Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Post Here for Malware Removal ... / Re: {In Progress - K] Pop ups
« Last post by kevinf80 on January 24, 2015, 04:20:57 AM »
Thanks for those logs, still work to do....

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Next,

Pause Kaspersky internet security, instructions at the following link: (also turn off internet connection whilst KIS is off)

http://support.kaspersky.com/us/11463#block0

Next,

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Turn KIS back on, also re-connect to internet....

Adobe Reader is outdated...
Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for any security scanner or toolbar if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

We need to uninstall Google Chrome (it is corrupt) first back up important Bookmarks. Instructions at following link:

http://www.wikihow.com/Export-Bookmarks-from-Chrome (also includes how to import saved bookmarks)

Next,

Uninstall Chrome, instructions here: https://support.google.com/chrome/answer/95319?hl=en-GB

Next,

Re-install Chrome: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html

Install AdBlockPlus https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb

Post log from FRST (fixlog.txt) also let me know if any remaining issues or concerns...

Thank you,

Kevin...
12
Post Here for Malware Removal ... / Re: {In Progress - K] Pop ups
« Last post by kobra on January 23, 2015, 07:43:02 PM »
Checkup:
 Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 VirusTotal Uploader 2.2   
  Java 64-bit 8 Update 31[/color] 
 Adobe Flash Player 16.0.0.257 
 Adobe Reader 10.1.13 Adobe Reader out of Date! 
 Mozilla Firefox (35.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Symantec Norton Online Backup NOBuAgent.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe 
 Kaspersky Lab Kaspersky Internet Security 14.0.0 x64 wmi64.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]
13
Post Here for Malware Removal ... / Re: {In Progress - K] Pop ups
« Last post by kobra on January 23, 2015, 07:35:33 PM »
Things are looking a lot better! Thanks!

Here are the logs (checkup log in next post):

FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Admin (administrator) on LAWRENCE2 on 23-01-2015 18:12:07
Running from C:\Users\Admin\Desktop
Loaded Profiles: Bonnie & Admin (Available profiles: Bonnie & Admin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Spotify Ltd) C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
() C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Dropbox, Inc.) C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\runonceex: [Flags] => 
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Run: [Spotify Web Helper] => C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-11] (Spotify Ltd)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\The Print Shop 23.1\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE10ENUS/WOL_WCP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1008 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: caoupoNpEaK -> {01050D05-D546-B8DC-954D-8334A8A7BF5A} -> C:\ProgramData\caoupoNpEaK\_1Y.x64.dll No File
BHO: AudioCeonvaeert -> {2F344960-763E-9E6C-E973-25241A34D54E} -> C:\ProgramData\AudioCeonvaeert\mRE8_SdP.x64.dll No File
BHO: DiscounntLoCaatOr -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} -> C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.x64.dll No File
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: SaoftiCoup -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} -> C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll No File
BHO: PrinCECCoupon -> {B4552D3D-6B41-9AF1-3067-72A066972344} -> C:\ProgramData\PrinCECCoupon\jsih.x64.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {E4D88471-7ED7-43E1-B290-205559E8EBB2} https://my.madisonhospital.org/mig/mae/login/Browser%20Logoff.dll
DPF: HKLM-x32 {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} https://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.254
Tcpip\..\Interfaces\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{39C34F84-4F8F-431C-AA97-5BDA129281FC}: [NameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2977827394-2594518940-965070511-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng co - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-11-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-11-24]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Chrome\Extension: [mgekkbflbjgdcmbphhpaikbmjbifkaib] - C:\Users\Bonnie\AppData\Local\CRE\mgekkbflbjgdcmbphhpaikbmjbifkaib.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
CHR StartMenuInternet: Google Chrome - C:\Users\Bonnie\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-11-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-11-25] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-11-25] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-11-25] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-11-25] (Kaspersky Lab ZAO)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-20] ()
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120727.033\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 18:12 - 2015-01-23 18:12 - 00021600 _____ () C:\Users\Admin\Desktop\FRST.txt
2015-01-22 20:55 - 2015-01-22 20:56 - 00000000 ____D () C:\Users\Admin\Desktop\NPP
2015-01-22 20:48 - 2015-01-22 20:48 - 00379899 _____ () C:\Users\Admin\Desktop\notepad2_4.2.25_x64.zip
2015-01-22 20:20 - 2015-01-22 20:20 - 00000297 _____ () C:\files.log
2015-01-22 20:20 - 2015-01-22 19:58 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-22 20:12 - 2015-01-22 20:20 - 00000079 _____ () C:\folders.log
2015-01-22 20:12 - 2015-01-22 20:20 - 00000000 ____D () C:\zoek
2015-01-22 19:59 - 2015-01-22 20:20 - 00051361 _____ () C:\zoek-results.log
2015-01-22 19:58 - 2015-01-22 20:17 - 00000000 ____D () C:\zoek_backup
2015-01-22 19:09 - 2015-01-22 19:09 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 23:59 - 2015-01-23 18:10 - 00000000 ____D () C:\Users\Admin\Desktop\SpywareHammerArchivedTools
2015-01-21 23:27 - 2015-01-21 23:31 - 00000000 ____D () C:\AdwCleaner
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Mozilla
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\Mozilla
2015-01-21 22:29 - 2015-01-21 22:29 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI
2015-01-21 22:28 - 2015-01-21 22:28 - 00438944 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-21 22:28 - 2015-01-21 22:28 - 00001420 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-21 22:28 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\OEM
2015-01-21 22:28 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ControlCenter4
2015-01-21 22:28 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-21 22:14 - 2015-01-21 22:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-01-21 22:14 - 2015-01-21 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2015-01-21 22:14 - 2015-01-21 22:14 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-20 23:32 - 2015-01-20 23:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2015-01-20 23:30 - 2015-01-20 23:30 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-20 23:30 - 2015-01-20 23:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-20 23:21 - 2015-01-23 18:12 - 00000000 ____D () C:\FRST
2015-01-20 22:29 - 2015-01-20 22:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-20 21:50 - 2015-01-20 21:50 - 02126848 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-01-19 11:14 - 2015-01-19 11:14 - 00000000 ____D () C:\Windows\ERDNT
2015-01-19 11:13 - 2015-01-19 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-19 11:13 - 2015-01-19 11:13 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-16 21:21 - 2015-01-21 22:28 - 00000000 ____D () C:\Users\Admin
2015-01-16 21:21 - 2015-01-16 21:21 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2015-01-16 21:21 - 2012-06-01 02:04 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2015-01-16 21:21 - 2012-05-29 04:19 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2015-01-16 21:21 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-16 21:21 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-14 23:48 - 2015-01-14 23:49 - 517151106 _____ () C:\Users\Bonnie\Documents\registryBackup_1-14-15.reg
2015-01-14 22:38 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 22:38 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 22:38 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 22:38 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 22:38 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 22:38 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 22:38 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 22:38 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 22:38 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 22:38 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 22:38 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 22:38 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 22:38 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 22:38 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-14 22:38 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-14 22:37 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-14 22:37 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-13 07:53 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-13 07:53 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-13 07:53 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-13 07:53 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-13 07:53 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-13 07:53 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-13 07:52 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-13 07:52 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-13 07:52 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-13 07:52 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-13 07:52 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-13 07:52 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-13 07:52 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-13 07:52 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-13 07:52 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-13 07:51 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-13 07:51 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-13 07:51 - 2012-08-23 07:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-13 07:51 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-13 07:51 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-13 07:49 - 2015-01-14 23:24 - 00000139 _____ () C:\Users\Bonnie\Desktop\SECURITY QUESTIONs.txt
2015-01-12 21:15 - 2015-01-12 21:15 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2015-01-07 09:57 - 2015-01-07 09:57 - 00000000 ____D () C:\ProgramData\pnikjcemimhgahpjiapnjbejoigfkjcj
2015-01-06 19:51 - 2015-01-06 19:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\67F23A27.sys
2015-01-06 19:50 - 2015-01-06 19:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\12D43959.sys
2015-01-04 10:45 - 2015-01-04 10:45 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-04 10:37 - 2015-01-04 10:38 - 00316504 _____ () C:\Windows\Minidump\010415-35771-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-23 18:10 - 2011-10-06 17:55 - 01064442 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 18:09 - 2014-01-01 14:45 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2015-01-23 18:09 - 2012-12-02 20:12 - 00000000 ___RD () C:\Users\Bonnie\Dropbox
2015-01-23 18:09 - 2012-12-02 20:09 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Dropbox
2015-01-23 18:05 - 2014-11-24 15:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-23 18:04 - 2009-07-13 21:51 - 00073038 _____ () C:\Windows\setupact.log
2015-01-22 20:29 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:29 - 2009-07-13 21:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 20:21 - 2010-11-20 20:47 - 01384912 _____ () C:\Windows\PFRO.log
2015-01-22 20:13 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-01-22 19:00 - 2014-10-09 19:57 - 00251904 ___SH () C:\Users\Bonnie\Desktop\Thumbs.db
2015-01-21 23:23 - 2014-07-01 10:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 22:41 - 2012-05-29 04:19 - 00000000 ____D () C:\Users\Bonnie
2015-01-21 21:54 - 2013-01-02 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 21:38 - 2009-07-13 22:13 - 00795858 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 21:21 - 2012-06-03 08:21 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Google
2015-01-16 20:59 - 2014-06-11 15:26 - 00000000 ____D () C:\Users\Bonnie\AppData\Roaming\Spotify
2015-01-15 00:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 00:02 - 2012-06-13 10:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 23:56 - 2012-06-13 10:34 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 23:56 - 2012-06-13 10:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 23:56 - 2011-07-20 22:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 23:02 - 2012-05-29 06:07 - 00787980 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:55 - 2013-07-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 22:34 - 2014-06-11 15:31 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\Spotify
2015-01-13 08:00 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-13 07:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-13 07:41 - 2014-01-01 15:06 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-13 07:39 - 2014-01-26 20:42 - 00000000 ____D () C:\Users\Bonnie\Desktop\Mom RS
2015-01-13 07:39 - 2012-11-26 10:35 - 00000000 ____D () C:\Users\Bonnie\Desktop\Christmas 12
2015-01-13 07:39 - 2012-11-18 12:57 - 00000000 ____D () C:\Users\Bonnie\Desktop\For Jen
2015-01-13 07:39 - 2012-09-09 10:42 - 00000000 ____D () C:\Users\Bonnie\Desktop\August 2012 Ensign
2015-01-10 22:53 - 2012-06-22 16:18 - 00000000 ____D () C:\Users\Bonnie\AppData\Local\CrashDumps
2015-01-08 09:55 - 2010-11-20 20:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-06 19:51 - 2014-07-01 10:06 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 19:51 - 2014-07-01 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 19:51 - 2014-07-01 10:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-04 10:37 - 2014-03-18 14:50 - 497851607 _____ () C:\Windows\MEMORY.DMP
2015-01-04 10:37 - 2014-03-18 14:50 - 00000000 ____D () C:\Windows\Minidump
2014-12-31 13:12 - 2012-12-15 11:51 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-28 09:58 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======
2013-03-14 06:09 - 2014-04-07 19:32 - 0000775 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some content of TEMP:
====================
C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4zdmj.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-09 14:52

