Solved Windows Vista - Popups/Viruses in the way of everything

[Marie Olgin]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/7/2015
Scan Time: 9:34:35 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.07.03
Rootkit Database: v2015.02.25.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Marie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 688492
Time Elapsed: 22 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 2
PUP.Optional.Multiplug, C:\Program Files (x86)\sayescoupon\sayescoupon.dll, Delete-on-Reboot, [ab04da68c3c751e5c0c86dbf29d99d63],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.dll, Delete-on-Reboot, [812e8ab8563445f1b657141bf11126da],

Registry Keys: 37
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e62009da-412c-458f-8fe0-7bd3741c51c6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_.9, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe62009da_412c_458f_8fe0_7bd3741c51c6_.Pe62009da_412c_458f_8fe0_7bd3741c51c6_.9, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\CLSID\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\CLASSES\CLSID\{E62009DA-412C-458F-8FE0-7BD3741C51C6}\INPROCSERVER32, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E62009DA-412C-458F-8FE0-7BD3741C51C6}, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7223EDAC-E091-B3C1-BD91-B66CE557800F}, Quarantined, [832c3c06a0ea3105968d16f563a048b8],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}, Quarantined, [3778063c840663d330f37794b350ce32],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CF987D06-1DCF-7B36-5B43-13BC8699C44C}, Quarantined, [7837c9790c7e78bec36025e6b54e8779],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}, Quarantined, [2d82162cef9b53e376ade724e61d2ad6],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{e026910c-80ee-4273-8f0e-098f5d3bbcf8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.9, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.Pe026910c_80ee_4273_8f0e_098f5d3bbcf8_.9, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{E026910C-80EE-4273-8F0E-098F5D3BBCF8}, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7304C9D1-98AD-55F0-636E-22D8DD57F176}, Quarantined, [b0ff083abfcb9d99d251e12a0003d32d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{51417852-174C-88D4-34A0-D0FE7858BE47}, Quarantined, [cee150f22b5f51e5df4448c3c63d38c8],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{74972EDF-A814-4507-8DD0-7A8C56A7DDBF}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{CEEAE576-EBDB-4824-929F-273454600785}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB9A7BD0-EE09-427E-AB13-C54EE0C4EF86}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{74972EDF-A814-4507-8DD0-7A8C56A7DDBF}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{CEEAE576-EBDB-4824-929F-273454600785}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB9A7BD0-EE09-427E-AB13-C54EE0C4EF86}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.ExtremeBlocker.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [6a45ff43ff8b0c2ade69c5cb27dc1fe1],

Registry Values: 0
(No malicious items detected)

Registry Data: 3
PUP.Optional.GboxApp.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),Replaced,[f3bc62e0c1c9102646914c874db85da3]
PUP.Optional.GboxApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),Replaced,[1a9597ab612951e5c215f4df3dc8d42c]
PUP.Optional.GboxApp.A, HKU\S-1-5-21-2355649138-3362126530-1860452381-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.gboxapp.com/, Good: (www.google.com), Bad: (http://search.gboxapp.com/),Replaced,[159a0240761456e020b8def5a46157a9]

Folders: 2
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NetoCoUpon, Delete-on-Reboot, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker, Quarantined, [6a45ff43ff8b0c2ade69c5cb27dc1fe1],

