-10-24 17:24 - 2009-07-13 19:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-24 17:23 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-24 17:01 - 2009-07-13 21:33 - 00287200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-24 17:01 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\tracing
2014-10-24 16:59 - 2014-05-06 13:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-24 16:58 - 2011-04-11 19:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-23 20:07 - 2009-07-13 19:37 - 00000000 __RHD () C:\Users\Default
2014-10-23 20:07 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-10-23 19:40 - 2014-01-28 19:34 - 00000000 ____D () C:\ProgramData\7c4c4ba5742aa27c
2014-10-23 17:29 - 2014-02-24 17:25 - 00000136 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2014-10-23 17:09 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-22 20:32 - 2014-03-23 10:28 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-10-22 17:34 - 2014-05-01 11:07 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-10-22 17:21 - 2013-08-13 16:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-22 17:10 - 2013-08-13 16:35 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 17:40 - 2014-06-04 21:08 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-10-15 17:39 - 2014-06-04 21:11 - 00002423 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-10-15 17:39 - 2014-06-04 21:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-15 17:28 - 2013-12-31 10:41 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-15 17:09 - 2013-12-31 10:41 - 00000000 ____D () C:\ProgramData\Apple
2014-10-02 15:53 - 2013-08-13 15:52 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-27 00:04 - 2013-12-18 21:49 - 00000438 ____H () C:\Windows\Tasks\Norton Security Scan for User.job
2014-09-24 21:03 - 2014-07-10 03:03 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-24 21:03 - 2013-08-14 10:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 21:03 - 2013-08-14 10:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-10 13:58

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by User at 2014-10-24 19:06:12
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
FLV Toolbar v9.9 (HKLM\...\{86869ABB-D06B-4FD3-85B8-337B9ECC6E89}) (Version: 9.9 - Spigot, Inc.) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
gorillaprice (HKLM\...\gorillaprice) (Version: - )
HighliteApp (HKLM\...\HighliteApp) (Version: 1.0.0.1 - HighliteApp Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
ISTCleaner (HKLM\...\ISTCleaner) (Version: 1.0.0.1 - ISTCleaner)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kaspersky Security Scan (HKLM\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.808 - Kaspersky Lab)
Kaspersky Security Scan (Version: 12.0.1.808 - Kaspersky Lab) Hidden
K-Lite Codec Pack 9.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 33.0 (x86 en-US) (HKLM\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
Norton Internet Security (HKLM\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
Norton Zone (HKLM\...\NZ) (Version: 2.0.97.14 - Symantec Corporation)
OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
OpenSoftwareUpdater (HKLM\...\OpenSoftwareUpdater) (Version: - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PureLeads (HKLM\...\PureLeads) (Version: 2.0.17 - PureLeads)
SavetheChildren Reminder by We-Care.com v4.1.26.4 (HKLM\...\{26B4D0E1-6F6D-48DF-8719-80276A259F7E}) (Version: 4.1.26.4 - We-Care.com)
StormAlerts (HKCU\...\StormAlerts) (Version: 1.0.14.0 - Weather Warnings LLC)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

23-10-2014 03:52:49 Removed FastClean PRO
23-10-2014 05:00:28 Windows Defender Checkpoint
23-10-2014 05:07:06 Windows Update
24-10-2014 01:59:43 mbar
24-10-2014 02:16:09 Malwarebytes Anti-Rootkit Restore Point
24-10-2014 03:51:41 Windows Update
25-10-2014 01:49:43 Removed FLV Toolbar v9.9.
25-10-2014 01:51:08 Removed FLV Toolbar v9.9.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2014-10-24 17:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14F2852C-775F-418F-BECE-8EA62FD41B9A} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {1A74E034-D41E-43EE-BD25-0ED059E26801} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3EBC9E94-44DC-4A34-93C1-869B86089ADC} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files\Norton Zone\Engine\2.0.97.14\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {704A997E-12A7-4612-A257-A499AEA4538E} - System32\Tasks\Norton Security Scan for User => C:\Program Files\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {7BA4D651-A4BD-4E02-AF17-6F927EFAE7FC} - System32\Tasks\istcleaner Task => C:\Users\User\AppData\Roaming\UpdateServ\ISTCleaner.exe
Task: {85FA6ED3-6D71-4A40-AADF-92D80375CD22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {93EFD75C-65FF-4A5B-84A2-6DDED8F9F04E} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files\Norton Zone\Engine\2.0.97.14\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9CB2532B-017A-4DA4-803B-2D6A4AE7CF46} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C7C71302-4EDA-48C2-921E-490E340147AD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D29015A0-8DCD-4CB2-82E8-69DF5B3213D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F245EF9E-1614-4A1A-B516-DB36FBAEEAD9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F72055F1-0039-4414-B621-843F213CDB70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {F90F141D-A832-4006-8D2B-3B28DA51DE3C} - System32\Tasks\TidyNetwork Update => C:\Users\User\AppData\Local\TidyNetwork\petnupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for User.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-28 09:31 - 2014-05-09 06:23 - 41171784 ____R () C:\Program Files\Norton Zone\Engine\2.0.97.14\libcef.dll
2014-10-22 20:31 - 2014-10-11 05:53 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => " "= "service "