==================== End Of Log ============================

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Admin at 2015-01-23 18:12:43
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 10.12.0.00210 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CADBC192-932B-EC76-510D-4012A33C5E20}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM-x32\...\MyCamera Download Plugin) (Version: 3.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.8.0.1 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.7.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.6.0.5 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.6.0.23 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0210.2206.39615 - ATI) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FamilySearch Indexing 3.13.1 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.13.1 - FamilySearch)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.8.11000.8.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{68AFA3A7-9265-4ABD-994A-ACA413E3715C}) (Version: 10.6.10300 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.6.10500.3.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OLYMPUS Raw Codec (HKLM\...\{0136EF84-8660-4FE0-A9E5-F052F6230085}) (Version: 1.3.0 - OLYMPUS IMAGING CORP.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Personal Ancestral File 5  Lessons (HKLM-x32\...\{62C71C1B-E0FB-11D4-9DB7-00B0D02AE94A}) (Version:  - )
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Reference Point Software Template for APA format, Word 2010 (HKLM-x32\...\Reference Point Software Template for APA format, Word 2010) (Version:  - Reference Point Software, LLC)
Reference Point Template ver: Word 2010, APA 6th Ed. (HKLM-x32\...\Reference Point Template ver: Word 2010, APA 6th Ed.) (Version:  - Reference Point Software, LLC)
RootsMagic 6.3.0.2 (HKLM-x32\...\{94433E0D-764C-4964-AD0B-EC46BCA7E68E}_is1) (Version: RootsMagic 6.3.0.2 - RootsMagic, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2977827394-2594518940-965070511-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
The Print Shop 23.1 (HKLM-x32\...\{0C8C6F56-41FA-44F6-8107-DCFAA7EFD601}) (Version: 23.1.11 - Broderbund Software)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3503 - Gateway Incorporated)
WildTangent Games App (Gateway Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2977827394-2594518940-965070511-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-12-2014 21:47:33 Windows Update
03-01-2015 06:23:04 Windows Update
07-01-2015 09:49:21 Windows Update
10-01-2015 14:16:34 Windows Update
13-01-2015 07:50:59 Windows Update
14-01-2015 22:39:23 Windows Update
14-01-2015 23:09:50 Configured MediaEspresso
20-01-2015 21:41:41 Windows Update
22-01-2015 19:59:43 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {080569E1-7812-4D07-BD89-164319B63ADF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000Core => C:\Users\Bonnie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {11A35764-0770-462F-856B-741BA62F537E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {224B946F-8456-4B76-B6A5-CC5D802F83D2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
Task: {3CA658F8-E3B3-4EB7-8889-0C7EE17102AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3E4DBC7D-7F19-4D96-BC4B-4539E3201C58} - \Norton Internet Security\Norton Error Analyzer No Task File <==== ATTENTION
Task: {49D6DDAB-C1DA-4CAB-ABB0-B346C725F9F3} - System32\Tasks\{D210C445-0250-4759-AEB7-787BE3B1C577} => pcalua.exe -a D:\Setup\LaunchSetup.exe -d D:\Setup
Task: {5F41B5CA-1D7B-46DE-8112-260AD0CBCCF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {811FB071-70B5-4AA1-A228-2EEFA94CE325} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {81EC917C-266D-4D73-9506-EA361552C835} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {843A4CE9-82B3-42B0-B696-F1EE6456F48C} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8A65DC9B-EA75-4DE2-A67D-E83BBBB4F4AC} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {93ABE615-7CD5-4ABE-8AF6-5B7FC1E12E8A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000UA => C:\Users\Bonnie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {9F710099-5E65-4EDD-BDFF-E30C2A2FE32F} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-07-05] (Nero AG)
Task: {BEFC35EC-1BF3-43CA-B976-D6A8705252FC} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2014-12-03] (Adobe Systems Incorporated)
Task: {D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D} - \Norton Internet Security\Norton Error Processor No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-01-01 13:21 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2014-01-02 20:18 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-08-30 13:46 - 2014-04-08 08:13 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2011-08-10 20:58 - 2011-08-10 20:58 - 00627304 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
2009-08-14 10:55 - 2009-08-14 10:55 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-06 17:53 - 2011-10-06 17:53 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2012-08-30 13:39 - 2014-04-08 08:08 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2011-08-10 20:57 - 2011-08-10 20:57 - 00151656 _____ () C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
2014-02-23 08:01 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00750080 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-23 18:05 - 2015-01-23 18:05 - 00043008 _____ () c:\users\bonnie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpr4zdmj.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00047616 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00863744 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 17:22 - 2014-10-21 17:22 - 00200704 _____ () C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-20 22:29 - 2015-01-20 22:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Admin (S-1-5-21-2977827394-2594518940-965070511-1008 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2977827394-2594518940-965070511-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2977827394-2594518940-965070511-1004 - Limited - Enabled)
Bonnie (S-1-5-21-2977827394-2594518940-965070511-1000 - Limited - Enabled) => C:\Users\Bonnie
Guest (S-1-5-21-2977827394-2594518940-965070511-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2977827394-2594518940-965070511-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2015 06:06:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 08:23:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/23/2015 06:05:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (01/22/2015 08:22:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx64

Error: (01/22/2015 08:20:41 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/22/2015 08:13:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/22/2015 08:13:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the
14
Current News / Windows 7 ISO download is now allowed.
« Last post by Hoov on January 23, 2015, 09:04:00 AM »
Microsoft is now allowing users to download a Windows 7 iso file under certain conditions.
http://www.microsoft.com/en-us/software-recovery
15
Post Here for Malware Removal ... / Re: {In Progress - K] Pop ups
« Last post by kevinf80 on January 23, 2015, 08:48:05 AM »
Thanks for those logs, run another scan with FRST, see what the system looks like now...

Open FRST, make sure all boxes are checkmarked under "Whitelist" also make sure only Addition.txt is checkmarked under "Optional scan"

Post the two fresh logs...

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs in your next reply, also give an update on any remaining issues or concerns....

Thank you,

Kevin...
16
Current News / Re: Unpatched Vulnerability (0day) in Flash Player is being exploited
« Last post by ky331 on January 23, 2015, 08:22:12 AM »
There's been a lot of news/activity concerning (Adobe) Flash the past few days... often confusing... so now that things seem to be calming down a bit, here's a summary:

On (or before) 21 January, "Kafeine" disclosed an "extremely critical" 0-day vulnerability in Flash 16.0.0.257 [and earlier versions].  This has since been codified as CVE-2015-0311 [CVE=Common Vulnerabilities and Exposures].  This vulnerability is being actively exploited in the wild via drive-by-download attacks.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

On 22 January, Adobe released an unscheduled/emergency update for Flash player, to version x.287.   By virtue of its timing --- released shortly after "Kafeine"'s disclosure --- we (and others) ASSUMED this update was in response to the prior day's announcement.   It turns out it was NOT.   Rather, this update was in response to another "highly critical" 0-day vulnerability in Flash 16.0.0.257 [and earlier versions].  This had already been codified as CVE-2015-0310:  This vulnerability could be used to circumvent memory randomization mitigations on the Windows platform... and was/is currently being exploited in limited targeted attacks.   As such, it was [and still is] important for all users to update Flash to protect against this attack vector.

Unfortunately, the x.287 update, while fixing the 0310 vulnerability, was itself subject to the newer 0311 "Kafeine" vulnerability.   Any version of Internet Explorer or Firefox, on any version of Windows, using Flash 16.0.0.287 (or earlier), is susceptible.  [Chrome is safe --- at least for the moment.]  Adobe has announced that it expects to release yet another Flash update, to fix the 0311 "Kafeine" vulnerability, during the week of January 26. 

In the interim, users can consider the following options:

1) Disable the Flash Player add-on in your browser(s).   Upon doing so, you will no longer be able to view Flash-based content.    But much of the web nowadays [including YouTube] is using HTML-5 as an alternative to Flash... and sites offering you an HTML-5 presentation will function normally [in a modern browser].

2) According to MalwareBytes, users can successfully protect themselves by using their [free] AntiExploit program https://www.malwarebytes.org/antiexploit/     [Remark:  Their blog specifically mentions testing Explorer (IE11) and Flash (16.0.0.257).   I cannot vouch for their testing of alternative configurations.]

3) EMET is also successful is mitigating the issue --- detecting a StackPivot mitigation --- under certain configurations:  "Kafeine" has personally confirmed this using EMET 5.1 [with its recommended settings] on a Windows 8.1 (32bit) system, using Internet Explorer 11 and Flash 16.0.0.257.   ("Please take it as it is !  A single pass test in One configuration".   --- Meaning other versions of EMET may or may not be effective under different Windows/browsers/Flash configurations.)