Files: 26
PUP.Optional.Multiplug, C:\Program Files (x86)\sayescoupon\sayescoupon.dll, Delete-on-Reboot, [ab04da68c3c751e5c0c86dbf29d99d63],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.dll, Delete-on-Reboot, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug.A, C:\Program Files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.x64.dll, Quarantined, [812e8ab8563445f1b657141bf11126da],
PUP.Optional.Multiplug, C:\Program Files (x86)\DigiSaaver\DigiSaaver.exe, Quarantined, [832c3c06a0ea3105968d16f563a048b8],
PUP.Optional.Multiplug, C:\Program Files (x86)\EnnjeoyCOupoenn\EnnjeoyCOupoenn.exe, Quarantined, [3778063c840663d330f37794b350ce32],
PUP.Optional.Multiplug, C:\Program Files (x86)\Jobisjob Alerts\Jobisjob Alerts.exe, Quarantined, [7837c9790c7e78bec36025e6b54e8779],
PUP.Optional.Multiplug, C:\Program Files (x86)\JoniCoupOin\JoniCoupOin.exe, Quarantined, [5b54d56d3f4ba88ebc675bb04db615eb],
PUP.Optional.Multiplug, C:\Program Files (x86)\Omnifinder\Omnifinder.exe, Quarantined, [2d82162cef9b53e376ade724e61d2ad6],
PUP.Optional.Multiplug, C:\Program Files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.dll, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, C:\Program Files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.x64.dll, Quarantined, [634cf54d850596a04641fb31649e31cf],
PUP.Optional.Multiplug, C:\Program Files (x86)\SaVeNewwaApppz\SaVeNewwaApppz.exe, Quarantined, [b0ff083abfcb9d99d251e12a0003d32d],
PUP.Optional.Multiplug, C:\Program Files (x86)\SiteLauncher\SiteLauncher.exe, Quarantined, [cee150f22b5f51e5df4448c3c63d38c8],
PUP.Optional.SafeInstall.A, C:\Users\Marie\AppData\Local\temp\vXVL29Vi.exe.part, Quarantined, [1d92ef53d6b4e452c55d80f741c02fd1],
PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_049d95a0, Delete-on-Reboot, [ab048ab8a7e3979f3d4a41eb669c04fc],
PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_0f387289, Delete-on-Reboot, [c6e9073b4f3bf442e99e58d41ce618e8],
PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_2438de68, Delete-on-Reboot, [129df1515733fb3b6d1a6cc0e91947b9],
PUP.Optional.Multiplug, C:\Users\Marie\AppData\Local\temp\__tmp_2fd686b4, Delete-on-Reboot, [456ae85a6822fe38582f71bbdc26db25],
PUP.Optional.ShoppingGate.A, C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [644b10324a40ff37d5607f5c986b53ad],
PUP.Optional.ShoppingGate.A, C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [c8e70240afdb5dd9181d8b50c73ca759],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NetoCoUpon\30TtggZq7DQrLp.dat, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\NetoCoUpon\30TtggZq7DQrLp.tlb, Quarantined, [d2ddb09293f740f61a74b3cc55ae817f],
PUP.Optional.ExtremeBlocker.A, C:\ProgramData\Extreme Blocker\Extreme Blocker.exe, Quarantined, [6a45ff43ff8b0c2ade69c5cb27dc1fe1],
PUP.Optional.GboxApp.A, C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://search.gboxapp.com/",), Replaced,[8827d76baedcb97d18b1ca508c7af50b]
PUP.Optional.GboxApp.A, C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "homepage": "http://search.gboxapp.com/",), Replaced,[04ab87bb94f67db921a84bcf3acceb15]
PUP.Optional.GboxApp.A, C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/"), Replaced,[9c13053d98f2cc6a6164889236d08f71]
PUP.Optional.GboxApp.A, C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://search.gboxapp.com/"), Replaced,[ddd2073b8cfe7cba6362170395719d63]

Physical Sectors: 0
(No malicious items detected)


(end)