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: savesenselive => 2
MSCONFIG\Services: savesenselivem => 3
MSCONFIG\Services: SProtection => 2
MSCONFIG\Services: V-bates Updater => 2
MSCONFIG\Services: vulsrsebjh32 => 2
MSCONFIG\Services: xmkysecqun32 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftwareUpdater.lnk => C:\Windows\pss\SoftwareUpdater.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe "
MSCONFIG\startupreg: GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe "
MSCONFIG\startupreg: KSS => "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
MSCONFIG\startupreg: OpenSoftwareUpdater => C:\Program Files\OpenSoftwareUpdater\OpenSoftwareUpdater.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PureLeads Tray => "C:\Program Files\PureLeads\PureLeadsTray.exe "
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe "

========================= Accounts: ==========================

Administrator (S-1-5-21-2110635249-3450809219-4216027046-500 - Administrator - Disabled)
Guest (S-1-5-21-2110635249-3450809219-4216027046-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2110635249-3450809219-4216027046-1003 - Limited - Enabled)
User (S-1-5-21-2110635249-3450809219-4216027046-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2014 06:58:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2014 06:51:26 PM) (Source: MsiInstaller) (EventID: 11316) (User: 755-02)
Description: Product: FLV Toolbar v9.9 -- Error 1316.The specified account already exists.

Error: (10/24/2014 06:50:51 PM) (Source: MsiInstaller) (EventID: 11316) (User: 755-02)
Description: Product: FLV Toolbar v9.9 -- Error 1316.The specified account already exists.

Error: (10/24/2014 06:47:08 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpReceiveResponse failed, win32 error: 12152

Error: (10/24/2014 06:47:06 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpReceiveResponse failed, win32 error: 12152

Error: (10/24/2014 06:47:04 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpReceiveResponse failed, win32 error: 12152

System errors:
=============
Error: (10/24/2014 06:54:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The GorillaPrice service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (10/24/2014 06:58:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/24/2014 06:51:26 PM) (Source: MsiInstaller) (EventID: 11316) (User: 755-02)
Description: Product: FLV Toolbar v9.9 -- Error 1316.The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/24/2014 06:50:51 PM) (Source: MsiInstaller) (EventID: 11316) (User: 755-02)
Description: Product: FLV Toolbar v9.9 -- Error 1316.The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (10/24/2014 06:47:08 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpReceiveResponse failed, win32 error: 12152

Error: (10/24/2014 06:47:06 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpReceiveResponse failed, win32 error: 12152

Error: (10/24/2014 06:47:04 PM) (Source: Norton Zone) (EventID: 48) (User: NT AUTHORITY)
Description: WinHttpReceiveResponse failed, win32 error: 12152

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 41%
Total physical RAM: 2004.61 MB
Available physical RAM: 1163.63 MB
Total Pagefile: 4009.22 MB
Available Pagefile: 2937.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.41 GB) (Free:46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

broni · 2014/10/24

I missed one item.
See if ISTCleaner will uninstall.

elcajongunsfan · 2014/10/24

It did.. In one second flat. I loved the message "successed to uninstall "

broni · 2014/10/24

OK. Give me a second to write another fix...

broni · 2014/10/24

Two more - HighliteApp and OpenSoftwareUpdater
Sorry about it but this machine is just boiling with all kind of crapware.
Let me know

Log in or Sign up

Solved Malware infested and crudware

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Malware infested and crudware

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

elcajongunsfan Well-Known Member Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

Share This Page

Useful Searches