===================                                       Sources:

"Kafeine"'s post [which is continually being updated]  http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

----------

Secunia Advisory for CVE x-0310 http://secunia.com/advisories/62452/   Remark:  Secunia Advisories, while free, require the user to register and log-in.

Adobe Response/Fix for CVE-0310 http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

----------

Secunia Advisory for CVE x-0311 http://secunia.com/advisories/62432/

Adobe Pre-Notification of fix for CVE-0311 http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

----------

Malwarebytes analysis:  https://blog.malwarebytes.org/exploits-2/2015/01/new-adobe-flash-zero-day-found-in-the-wild/
17
Post Here for Malware Removal ... / Re: {In Progress - K] Pop ups
« Last post by kobra on January 22, 2015, 10:15:49 PM »
Part 3 (Microsoft's Malicious Software Removal Tool & ZOEK)
#################################################################################################################
Microsoft's Malicious Software Removal Tool:

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Sat Dec 15 11:51:29 2012
->Scan ERROR: resource process://pid:3856 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Dec 15 11:53:11 2012


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Thu Jan 10 03:02:54 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:04:22 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Thu Feb 14 03:06:07 2013
->Scan ERROR: resource process://pid:2160 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 14 03:10:39 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Thu Mar 14 03:04:27 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 03:05:59 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Thu Apr 11 03:03:07 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 11 03:05:05 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Thu May 16 03:05:30 2013
->Scan ERROR: resource process://pid:5396 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 03:07:48 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Thu Jun 13 03:02:49 2013
->Scan ERROR: resource process://pid:7492 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 03:04:52 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Wed Jul 10 03:06:40 2013
->Scan ERROR: resource process://pid:1944 (code 0x00000490 (1168))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 10 03:09:02 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.2, July 2013 (build 5.2.9201.0)
Started On Sun Jul 14 03:01:13 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jul 14 03:03:53 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Thu Aug 15 03:02:19 2013


Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 15 03:04:21 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Thu Sep 12 03:08:19 2013

Engine: 1.1.9800.0
Signatures: 1.157.932.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 12 03:11:27 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Wed Oct 09 03:05:24 2013

Engine: 1.1.9901.0
Signatures: 1.159.530.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 09 03:08:02 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Wed Nov 13 03:03:27 2013

Engine: 1.1.10003.0
Signatures: 1.161.1618.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Nov 13 03:05:32 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Sun Dec 15 03:01:17 2013

Engine: 1.1.10100.0
Signatures: 1.163.1013.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 03:03:52 2013


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Thu Jan 16 03:01:29 2014

Engine: 1.1.10201.0
Signatures: 1.165.1273.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 03:04:27 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Sun Feb 16 03:00:58 2014

Engine: 1.1.10201.0
Signatures: 1.165.3163.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:03:41 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Wed Mar 19 03:01:02 2014

Engine: 1.1.10302.0
Signatures: 1.167.1001.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 03:04:03 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Thu Apr 10 03:02:06 2014

Engine: 1.1.10401.0
Signatures: 1.169.1258.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:04:37 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Thu May 15 03:02:55 2014

Engine: 1.1.10502.0
Signatures: 1.173.1305.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:05:29 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Thu Jun 12 03:05:26 2014

Engine: 1.1.10600.0
Signatures: 1.175.1113.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 12 03:07:31 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Wed Jul 09 03:02:37 2014

Engine: 1.1.10701.0
Signatures: 1.177.949.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jul 09 03:05:04 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Thu Aug 14 03:07:02 2014

Engine: 1.1.10802.0
Signatures: 1.179.1796.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 14 03:12:18 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Fri Sep 12 03:02:57 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 03:10:56 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Thu Oct 16 03:00:46 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 03:08:17 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)
Started On Thu Nov 13 03:03:00 2014

Engine: 1.1.11104.0
Signatures: 1.187.1116.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 03:09:26 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Dec 11 03:07:14 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Dec 11 03:14:26 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Wed Jan 14 22:39:49 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 14 22:55:00 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Thu Jan 22 19:23:42 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 22 19:37:46 2015


Return code: 0 (0x0)



#################################################################################################################
ZOEK:

Zoek.exe v5.0.0.0 Updated 18-01-2015
Tool run by Admin on Thu 01/22/2015 at 19:58:39.83.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Admin\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/22/2015 7:59:55 PM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\McAfee deleted successfully
C:\Users\Bonnie\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Bonnie\AppData\Roaming\ZoomBrowser EX deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully
C:\Users\Bonnie\AppData\Local\{17D99C2E-A749-40CB-9D49-D905482C7B57} deleted successfully
C:\Users\Bonnie\AppData\Local\{1B37582B-3250-46F5-A02E-0E6943BCAE9F} deleted successfully
C:\Users\Bonnie\AppData\Local\{2AA6E6AB-09C2-49A8-A318-9B10004A471A} deleted successfully
C:\Users\Bonnie\AppData\Local\{2E838CBA-D2D2-40B8-A487-31DF38890964} deleted successfully
C:\Users\Bonnie\AppData\Local\{2FDE10A0-B070-41F6-B345-7421053C8EB5} deleted successfully
C:\Users\Bonnie\AppData\Local\{3458B4CB-A738-41AB-B0CA-993B17B2B8DD} deleted successfully
C:\Users\Bonnie\AppData\Local\{3AC1F703-8146-44EA-AA81-3E3BAF030DF9} deleted successfully
C:\Users\Bonnie\AppData\Local\{4D086ECD-C43E-447B-8F69-BF18803E5D01} deleted successfully
C:\Users\Bonnie\AppData\Local\{53CB011D-5BA0-4AD9-9FC4-CA605743B036} deleted successfully
C:\Users\Bonnie\AppData\Local\{55E1AF3A-5A85-4E10-A5E9-241B2BDA9485} deleted successfully
C:\Users\Bonnie\AppData\Local\{68CAC9F9-76A4-4655-9F26-34D0314692DF} deleted successfully
C:\Users\Bonnie\AppData\Local\{7310EB10-EC69-4B3D-A309-A54596BBAC7E} deleted successfully
C:\Users\Bonnie\AppData\Local\{73F33929-773E-4D79-B9F8-677553ADA145} deleted successfully
C:\Users\Bonnie\AppData\Local\{88A7AB80-6ECA-4B8F-A416-05EF418B39D6} deleted successfully
C:\Users\Bonnie\AppData\Local\{97659943-31E8-4018-BB4F-16A2A8B17C97} deleted successfully
C:\Users\Bonnie\AppData\Local\{A304BBB8-FDA1-4327-98AB-1DB834BBF335} deleted successfully
C:\Users\Bonnie\AppData\Local\{ABB457B3-39C3-4840-A47D-25C6C01BF0D6} deleted successfully
C:\Users\Bonnie\AppData\Local\{B6A55282-A7A4-465B-9F72-416CF3271FA9} deleted successfully
C:\Users\Bonnie\AppData\Local\{CF3829DA-E92B-4B16-90E7-36BB3427FF18} deleted successfully
C:\Users\Bonnie\AppData\Local\{E738D565-A94B-4F4D-BD01-AF58D216B0A8} deleted successfully
C:\Users\Bonnie\AppData\Local\{E9B08722-28C4-4B96-B477-87C1619B9F7C} deleted successfully
C:\Users\Bonnie\AppData\Local\{EC7E2237-1FE7-4618-BF6A-08A992DB70FC} deleted successfully
C:\Users\Bonnie\AppData\Local\{F883D3A9-FA9F-404D-B551-5E4FEFB8E2C8} deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Settings

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{2E422264-6D8A-4ca0-97C7-A2CF868471EA} deleted successfully
HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Low Rights

\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A89AD-95D7-40EB-8D9D-

083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

deleted successfully

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Users\Bonnie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Users\Admin\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default\prefs.js:

Added to C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\prefs.js:
user_pref("browser.search.order.1", "Secure Search");
user_pref("keyword.URL", "");

Added to C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_20150122_0813_.backup

ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default

user.js not found
---- Lines nspdl removed from prefs.js ----
user_pref("extensions.nspdl.data._dy", "20140623");
user_pref("extensions.nspdl.data.activeDate", "20140515");
user_pref("extensions.nspdl.data.aliveDate", "20140623");
user_pref("extensions.nspdl.data.cc", "us");
user_pref("extensions.nspdl.data.instlDate", "20140422");
user_pref("extensions.nspdl.data.ntopen", "23336556");
user_pref("extensions.nspdl.data.ra-0dd39926325c08d27482ec7852a60095", "dd35d321d1bed7ac906b12cfbe195074");
user_pref("extensions.nspdl.data.ra-462f23bb747e4f70407d053a3297bd0b", "832d47846367971f1f4dfabb314ad640");
user_pref("extensions.nspdl.data.ra-65b71db09f71c6c7d7b2071c59e0da25", "7a658d50963fcf43fbc6e68c0bb5525e");
user_pref("extensions.nspdl.data.ra-872bb23eeaa531e88719b185b415ff36", "df2139a99645b74952aa7fce5f169ab0");
user_pref("extensions.nspdl.data.ra-abc402c70e46e8cc70f0532c455a3c97", "026cde5b6cd59e1f55166cdd3bca3e0b");
user_pref("extensions.nspdl.general.content", "favorites-e3fe6b04f35b134b72f2f0e12ac60849");
user_pref("extensions.nspdl.general.firstRun", false);
user_pref("extensions.nspdl.general.guid", "d38dff45-a78b-45b4-92ec-7cdd9483a221");
user_pref("extensions.nspdl.general.version", "9.5.5");
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.autoDisableScopes", -1);
user_pref("valueApps.storage.mam_gk_userId",

"64333531636537372D623135652D343266622D396364332D633636653163363162376133");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.FXNqB removed from prefs.js ----
user_pref("extensions.FXNqB.epoch", "1416953868");
user_pref("extensions.FXNqB.url", "http://webdireect.in/sync2/?