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/7/2009 11:03:39 AM
System Uptime: 3/7/2015 10:02:02 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0R849J
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 4.134 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 6.937 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001105-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001106-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001106-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&00010008_PID&B01A\8&2B1AEFED&0&0017EB2504A4_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00001112-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&2B1AEFED&0&4325A20122EC_C00000000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Shrew Soft Virtual Adapter
Device ID: ROOT\VNET\0000
Manufacturer: Shrew Soft
Name: Shrew Soft Virtual Adapter
PNP Device ID: ROOT\VNET\0000
Service: vnet
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
64 bit Windows Card Reader Driver
Acrobat.com
Action!
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.06)
Adobe Refresh Manager
Adobe Shockwave Player 12.1
AIM 7
Amazon MP3 Downloader 1.0.18
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Avidemux 2.6
BitRaider Web Client
Bonjour
CamStudio
CamStudio 2.7.2
Canon MP Navigator 2.2
Canon MP530
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
Data Lifeguard Diagnostic for Windows 1.27
Definition Update for Microsoft Office 2010 (KB2956079) 32-Bit Edition
Dell Client Configuration Utility - Powered by Altiris
Dell Dock
Dell Edoc Viewer
Dell Remote Access
Dell System Detect
Dropbox
EA Download Manager
ESET Online Scanner v3
Express Zip
Facebook Image Zoom and Downloader
FinddBesstDeal
Five Nights at Freddy's DEMO
GIMP 2.6.7
GIMPshop 2.2.8
Gizmo Central
Google Chrome
Google Drive
Google Earth
Google SketchUp 8
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
Hauppauge WinTV
Hauppauge WinTV Soft PVR
Helium
Horizon v2.7.3.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Help
HP Deskjet 3520 series Product Improvement Study
HP Deskjet 3520 series Setup Guide
HP FWUpdateEDO2
HP Photo Creations
HP Update
HTC Driver Installer
Intel(R) Network Connections 13.1.33.0
Intel® Matrix Storage Manager
InterVideo FilterSDK for Hauppauge
IPTInstaller
IrfanView (remove only)
iSEEK AnswerWorks English Runtime
Java 7 Update 75
Java 7 Update 75 (64-bit)
JavaFX 2.0.3
Junk Mail filter update
KeePass Password Safe 1.21
LG USB Modem driver
Logitech Harmony Remote Software 7
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Luxor 2 (remove only)
magicJack
Malwarebytes Anti-Malware version 2.0.4.1028
McAfee SecurityCenter
McAfee SiteAdvisor
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET 2.0 AJAX Extensions 1.0
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2010
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft redistributable runtime DLLs VS2008 SP1(x86)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MPlayer (remove only)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NetoCoUpon
Notepad++
Open Workbench
OpenOffice.org 3.2
oPryzeLP MC360 Mod Tool
Paint.NET v3.5.10
Presto! PageManager 7.15.14
PriiceCChop
Quicken 2009
Quicken 2012
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Remote Control USB Driver
Renesas Electronics USB 3.0 Host Controller Driver
ROBLOX Player for Marie
RoboSavEEr
RollerCoaster Tycoon 3 Platinum
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SAMSUNG USB Driver for Mobile Phones
SAP GUI for Windows 7.30
ScanSoft OmniPage SE 4.0
Secunia PSI (3.0.0.9016)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2956081) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2920748) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2956066) 32-Bit Edition
Segoe UI
Serif PagePlus SE 1.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
ShopaDrop
Shrew Soft VPN Client
Shutterfly Express Uploader
SimCity 4 Deluxe
Skins
Skype™ 6.11
Snagit 11
SNC Client Encryption
Spelling Dictionaries Support For Adobe Reader 9
Star Wars The Old Republic
Star Wars: The Old Republic
swMSM
TeamViewer 10
The Sims Carnival SnapCity
The Sims™ 2 Deluxe
The Sims™ 3
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB2956054) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2956128) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2956129) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VideoPad Video Editor
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2010 x64 Redistributables
VLC media player
WIDCOMM Bluetooth Software 6.0.1.4303
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
WinZip 17.5
WModem_Installer
YTD YouTube Downloader & Converter 3.7
.
==== End Of File ===========================

 