q=hfZ9ojtUhMCMCyVUojwMg708BNmGWj8lkGhGheDUojw9rdkGqdw8qjaEpihIC7n0rjnEpjw5rda9qTs5tNhVC
---- Lines extensions.HhBhxJjRP4nqBBXi removed from prefs.js ----
user_pref("extensions.HhBhxJjRP4nqBBXi.epoch", "1421389269");
user_pref("extensions.HhBhxJjRP4nqBBXi.url", "http://liversitions.info/sync2/?

q=hfZ9ofmZhchEAen0rjaErdaEtMqLDe49CNU0llrMCMlNhd9FqjaFrdCErTnHrdrMBzqUoj
---- Lines extensions.VDIQKPIG4 removed from prefs.js ----
user_pref("extensions.VDIQKPIG4.epoch", "1416953870");
user_pref("extensions.VDIQKPIG4.url", "http://discountgetdirect.ru/sync2/?

q=hfZ9oeZMh7Y4tNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda9rjgEqTs9rdrMBzqUojw9rdUFpd
---- Lines extensions.jQuh426B1 removed from prefs.js ----
user_pref("extensions.jQuh426B1.epoch", "1421389270");
user_pref("extensions.jQuh426B1.url", "http://redhatlovesite.org/sync2/?

q=hfZ9ojwGhyhNtNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda4rjkFpjk9qjwMBzqUojw9rdUFpdaE
---- Lines extensions.q5lnQceM removed from prefs.js ----
user_pref("extensions.q5lnQceM.epoch", "1416953869");
user_pref("extensions.q5lnQceM.url", "http://foreveryshare.ru/sync2/?

q=hfZ9oeDGhex9tNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda9rdCGrHr9qdrMBzqUojw9rdUFpdaEqdC
---- Lines extensions.s6ldIyuuS removed from prefs.js ----
user_pref("extensions.s6ldIyuuS.epoch", "1421389269");
user_pref("extensions.s6ldIyuuS.url", "http://astrajobsecure.com/sync2/?

q=hfZ9ojwEhfsHtNbPhd9FtMqLDe49CNU0llrMCMlNhd9Fqda4rjkFpjr9rdnMBzqUojw9rdUFpdaE
---- Lines extensions.uAk3as removed from prefs.js ----
user_pref("extensions.uAk3as.epoch", "1416953870");
user_pref("extensions.uAk3as.url", "http://capelivemega.net/sync2/?

q=hfZ9ojlVCTsMCyVUojwMg708BNmGWj8lkGhGheDUojw9rdCFrdsErjrGpihIC7n0rjnEpjw5rda9qHaGt
---- Lines extensions.zOhdwnYKopX6lVWl removed from prefs.js ----
user_pref("extensions.zOhdwnYKopX6lVWl.epoch", "1421389271");
user_pref("extensions.zOhdwnYKopX6lVWl.url", "http://getjpi77.info/sync2/?

q=hfZ9oen9BihEAen0rchTB6lKDzt4olljtNtVh7n0rjnFrjsHrjsHqTr9tMFHhd9FqdwFrTnGrT
---- FireFox user.js and prefs.js backups ----

prefs_20150122_0813_.backup

==== Deleting Files \ Folders ======================

C:\Users\Bonnie\AppData\LocalLow\{01050D05-D546-B8DC-954D-8334A8A7BF5A} deleted
C:\Users\Bonnie\AppData\LocalLow\{2F344960-763E-9E6C-E973-25241A34D54E} deleted
C:\Users\Bonnie\AppData\LocalLow\{AF9DD42F-F7CD-768B-3561-2FF97518D379} deleted
C:\Users\Bonnie\AppData\LocalLow\{B4552D3D-6B41-9AF1-3067-72A066972344} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{01050D05-D546-B8DC-954D-8334A8A7BF5A} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{2F344960-763E-9E6C-E973-25241A34D54E} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{AF9DD42F-F7CD-768B-3561-2FF97518D379} deleted
C:\Users\Bonnie\AppData\Local\Packages\windows_ie_ac_001\AC\{B4552D3D-6B41-9AF1-3067-72A066972344} deleted
C:\PROGRA~2\WordPerfect Office 12 deleted
C:\PROGRA~2\FamilySearch deleted
C:\Users\Bonnie\AppData\Roaming\WB.CFG deleted
C:\Users\Bonnie\AppData\Roaming\appdataFr2.bin deleted
C:\Users\Bonnie\AppData\Local\CRE deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch deleted
C:\Users\Bonnie\AppData\LocalLow\TB deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\ADM deleted
C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\nspdl deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 5888 MB
CPU Info: AMD Phenom(tm) II X6 1065T Processor
CPU Speed: 2971.9 MHz
Sound Card: Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 4250 Graphics  | ATI Radeon HD 4250 Graphics  | RDPDD Chained DD | RDP Encoder

Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1680 X 1050 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: ATAPI   DVD A  DH16ABSH
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  1379.2GB
Hard Disks - Free: C:  1197.7GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | ACRSYS - 20101104
Time Zone: Mountain Standard Time
Motherboard *: Gateway DX4350
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Kaspersky Internet Security On-access scanning disabled (Outdated)
Anti-Spyware: Kaspersky Internet Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: Kaspersky Internet Security disabled
Default Browser: Firefox   35.0
Internet Explorer Version: 11.0.9600.17501
Mozilla Firefox version: 35.0 (x86 en-US)
Adobe Reader version: 10.1.13.16
Flash Player version: 16.0.0.257

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Admin\AppData\Local\Temp ====
2015-01-23 02:07:17   E0DC8C6BBC787B972A9A468648DBFD85   1008128   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\libiconv2.dll
2015-01-23 02:07:17   D202BAA425176287017FFE1FB5D1B77C   103424   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\libintl3.dll
2015-01-23 02:07:17   57CAC848FA14AE38F14F9441F8933282   140288   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\pcre3.dll
2015-01-23 02:07:17   547C43567AB8C08EB30F6C6BACB479A3   79360   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\regex2.dll
2015-01-23 02:07:17   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-23 02:00:57   97511FE2CA09CC2E06C3CD6519C3494E   43008   ----a-w-   C:\Users\Bonnie\AppData

\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpi9q42z.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-15 05:38:26   FE48346938C1CDDDF4E4097DB9B99764   52224   ----a-w-   C:\Windows

\SysWOW64\nlaapi.dll
2015-01-15 05:38:26   92940397DFFB4D237EA5BB22FF912BDC   156672   ----a-w-   C:\Windows

\SysWOW64\ncsi.dll
2015-01-15 05:38:01   2AF481C03C0383ADE09FFEDA0C583140   3971512   ----a-w-   C:\Windows

\SysWOW64\ntkrnlpa.exe
2015-01-15 05:38:00   9606307F5E1EABA98ACB61206EFC2127   43008   ----a-w-   C:\Windows

\SysWOW64\srclient.dll
2015-01-15 05:38:00   8A289EF0AE709327D6AA9769E108B5A6   3916728   ----a-w-   C:\Windows

\SysWOW64\ntoskrnl.exe
2015-01-15 05:37:34   0C9988BDA3CEC3C421B773982C5E2EC6   5703168   ----a-w-   C:\Windows

\SysWOW64\mstscax.dll
2015-01-13 14:53:00   8DEEE20D8D30E9B0FBDCA31E58A027BD   53248   ----a-w-   C:\Windows

\SysWOW64\tsgqec.dll
2015-01-13 14:52:59   AB5EFB103DB01C1912C9D2F545EA5621   17920   ----a-w-   C:\Windows

\SysWOW64\wksprtPS.dll
2015-01-13 14:52:59   5E676B296B762E211D83B87635F2C330   855552   ----a-w-   C:\Windows

\SysWOW64\rdvidcrl.dll
2015-01-13 14:52:59   4676AAA9DDF52A50C829FEDB4EA81E54   1068544   ----a-w-   C:\Windows

\SysWOW64\mstsc.exe
2015-01-13 14:52:59   2EFB1279E7BEA7D12D9F4D6508D27880   50176   ----a-w-   C:\Windows

\SysWOW64\MsRdpWebAccess.dll
2015-01-13 14:51:47   8999F18D38D55E34D356796507FFD639   192000   ----a-w-   C:\Windows

\SysWOW64\rdpendp_winip.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-15 05:38:26   B6A58491307B4CADA572583D863DC602   210432   ----a-w-   C:\Windows\Sysnative

\profsvc.dll
2015-01-15 05:38:26   8B301D474B478E9A92823BAB50A7BC49   303616   ----a-w-   C:\Windows\Sysnative

\nlasvc.dll
2015-01-15 05:38:18   E9CB5F138943D383DB67F29AAB60453F   3179520   ----a-w-   C:\Windows\Sysnative

\rdpcorets.dll
2015-01-15 05:38:18   2147C5330F983D76A36B73F4A804F778   16384   ----a-w-   C:\Windows\Sysnative

\RdpGroupPolicyExtension.dll
2015-01-15 05:38:06   2A9C3ADBC3B9D061CACDEFFBED67683C   87040   ----a-w-   C:\Windows\Sysnative

\TSWbPrxy.exe
2015-01-15 05:38:01   0A70B8D78AF95894E221DDAC6482DF6D   5553592   ----a-w-   C:\Windows\Sysnative

\ntoskrnl.exe
2015-01-15 05:38:00   F4846789B3795F14DCB7D92ED1DAF74F   503808   ----a-w-   C:\Windows\Sysnative

\srcore.dll
2015-01-15 05:38:00   DE595EACC79006E7B15B848BF0831E78   296960   ----a-w-   C:\Windows\Sysnative

\rstrui.exe
2015-01-15 05:38:00   BA6D609BAB615991E8791CA1DFFD034C   50176   ----a-w-   C:\Windows\Sysnative

\srclient.dll
2015-01-15 05:37:34   6DD73E4E947DB3B0608321AE13210D94   6584320   ----a-w-   C:\Windows\Sysnative

\mstscax.dll
2015-01-13 14:53:01   DDED7C5558B3AE09F568945281A9A6D1   44544   ----a-w-   C:\Windows\Sysnative

\TsUsbGDCoInstaller.dll
2015-01-13 14:53:00   FEC6178962DFF33074D39CA907971405   12800   ----a-w-   C:\Windows\Sysnative

\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-13 14:53:00   5289A00E2D21BB3A7D6761646543ED5C   62976   ----a-w-   C:\Windows\Sysnative

\tsgqec.dll
2015-01-13 14:53:00   108C257D765AAD2E6EC46557DA0B02BD   13824   ----a-w-   C:\Windows\Sysnative

\TsUsbRedirectionGroupPolicyControl.exe
2015-01-13 14:52:59   A4420969E5AB94856E5C0C02E6099D3F   1057280   ----a-w-   C:\Windows\Sysnative

\rdvidcrl.dll
2015-01-13 14:52:59   8E75B1112C374EBDF18FD640DA2F0655   1147392   ----a-w-   C:\Windows\Sysnative

\mstsc.exe
2015-01-13 14:52:59   7BD2E6E2458A5B95F8341244C7FC7DD4   18944   ----a-w-   C:\Windows\Sysnative

\wksprtPS.dll
2015-01-13 14:52:59   79EE5ECB4BE89343E4CF1E48F7769F59   420864   ----a-w-   C:\Windows\Sysnative

\wksprt.exe
2015-01-13 14:52:59   149A388C17F04AD1F99B477A43BE1A9F   56832   ----a-w-   C:\Windows\Sysnative

\MsRdpWebAccess.dll
2015-01-13 14:51:47   D346E07D62E3D4BEAB040939744EC31B   228864   ----a-w-   C:\Windows\Sysnative

\rdpendp_winip.dll
2015-01-13 14:51:47   AD4D0AEDB5993EDA31EB80A54EDBC344   243200   ----a-w-   C:\Windows\Sysnative

\rdpudd.dll
====== C:\Windows\Sysnative\drivers =====
2015-01-21 06:30:17   FD44FA80DA03EA144153A76DEBBB61B4   35064   ----a-w-   C:\Windows\Sysnative

\drivers\TrueSight.sys
2015-01-15 05:38:23   AE3334958D8F631FF14A0AEB3D7EFB3A   141312   ----a-w-   C:\Windows\Sysnative

\drivers\mrxdav.sys
2015-01-13 14:53:00   E9981ECE8D894CEF7038FD1D040EB426   56832   ----a-w-   C:\Windows\Sysnative

\drivers\TsUsbFlt.sys
2015-01-13 14:51:54   AD64450A4ABE076F5CB34CC08EEACB07   30208   ----a-w-   C:\Windows\Sysnative

\drivers\TsUsbGD.sys
2015-01-13 14:51:54   313F68E1A3E6345A4F47A36B07062F34   19456   ----a-w-   C:\Windows\Sysnative

\drivers\rdpvideominiport.sys
2015-01-07 02:51:42   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\Sysnative

\drivers\67F23A27.sys
2015-01-07 02:50:39   26C43960C99EE861A5D0EDC4DCF3B1C3   129752   ----a-w-   C:\Windows\Sysnative

\drivers\12D43959.sys
====== C:\Windows\Tasks ======
2015-01-04 17:45:22   B63AD96D5AB77552EFDB7D2277C3B0CB   3886   ----a-w-   C:\Windows\Sysnative\Tasks

\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-01-19 18:13:20   --------   d-----w-   C:\PROGRA~2\ERUNT
=======  =====
====== C:\Users\Admin\AppData\Roaming ======
2015-01-22 05:29:31   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Mozilla
2015-01-22 05:29:31   --------   d-----w-   C:\Users\Admin\AppData\Local\Mozilla
2015-01-22 05:29:17   --------   d-----w-   C:\Users\Admin\AppData\Roaming\ATI
2015-01-22 05:29:17   --------   d-----w-   C:\Users\Admin\AppData\Local\ATI
2015-01-22 05:28:37   --------   d-----w-   C:\Users\Admin\AppData\Roaming\OEM
2015-01-22 05:28:37   --------   d-----w-   C:\Users\Admin\AppData\Roaming\ControlCenter4
2015-01-22 05:28:37   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-22 05:28:36   450364B2CEFFCE88126C0F9B36C843D3   438944   ----a-w-   C:\Users\Admin\AppData

\Local\GDIPFONTCACHEV1.DAT
2015-01-22 05:28:14   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Identities
2015-01-21 06:32:33   --------   d-sh--w-   C:\Users\Admin\AppData\Local\EmieUserList
2015-01-21 06:32:33   --------   d-sh--w-   C:\Users\Admin\AppData\Local\EmieSiteList
2015-01-21 06:32:33   --------   d-sh--w-   C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-21 06:32:32   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Adobe
2015-01-21 06:30:16   --------   d-s---w-   C:\Users\Admin\AppData\Locallow\Microsoft
2015-01-17 22:48:11   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup
2015-01-17 22:48:11   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Administrative Tools
2015-01-17 04:21:02   --------   d-s---w-   C:\Users\Admin\AppData\Roaming\Microsoft
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Roaming\Media Center Programs
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Local\Temp
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Local\Microsoft Help
2015-01-17 04:21:02   --------   d-----w-   C:\Users\Admin\AppData\Local\Microsoft
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Maintenance
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Accessories
====== C:\Users\Admin ======
2015-01-22 07:02:22   0DD7CD28C36F909EF7EE0C8628D687F3   37987520   ----a-w-   C:\Users\Admin

\Desktop\Windows-KB890830-x64-V5.20.exe
2015-01-22 06:50:44   B9E1BF24EF01A82701B09BE75D294085   1707939   ----a-w-   C:\Users\Admin\Desktop

\JRT.exe
2015-01-22 05:28:21   --------   d-----r-   C:\Users\Admin\Searches
2015-01-22 05:28:12   --------   d-----r-   C:\Users\Admin\Contacts
2015-01-21 06:30:15   --------   d-----w-   C:\ProgramData\RogueKiller
2015-01-19 18:13:20   --------   d-----w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-17 04:21:02   6FC234AD3752E1267B34FB12BCD6718B   20   --sh--w-   C:\Users\Admin\ntuser.ini
2015-01-17 04:21:02   --------   d--h--w-   C:\Users\Admin\AppData
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Videos
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Saved Games
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Pictures
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Music
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Links
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Favorites
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Downloads
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Documents
2015-01-17 04:21:02   --------   d-----r-   C:\Users\Admin\Desktop
2015-01-07 16:57:55   --------   d-----w-   C:\ProgramData\pnikjcemimhgahpjiapnjbejoigfkjcj

====== C: exe-files ==
2015-01-23 02:07:17   2E0323A94915FAAB10A25F3BABF82584   157696   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-22 07:02:22   0DD7CD28C36F909EF7EE0C8628D687F3   37987520   ----a-w-   C:\Users\Admin

\Desktop\Windows-KB890830-x64-V5.20.exe
2015-01-22 06:50:44   B9E1BF24EF01A82701B09BE75D294085   1707939   ----a-w-   C:\Users\Admin\Desktop

\JRT.exe
2015-01-22 05:56:04   6EA377DA154B0111D59AE70C35F9864E   2186752   ----a-w-   C:\Users\Admin\Desktop

\SpywareHammerArchivedTools\AdwCleaner.exe
2015-01-21 04:51:01   68CCB93315E8986024CE2621720E64F7   15431256   ----a-w-   C:\Users\Admin

\Desktop\SpywareHammerArchivedTools\RogueKiller.exe
2015-01-21 04:50:20   DD55080C38BF607930A99950B95B0814   2126848   ----a-w-   C:\Users\Admin\Desktop

\SpywareHammerArchivedTools\FRST64.exe
2015-01-19 18:10:33   933169EEE58B90EB0900CD3B0AF02FD8   791393   ----a-w-   C:\Users\Admin\Desktop

\SpywareHammerArchivedTools\erunt-setup.exe
=== C: other files ==
2015-01-23 02:07:17   F720D6634E048B0AD485CEEF55263E6B   191092   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\misc.bat
2015-01-23 02:07:17   F56A319979F631C141F5FF02DF87FDB1   43563   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\prelim.bat
2015-01-23 02:07:17   DD1E4D974B1672ABD09EFFB225791C4A   1230   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\TDL4.bat
2015-01-23 02:07:17   C4C784C659C27DB5ED395A7901611C71   14957   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\get.bat
2015-01-23 02:07:17   AD2F52DC72B10AF331692E4A4DD80DFC   18670   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\medfos.bat
2015-01-23 02:07:17   AA0C656F898523BEDF2DA6923197BB80   1264   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\surfvox.bat
2015-01-23 02:07:17   A3945FA06DB607245C6A1D0629CE737E   11057   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\runvalues.bat
2015-01-23 02:07:17   8E6020C14F982CF11B3FE7DBB0CB8EDE   24738   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\searchlnk.bat
2015-01-23 02:07:17   86707BCE5CBB65D9B1C41E249B4423BA   152733   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\firefox.bat
2015-01-23 02:07:17   83F691D8398F0E37E71E9355BF730DB9   719   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\ev_clear.bat
2015-01-23 02:07:17   38A0BDF322ACCC968B0A824C38D50157   29635   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\ask.bat
2015-01-23 02:07:17   335DFF8F23E5EC02B5426362F0F8509B   31401   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\iexplore.bat
2015-01-23 02:07:17   0C4649A62845AB5D5DBCC4998477FF6D   1813   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\delfolders.bat
2015-01-23 02:07:17   080CFDE64F31E7B50EECF4552033E84D   9937   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\mws.bat
2015-01-23 02:07:17   048407135C9B1FB6A355E256BD96160D   14192   ----a-w-   C:\Users\Admin\AppData

\Local\Temp\jrt\chrome.bat
2015-01-21 06:30:17   FD44FA80DA03EA144153A76DEBBB61B4   35064   ----a-w-   C:\Windows