[Marie Olgin]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16609 BrowserJavaVersion: 10.75.2
Run by Marie at 10:21:18 on 2015-03-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.2580 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Gizmo\gservice.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files\ShrewSoft\VPN Client\iked.exe
C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mStart Page = www.google.com
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: TheSeaApp: {c585d593-e7f4-4852-a200-561686ee02e4} -
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [cdloader] "C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [AmazonMP3DownloaderHelper] C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
dRunOnce: [{90140000-0018-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-0016-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-001B-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0EB5217B-D408-480B-B834-370FD866A684} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} : NameServer = 170.65.228.4,170.65.232.77
Filter: application/octet-stream - <Clsid value has no data>
Filter: application/x-complus - <Clsid value has no data>
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: application/x-msdownload - <Clsid value has no data>
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-mPolicies-System: HideFastUserSwitching = dword:1
x64-mPolicies-System: EnableSecureUIAPath = dword:1
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: application/octet-stream - <Clsid value has no data>
x64-Filter: application/x-complus - <Clsid value has no data>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: application/x-msdownload - <Clsid value has no data>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.look-for-it.info/?pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Users\Marie\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\NPRobloxProxy.dll
FF - plugin: C:\Users\Marie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-9-24 786296]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-9-24 348552]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-7 53488]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R1 GizmoDrv;Gizmo Device Driver;C:\Windows\System32\drivers\gizmodrv.sys [2010-2-14 32840]
R1 vflt;Shrew Soft Lightweight Filter;C:\Windows\System32\drivers\vfilter.sys [2013-4-15 24064]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-5-7 88576]
R2 Apache2.2;Remote Access Media Server;C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-9-21 15872]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 176624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB;C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-9-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-1-5 173296]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Gizmo Central;Gizmo Central;C:\Program Files (x86)\Gizmo\gservice.exe [2010-2-14 31856]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
R2 iked;ShrewSoft IKE Daemon;C:\Program Files\ShrewSoft\VPN Client\iked.exe -service --> C:\Program Files\ShrewSoft\VPN Client\iked.exe -service [?]
R2 ipsecd;ShrewSoft IPSEC Daemon;C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service --> C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -service [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2013-10-20 155368]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-10-20 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-10-20 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-10-20 1041192]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-10-20 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-10-20 189912]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-1-19 5436176]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2013-9-24 72128]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-5-7 316544]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-9-24 313544]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-9-24 523792]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-8-20 445512]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 fd8830a9;sayescoupon;C:\Windows\System32\rundll32.exe [2006-11-2 46592]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 TracSrvWrapper;Check Point Endpoint Connect;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe --> C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [?]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2013-12-7 477960]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2015-1-8 95544]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-22 197704]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-6-10 31744]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 htcusbnet;HTC USB-NDIS miniport;C:\Windows\System32\drivers\htcusbnet.sys [2011-6-5 153600]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-8-20 96592]
S3 ncplelhp;NCP Secure Client NDIS6 Driver;C:\Windows\System32\drivers\ncplelhp.sys [2009-5-17 146312]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2015-1-8 203320]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\System32\drivers\tinspusb.sys [2010-3-29 142848]
S3 VNA;Check Point Virtual Network Adapter;C:\Windows\System32\drivers\vna.sys [2009-4-2 161256]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\System32\drivers\vnaap.sys [2009-4-2 161256]
S3 vnet;Shrew Soft Virtual Adapter;C:\Windows\System32\drivers\virtualnet.sys [2013-4-15 17408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-16 90776]
S4 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\System32\drivers\hcw85cir.sys [2009-5-7 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2015-03-07 17:10:44 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-03-06 00:09:32 20 ----a-w- C:\Users\Marie\AppData\Roaming\appdataFr3.bin
2015-02-13 10:32:34 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2015-02-13 10:32:25 320424 ----a-w- C:\Windows\System32\javaws.exe
2015-02-13 10:32:25 189352 ----a-w- C:\Windows\System32\javaw.exe
2015-02-13 10:32:25 189352 ----a-w- C:\Windows\System32\java.exe
2015-02-13 10:29:35 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-13 10:28:57 272808 ----a-w- C:\Windows\SysWow64\javaws.exe
2015-02-13 10:28:57 175528 ----a-w- C:\Windows\SysWow64\javaw.exe
2015-02-13 10:28:57 175528 ----a-w- C:\Windows\SysWow64\java.exe
2015-02-12 10:02:58 116773704 ----a-w- C:\Windows\System32\mrt.exe
2015-02-05 13:58:13 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 13:58:13 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-23 04:07:11 2339840 ----a-w- C:\Windows\System32\jscript9.dll
2015-01-23 03:59:28 816640 ----a-w- C:\Windows\System32\jscript.dll
2015-01-23 03:00:27 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-01-23 02:51:23 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2015-01-15 06:53:34 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 04:08:29 516536 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-14 03:08:42 17878016 ----a-w- C:\Windows\System32\mshtml.dll
2015-01-14 02:59:33 10924032 ----a-w- C:\Windows\System32\ieframe.dll
2015-01-14 02:59:04 448512 ----a-w- C:\Windows\System32\html.iec
2015-01-14 02:49:37 1388032 ----a-w- C:\Windows\System32\urlmon.dll
2015-01-14 02:49:35 1392128 ----a-w- C:\Windows\System32\wininet.dll
2015-01-14 02:47:51 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-14 02:47:45 599040 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-14 02:47:14 237056 ----a-w- C:\Windows\System32\url.dll
2015-01-14 02:47:08 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2015-01-14 02:46:46 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2015-01-14 02:46:01 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-14 02:45:59 2157056 ----a-w- C:\Windows\System32\iertutil.dll
2015-01-14 02:45:06 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
2015-01-14 02:45:00 282112 ----a-w- C:\Windows\System32\dxtrans.dll
2015-01-14 02:44:55 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
2015-01-14 02:44:54 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2015-01-14 02:44:49 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
2015-01-14 02:44:48 248320 ----a-w- C:\Windows\System32\ieui.dll
2015-01-14 02:44:46 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-14 02:44:42 12800 ----a-w- C:\Windows\System32\mshta.exe
2015-01-14 01:51:42 12371456 ----a-w- C:\Windows\SysWow64\mshtml.dll
2015-01-14 01:49:16 367104 ----a-w- C:\Windows\SysWow64\html.iec
2015-01-14 01:46:05 9742336 ----a-w- C:\Windows\SysWow64\ieframe.dll
2015-01-14 01:43:54 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
2015-01-14 01:42:51 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-14 01:42:31 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-14 01:41:35 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
2015-01-14 01:41:34 231936 ----a-w- C:\Windows\SysWow64\url.dll
2015-01-14 01:41:28 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-14 01:41:26 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2015-01-14 01:41:09 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-14 01:41:01 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2015-01-14 01:40:54 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
2015-01-14 01:40:48 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
2015-01-14 01:40:45 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2015-01-14 01:40:39 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2015-01-14 01:40:38 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2015-01-14 01:40:35 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2015-01-14 01:40:33 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-14 01:40:32 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2015-01-13 01:51:40 1209856 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-01-13 01:39:22 974848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-01-09 00:34:00 2790912 ----a-w- C:\Windows\System32\win32k.sys
2014-12-19 00:26:53 139776 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-08 01:59:34 306176 ----a-w- C:\Windows\SysWow64\scesrv.dll
2014-12-08 01:37:22 399360 ----a-w- C:\Windows\System32\scesrv.dll
.
============= FINISH: 10:22:07.17 ===============