\System32\drivers\TrueSight.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Spotify Web Helper"="C:\Users\Bonnie\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"Hotkey Utility"="C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
"PPort12reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort

\12\Config\Ereg\Ereg.ini"
"PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe"
"PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

==== Startup Folders ======================

2012-12-03 03:10:16   1147   ----a-w-   C:\Users\Bonnie\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Startup\Dropbox.lnk
2012-05-29 13:10:36   1949   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event

Reminder.lnk
2012-11-14 01:53:57   1192   ----a-w-   C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

\ImageBrowser EX Agent.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [01/14/2015 11:56 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe ARM" ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\Adobe Reader Speed Launcher" ["C:\Program Files (x86)\Adobe\Reader 10.0\Reader

\Reader_sl.exe"]
"C:\Windows\SysNative\tasks\DeviceDetector" [C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector

\DeviceDetector.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000Core" [C:\Users

\Bonnie\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2977827394-2594518940-965070511-1000UA" [C:\Users\Bonnie

\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\NBAgent" [C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine

\19.9.1.14\WSCStub.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update

\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet

Security\Engine\19.9.1.14\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton

Internet Security\Engine\19.9.1.14\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start

osppsvc]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt

\online_banking@kaspersky.com" [12/17/2014 09:51 AM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7xuz79o.default
8560995C727974F27F2A1CE68909FEB9   - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll -   Shockwave

Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\urladvisor.crx[10/08/2013 01:50 PM]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\online_banking_chrome.crx[10/08/2013 01:50 PM]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\content_blocker_chrome.crx[10/08/2013 01:50 PM]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\virtkbd.crx[12/17/2014 09:49 AM]
mgekkbflbjgdcmbphhpaikbmjbifkaib - C:\Users\Bonnie\AppData\Local\CRE\mgekkbflbjgdcmbphhpaikbmjbifkaib.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ChromeExt\ab.crx[10/08/2013 01:50 PM]

Kaspersky Protection - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blbkdnmdcafmfhinpmnlhhddbepgkeaa
YouTube - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Dangerous Websites Blocker - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions

\hghkgaeecgjhjkannahfamoehjmkjail
shopndrop - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggpdnkhlpbjdkpkhcnbmcjedfgnbdek
Google Wallet - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chromium Startpages ======================

C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://partnerpage.google.com/bridgemail.com",
"startup_urls": [ "http://www.google.com/", "http://lds.org/" ],


==== Chromium Fix ======================

C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Local Storage

\https_static.selectgo00.selectgo.net_0.localstorage deleted successfully
C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggpdnkhlpbjdkpkhcnbmcjedfgnbdek deleted

successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-

SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Bonnie\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2977827394-2594518940-965070511-1008\Software\Microsoft\Internet Explorer\SearchScopes

\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mgekkbflbjgdcmbphhpaikbmjbifkaib deleted

successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF

Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files

(x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky

Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData

\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2977827394-2594518940-965070511-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar

\sidebar.exe /autoRun (User 'Bonnie')
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - S-1-5-21-2977827394-2594518940-965070511-1000 Startup: Dropbox.lnk = Bonnie\AppData\Roaming\Dropbox\bin

\Dropbox.exe (User 'Bonnie')
O4 - S-1-5-21-2977827394-2594518940-965070511-1000 User Startup: Dropbox.lnk = Bonnie\AppData\Roaming\Dropbox\bin

\Dropbox.exe (User 'Bonnie')
O4 - Global Startup: Event Reminder.lnk = C:\Program Files (x86)\The Print Shop 23.1\Remind.exe
O4 - Global Startup: ImageBrowser EX Agent.lnk = C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security

14.0.0\ie_banner_deny.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky

Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft

Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files

(x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E4D88471-7ED7-43E1-B290-205559E8EBB2} (logoff Class) -

https://my.madisonhospital.org/mig/mae/login/Browser%20Logoff.dll
O16 - DPF: {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} (WebEnable Class) -

https://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{39C34F84-4F8F-431C-AA97-5BDA129281FC}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{18BAEE32-7A7F-4151-B2E3-CD66400E704F}: NameServer = 8.8.8.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files

\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file

missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support

\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab

\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother In
18
Post Here for Malware Removal ... / Re: {In Progress - K] Pop ups
« Last post by kobra on January 22, 2015, 10:14:59 PM »
Part 2 (AdwCleaner & Junkware Removal Tool)
#################################################################################################################
AdwCleaner

There were two log files in the directory you referenced, I have pasted them both below:

AdwCleaner[R0].txt:
-------------------
# AdwCleaner v4.108 - Report created 21/01/2015 at 23:27:28
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - LAWRENCE2
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : qknfd

***** [ Files / Folders ] *****

File Found : \END
File Found : C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\user.js
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\saveron
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\2fcd61ef531c55b0
Folder Found : C:\ProgramData\3444516970527741360
Folder Found : C:\ProgramData\caoupoNpEaK
Folder Found : C:\ProgramData\ClIckForSalie
Folder Found : C:\ProgramData\DiscounntLoCaatOr
Folder Found : C:\ProgramData\KinngCouupon
Folder Found : C:\ProgramData\PrinCECCoupon
Folder Found : C:\ProgramData\SalesMagnet
Folder Found : C:\ProgramData\SaoftiCoup
Folder Found : C:\ProgramData\saveron
Folder Found : C:\Users\Bonnie\AppData\Local\Conduit
Folder Found : C:\Users\Bonnie\AppData\Local\iac
Folder Found : C:\Users\Bonnie\AppData\Local\NativeMessaging
Folder Found : C:\Users\Bonnie\AppData\LocalLow\Conduit
Folder Found : C:\Users\Bonnie\AppData\LocalLow\iac
Folder Found : C:\Users\Bonnie\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Bonnie\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Bonnie\AppData\Roaming\ValueApps
Folder Found : C:\Users\Bonnie\Documents\Optimizer Pro
Folder Found : C:\Users\Bonnie\Documents\Updater
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\.
Key Found : HKLM\SOFTWARE\Classes\..9
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-

A360A8CFF8C3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-

82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-

111CB1D2A7D6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-

68784B0B762B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-

6D292FA53140}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-

7EC852F1497C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-

E56F8FC732CE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet Explorer
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-

9ED71DEAF12A}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)

[7rgneeol.default] - Line Found : user_pref("extensions.FXNqB.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"sumoro[...]
[7rgneeol.default] - Line Found : user_pref("extensions.VDIQKPIG4.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"su[...]
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.aflt", "dsites");
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.cd",

"2XzuyEtN2Y1L1QzutAzzyCtDyByByD0D0Fzz0F0D0D0CyD0AtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1PtN1L1G

1B1V1N2Y1L1Qzu2SyEtDyEyCyE0FyByBtGyB0CtAtBtGtDt[...]
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.cr", "1308762248");
[7rgneeol.default] - Line Found : user_pref("extensions.irmysearch.instlRef", "0211_e");
[7rgneeol.default] - Line Found : user_pref("extensions.q5lnQceM.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"sum[...]
[7rgneeol.default] - Line Found : user_pref("extensions.uAk3as.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-

1||url.indexOf(\"sumor[...]
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E+x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E,x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E-x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E.:2z527", "2423");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E.:2z527.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E.x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E/x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:", "6E6C716F6E6D74727375");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K",

"247E2D2F226A7472777574737A78797B242F4B49474F42357D5D5C3D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E0x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E1x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E2x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E31;CJ7FK;KG#8QKEF)TIL.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E31;CJE9G=BNMLENFAFVFEG.YNQ.storedInFile",

true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E31;CJG9KDG<DH??'FDP.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E3x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E4x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E5x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E6x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E7x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E8x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E9x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E:x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E;x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E<x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E=x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E>x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E?x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7E@x305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EAx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D",

"372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EBx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7ECx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7EDx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B+7Etx305.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G>D",

"3C6F3F40707040417A7045447B2049757A77257D4E7D212A5423212829282B2A282D2B2B");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G>D.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G@6:5;", "");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3G@6:5;.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3GFA7EF", "2B2E2C3D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-0?3GFA7EF.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>",

"247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B666856

3F73796F697861");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B3=>@44I48?",

"372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B3=>@44I48?.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B5BA==9CJAG",

"3A70706D6D6D726D7A7877777B7C754C4A777C2323");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B5BA==9CJAG.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P",

"6E6C716F6E6D7472746F747677");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B9643G3/9E", "6A");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B9643G3/9E.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE", "2B2E2C3D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<", "393F352F3E");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ",

"6D70706E7674717975702A7A78727C7E757C20");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:", "4443");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?+E2A52D8",

"372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?+E2A52D8.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H", "6D");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?", "6C");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.PG_ENABLE", "74727565");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.PG_ENABLE.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED", "46414C5345");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_STATUS", "454E41424C4544");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_STATUS.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_USER_ID",

"6369645F3237343230313432313130333435323735393833");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.SF_USER_ID.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_experience_000", "36");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_experience_000.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_firstuse0100", "31");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_firstuse0100.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_user_id_000",

"43423738353534373436393337365F313339393637313639353835305F46697265666F78");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cb_user_id_000.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cbfirsttime",

"53756E2041707220323720323031342032313A31303A333620474D542D3036303020284D6F756E7461696E205374616E646172642054696D65

29");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.cbfirsttime.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime",

"31343033353731343332333632");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appsConfig.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled", "6E756C6C");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_calledSetupService", "31");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_calledSetupService.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_currentVersion", "312E31332E302E3137");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_currentVersion.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_first_time", "31");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_first_time.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime",

"31343033353731343333373536");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_localization.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_settings1.13.0.17.storedInFile", true);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget", "66616C7365");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_stamp", "313139395F30");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_stamp.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userBornDate", "3230313430343238");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userBornDate.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userId",

"64333531636537372D623135652D343266622D396364332D633636653163363162376133");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_userId.storedInFile", false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted", "");
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted.storedInFile",

false);
[7rgneeol.default] - Line Found : user_pref("valueApps.CT0000000.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [26023 octets] - [21/01/2015 23:27:28]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [26084 octets] ##########


And AdwCleaner[S0].txt
----------------------
# AdwCleaner v4.108 - Report created 21/01/2015 at 23:30:54
# Updated 17/01/2015 by Xplode
# Database : 2015-01-22.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Admin - LAWRENCE2
# Running from : C:\Users\Admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

  • Service Deleted : qknfd


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\caoupoNpEaK
Folder Deleted : C:\ProgramData\ClIckForSalie
Folder Deleted : C:\ProgramData\DiscounntLoCaatOr
Folder Deleted : C:\ProgramData\KinngCouupon
Folder Deleted : C:\ProgramData\PrinCECCoupon
Folder Deleted : C:\ProgramData\SalesMagnet
Folder Deleted : C:\ProgramData\SaoftiCoup
Folder Deleted : C:\ProgramData\saveron
Folder Deleted : C:\ProgramData\2fcd61ef531c55b0
Folder Deleted : C:\ProgramData\3444516970527741360
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\saveron
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\Bonnie\AppData\Local\Conduit
Folder Deleted : C:\Users\Bonnie\AppData\Local\iac
Folder Deleted : C:\Users\Bonnie\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Bonnie\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bonnie\AppData\LocalLow\iac
Folder Deleted : C:\Users\Bonnie\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Bonnie\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Bonnie\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\Bonnie\Documents\Optimizer Pro
Folder Deleted : C:\Users\Bonnie\Documents\Updater
File Deleted : \END
File Deleted : C:\Users\Bonnie\AppData\Roaming\Mozilla\Firefox\Profiles\7rgneeol.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\.
Key Deleted : HKLM\SOFTWARE\Classes\..9
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B7FD68F7-D28B-431E-9EE8-E45D915B7F17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0C3A839-0E5E-4EBC-9F8F-E56F8FC732CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74C02D12-FAEE-4834-80D2-5B7D2480AD61}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC7E25D7-4681-46A3-AF5A-9A1B865783ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CBBEA4B9-B183-47AC-8B1F-FD526AC99A8D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0fd6c4b3-4875-4446-9ebc-e51179d7abe9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-

A360A8CFF8C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-

82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CBF5C01-C876-481B-867E-

111CB1D2A7D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{701F5C41-BB30-46DA-A56B-

68784B0B762B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3B975A0-F679-444E-9D94-

6D292FA53140}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D97143C2-4282-496B-BDC4-

7EC852F1497C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0C3A839-0E5E-4EBC-9F8F-

E56F8FC732CE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C66A678D-5E6C-4AF9-8F57-C6192F42CF74}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D97143C2-4282-496B-BDC4-7EC852F1497C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-

9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FromDocToPDF_65bar Uninstall Internet

Explorer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 en-US)

[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.FXNqB.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"sumoro[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.VDIQKPIG4.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"su[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "dsites");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd",

"2XzuyEtN2Y1L1QzutAzzyCtDyByByD0D0Fzz0F0D0D0CyD0AtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtCtC1V1PtN1L1G

1B1V1N2Y1L1Qzu2SyEtDyEyCyE0FyByBtGyB0CtAtBtGtDt[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "1308762248");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "0211_e");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.q5lnQceM.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"sum[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("extensions.uAk3as.scode", "try{(function(){try{var url=

(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-

1url.indexOf(\"sumor[...]
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E+x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E,x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E-x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E.:2z527", "2423");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E.:2z527.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E.x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E/x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:",

"6E6C716F6E6D74727375");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL8:.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K",

"247E2D2F226A7472777574737A78797B242F4B49474F42357D5D5C3D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E06CG5EL;8I:K.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E0x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E1x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E2x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E31;CJ7FK;KG#8QKEF)

TIL.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B

+7E31;CJE9G=BNMLENFAFVFEG.YNQ.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B

+7E31;CJG9KDG<DH??'FDP.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E3x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E4x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E5x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E6x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E7x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E8x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E9x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E:x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E;x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E<x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E=x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E>x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E?x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7E@x305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EAx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D",

"372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EBE3G=;D9N9=D.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EBx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7ECx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7EDx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B+7Etx305.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D",

"3C6F3F40707040417A7045447B2049757A77257D4E7D212A5423212829282B2A282D2B2B");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G>D.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;", "");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3G@6:5;.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF", "2B2E2C3D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-0?3GFA7EF.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>",

"247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B666856

3F73796F697861");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B-3=3ECCJA=F>.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM",

"6A696B7273747576");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?",

"372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B3=>@44I48?.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG",

"3A70706D6D6D726D7A7877777B7C754C4A777C2323");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B5BA==9CJAG.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P",

"6E6C716F6E6D7472746F747677");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B6B11G4C56B>F;P;ANR@P.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?OFB>>RHIQS",

"393F352F3E");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B90E@.3C;7B=?

OFB>>RHIQS.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E", "6A");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B9643G3/9E.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE", "2B2E2C3D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B;45>:BI9I7IE.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<", "393F352F3E");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ",

"6D70706E7674717975702A7A78727C7E757C20");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B<:222H64<L8DAJ.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:", "4443");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B=+03EH8H8J?:.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8",

"372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?+E2A52D8.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H", "6D");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9B?B0D:8AJ62<H.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?", "6C");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000./9BA@0<0BI6A7GN:6@L?.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE", "74727565");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.PG_ENABLE.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED", "46414C5345");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_JUST_INSTALLED.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS", "454E41424C4544");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_STATUS.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID",

"6369645F3237343230313432313130333435323735393833");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.SF_USER_ID.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000", "36");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_experience_000.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_firstuse0100", "31");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_firstuse0100.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000",

"43423738353534373436393337365F313339393637313639353835305F46697265666F78");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cb_user_id_000.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime",

"53756E2041707220323720323031342032313A31303A333620474D542D3036303020284D6F756E7461696E205374616E646172642054696D65

29");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.cbfirsttime.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appStateReportTime",

"31343033353731343332333632");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_appStateReportTime.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsConfig.storedInFile", true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_appsDefaultEnabled",

"6E756C6C");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_appsDefaultEnabled.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_calledSetupService", "31");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_calledSetupService.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion",

"312E31332E302E3137");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_currentVersion.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time", "31");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_first_time.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime",

"31343033353731343333373536");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_lastLoginTime.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_localization.storedInFile",

true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_settings1.13.0.17.storedInFile",

true);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget",

"66616C7365");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_showWelcomeGadget.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp", "313139395F30");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_stamp.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate",

"3230313430343238");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userBornDate.storedInFile",

false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId",

"64333531636537372D623135652D343266622D396364332D633636653163363162376133");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_userId.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.mam_gk_user_approval_interacted", "");
[7rgneeol.default\prefs.js] - Line Deleted : user_pref

("valueApps.CT0000000.mam_gk_user_approval_interacted.storedInFile", false);
[7rgneeol.default\prefs.js] - Line Deleted : user_pref("valueApps.CT0000000.url_history0001.storedInFile", true);

*************************

AdwCleaner[R0].txt - [26259 octets] - [21/01/2015 23:27:28]
AdwCleaner[S0].txt - [27475 octets] - [21/01/2015 23:30:54]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [27536 octets] ##########



#################################################################################################################
Junkware Removal Tool:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Admin on Thu 01/22/2015 at 19:09:58.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-aaa1-bf9c473dd360}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows

\CurrentVersion\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-aaa1-bf9c473dd360}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 19:13:05.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
19
Post Here for Malware Removal ... / Re: {In Progress - K] Pop ups
« Last post by kobra on January 22, 2015, 10:14:00 PM »
Thank you for looking at all these scans.  No, I haven't had any other problems so far.  I haven't been using it a
whole lot though. 

Due to length restrictions I have attached the logs in 3 parts. 

Part 1 (VirusTotal & FRST & MalwareBytes)

Here are the results of he VirusTotal scans.  I wasn't sure what you wanted pasted in, but with the hash, you can

look up the results yourself.  Neither file had any positive matches.

#################################################################################################################
67F23A27.sys:
SHA256:    6238fb8e785652040cce3e7044ea52066ce1bf173a1467474d64a3ab214b6bcd
File name:    67F23A27.sys
Detection ratio:    0 / 56
Analysis date:    2015-01-22 05:18:12 UTC ( 1 minute ago )
4
0
Probably harmless! There are strong indicators suggesting that this file is safe to use.

#################################################################################################################
12D43959.sys:
SHA256:    6238fb8e785652040cce3e7044ea52066ce1bf173a1467474d64a3ab214b6bcd
File name:    12D43959.sys
Detection ratio:    0 / 56
Analysis date:    2015-01-22 05:32:33 UTC ( 3 minutes ago )


#################################################################################################################
Fixlog from FRST:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by Bonnie at 2015-01-21 22:39:43 Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Bonnie & Admin (Available profiles: Bonnie & Admin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =

http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06927^us&si=CPC7u9_BzrkCFeqDQgodWCsAaw&ptb=7591A84B-

239C-40EE-A83E-84C8EA746CC3&ind=2013091522&n=77fd56c2&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {30BFC086-8BB7-466F-8E12-0A89A3B33C6C} URL =

http://start.mysearchdial.com/results.php?f=4&q={searchTerms}

&a=dsites&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByByD0D0Fzz0F0D0D0CyD0AtN0D0Tzu0SyBzyyDtN1L2XzutBtFtCyBtFtDtFtCtN1L1CzutDtBtC

tC1V1PtN1L1G1B1V1N2Y1L1Qzu2SyEtDyEyCyE0FyByBtGyB0CtAtBtGtDtAyEzytG0FyC0F0FtGyCyDzy0F0BtDyEyDtD0AyCyD2QtN1M1F1B2Z1V1

N2Y1L1Qzu2SyCyB0CyDyCzz0DzztG0B0FyCyDtGtBtDzyyEtGtCtDzyyDtGtDtB0E0CyByCtCyC0CzzyBtA2Q&cr=1308762248&ir=
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {47287947-90A5-41BC-A98B-24214FA5ECE9} URL =

https://search.yahoo.com/search?fr=mcafee&type=B010US739D20120919&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {55D8CC73-D9F8-4F92-8EAE-0081BE423565} URL =

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} URL =

http://search.netzero.net/search?action=search&source=browserboxapp&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL =

http://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL =

http://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^S06927^us&si=CPC7u9_BzrkCFeqDQgodWCsAaw&ptb=7591A84B-

239C-40EE-A83E-84C8EA746CC3&ind=2013091522&n=77fd56c2&psa=&st=sb&searchfor={searchTerms}
BHO: caoupoNpEaK -> {01050D05-D546-B8DC-954D-8334A8A7BF5A} -> C:\ProgramData\caoupoNpEaK\_1Y.x64.dll No File
BHO: AudioCeonvaeert -> {2F344960-763E-9E6C-E973-25241A34D54E} -> C:\ProgramData\AudioCeonvaeert\mRE8_SdP.x64.dll

No File
BHO: DiscounntLoCaatOr -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} -> C:\ProgramData\DiscounntLoCaatOr

\4hvGyEzAwMBtBM.x64.dll ()
BHO: SaoftiCoup -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} -> C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll ()
BHO: PrinCECCoupon -> {B4552D3D-6B41-9AF1-3067-72A066972344} -> C:\ProgramData\PrinCECCoupon\jsih.x64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan

\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: No Name -> {39dd84e0-d7e2-4b5c-88df-6bfebdce6716} ->  No File
BHO-x32: No Name -> {b2ba0648-6833-4057-aaa1-bf9c473dd360} ->  No File
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files

(x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - 

No File
Toolbar: HKU\S-1-5-21-2977827394-2594518940-965070511-1000 -> No Name - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - 

No File
DPF: HKLM-x32 {E4D88471-7ED7-43E1-B290-205559E8EBB2} https://my.madisonhospital.org/mig/mae/login/Browser

%20Logoff.dll
DPF: HKLM-x32 {ECB7BFF0-FF65-11D1-9004-00A0C92E6878} https://my.madisonhospital.org/mig/mae/login/MWebEnable.dll
S1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs

\20120711.002\BHDrvx64.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs

\20120727.033\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs

\20120727.033\EX64.SYS [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
C:\windows\system32\drivers\qknfd.sys
C:\ProgramData\DiscounntLoCaatOr
C:\ProgramData\SaoftiCoup
C:\ProgramData\PrinCECCoupon
C:\Program Files (x86)\Uniqoupons
C:\Program Files (x86)\Optimizer Pro
C:\Users\Bonnie\jobq (1).dat
C:\Users\Bonnie\jobq (2).dat
C:\Users\Bonnie\jobq.dat
C:\Users\Bonnie\AppData\Local\Temp\autorun.dll
C:\Users\Bonnie\AppData\Local\Temp\COMAP.EXE
C:\Users\Bonnie\AppData\Local\Temp\Couponscom.exe
C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnzo84j.dll
C:\Users\Bonnie\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bonnie\AppData\Local\Temp\_is6A1B.exe
Task: {224B946F-8456-4B76-B6A5-CC5D802F83D2} - System32\Tasks\Norton WSC Integration => C:\Program Files

(x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe
C:\Program Files (x86)\Norton Internet Security
Task: {3E4DBC7D-7F19-4D96-BC4B-4539E3201C58} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:

\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Task: {D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D} - System32\Tasks\Norton Internet Security\Norton Error Processor =>

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe
Emptytemp:
end



*****************

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => Value could not be deleted.
HKLM\SOFTWARE\Policies\Google => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key

could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{30BFC086-8BB7

-466F-8E12-0A89A3B33C6C} => Key could not be deleted. Access denied.
HKCR\CLSID\{30BFC086-8BB7-466F-8E12-0A89A3B33C6C} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47287947-90A5

-41BC-A98B-24214FA5ECE9} => Key could not be deleted. Access denied.
HKCR\CLSID\{47287947-90A5-41BC-A98B-24214FA5ECE9} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55D8CC73-D9F8

-4F92-8EAE-0081BE423565} => Key could not be deleted. Access denied.
HKCR\CLSID\{55D8CC73-D9F8-4F92-8EAE-0081BE423565} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{88BA080D-

DF1A-45D2-8CE2-8461E30FBFFE} => Key could not be deleted. Access denied.
HKCR\CLSID\{88BA080D-DF1A-45D2-8CE2-8461E30FBFFE} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-

741b-41ae-ac4a-aff96ba00f7e} => Key could not be deleted. Access denied.
HKCR\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9a216821-0ec5

-49a3-85ac-fb72ae79a1e8} => Key could not be deleted. Access denied.
HKCR\CLSID\{9a216821-0ec5-49a3-85ac-fb72ae79a1e8} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01050D05-D546-B8DC-954D-

8334A8A7BF5A} => Key could not be deleted. Access denied.
HKCR\CLSID\{01050D05-D546-B8DC-954D-8334A8A7BF5A} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F344960-763E-9E6C-E973-

25241A34D54E} => Key could not be deleted. Access denied.
HKCR\CLSID\{2F344960-763E-9E6C-E973-25241A34D54E} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-88df-

6bfebdce6716} => Key could not be deleted. Access denied.
HKCR\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-aaa1-

bf9c473dd360} => Key could not be deleted. Access denied.
HKCR\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4552D3D-6B41-9AF1-3067-

72A066972344} => Key could not be deleted. Access denied.
HKCR\CLSID\{B4552D3D-6B41-9AF1-3067-72A066972344} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-

8D9D-083EF7066A01} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dd84e0-d7e2-4b5c-

88df-6bfebdce6716} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{39dd84e0-d7e2-4b5c-88df-6bfebdce6716} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba0648-6833-4057-

aaa1-bf9c473dd360} => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{b2ba0648-6833-4057-aaa1-bf9c473dd360} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Value

could not be deleted.
HKCR\Wow6432Node\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value

could not be deleted.
HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKU\S-1-5-21-2977827394-2594518940-965070511-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => value deleted successfully.
HKCR\CLSID\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{E4D88471-7ED7-43E1-B290-205559E8EBB2}

=> Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{E4D88471-7ED7-43E1-B290-205559E8EBB2} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{ECB7BFF0-FF65-11D1-9004-00A0C92E6878}

=> Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{ECB7BFF0-FF65-11D1-9004-00A0C92E6878} => Key not found.
BHDrvx64 => Error deleting Service
NAVENG => Error deleting Service
NAVEX15 => Error deleting Service
qknfd => Error deleting Service
"C:\windows\system32\drivers\qknfd.sys" => File/Directory not found.

"C:\ProgramData\DiscounntLoCaatOr" directory move:

Could not move "C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.tlb" => Scheduled to move on reboot.
Could not move "C:\ProgramData\DiscounntLoCaatOr\4hvGyEzAwMBtBM.x64.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\DiscounntLoCaatOr" directory. => Scheduled to move on reboot.


"C:\ProgramData\SaoftiCoup" directory move:

Could not move "C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.tlb" => Scheduled to move on reboot.
Could not move "C:\ProgramData\SaoftiCoup\HDwI4jNxyFjYaK.x64.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\SaoftiCoup" directory. => Scheduled to move on reboot.


"C:\ProgramData\PrinCECCoupon" directory move:

Could not move "C:\ProgramData\PrinCECCoupon\jsih.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\PrinCECCoupon\jsih.tlb" => Scheduled to move on reboot.
Could not move "C:\ProgramData\PrinCECCoupon" directory. => Scheduled to move on reboot.


"C:\Program Files (x86)\Uniqoupons" directory move:

Could not move "C:\Program Files (x86)\Uniqoupons\funcoupons.dll.vir" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\Uniqoupons" directory. => Scheduled to move on reboot.


"C:\Program Files (x86)\Optimizer Pro" directory move:

Could not move "C:\Program Files (x86)\Optimizer Pro" directory. => Scheduled to move on reboot.

C:\Users\Bonnie\jobq (1).dat => Moved successfully.
C:\Users\Bonnie\jobq (2).dat => Moved successfully.
C:\Users\Bonnie\jobq.dat => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\autorun.dll => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\COMAP.EXE => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\Couponscom.exe => Moved successfully.
"C:\Users\Bonnie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnzo84j.dll" =>

File/Directory not found.
C:\Users\Bonnie\AppData\Local\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Users\Bonnie\AppData\Local\Temp\_is6A1B.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{224B946F-8456-4B76-B6A5-CC5D802F83D2}

=> Key could not be deleted. Access denied.
C:\Windows\System32\Tasks\Norton WSC Integration not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration => Key could not

be deleted. Access denied.
"C:\Program Files (x86)\Norton Internet Security" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E4DBC7D-7F19-4D96-BC4B-4539E3201C58}

=> Key could not be deleted. Access denied.
Could not move "C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer" => Scheduled to move on

reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error

Analyzer => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8E2FD8D-CCA1-48A5-AADF-3AA2FC346D7D}

=> Key could not be deleted. Access denied.
Could not move "C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor" => Scheduled to move on

reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error

Processor => Key could not be deleted. Access denied.
EmptyTemp: => Removed 3.9 GB temporary data.


#################################################################################################################
There were no positives found from MalwareBytes,

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/21/2015
Scan Time: 10:54:50 PM
Logfile: 150121_MalwareBytesScanResults.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.22.03
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393337
Time Elapsed: 17 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
20
Post Here for Malware Removal ... / Re: [In Progress] iexplore.exe eating up my CPU
« Last post by Hoov on January 22, 2015, 09:20:11 PM »
I apologize for not replying to your post. I did not see the response. Are you still having this problem?
Pages: 1 [2] 3 4 ... 10