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download

Malwarebytes Anti-Rootkit (MBAR) to your desktop.

• Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
• Double click on downloaded file. OK self extracting prompt.
• MBAR will start. Click "Next" to continue.
• Click in the following screen "Update" to obtain the latest malware definitions.
• Once the update is complete select "Next" and click "Scan".
• When the scan is finished and no malware has been found select "Exit".
• If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
• Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

[Marie Olgin]

RogueKiller V10.5.1.0 [Mar 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Marie [Administrator]
Started from : C:\Users\Marie\Desktop\RogueKiller.exe
Mode : Delete -- Date : 03/07/2015 11:18:23
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] AmazonMP3DownloaderHelper.exe(4184) -- C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[-] -> Killed [TermProc]
¤¤¤ Registry : 47 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [-][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [-] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | cdloader : "C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H [-][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0018-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-003D-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-0016-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-001B-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-006E-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90140000-00A1-0409-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H -> ERROR [2]
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} | NameServer : 170.65.228.4,170.65.232.77 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} | NameServer : 170.65.228.4,170.65.232.77 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68} | NameServer : 170.65.228.4,170.65.232.77 [UNITED STATES (US)][UNITED STATES (US)] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D879\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 2efaacf05f213086b68ddf504388c021
[BSP] 581a5605d6dfbfe256b7edfb06b85cd6 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 145408 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31602688 | Size: 461505 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([57] The parameter is incorrect. )
+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_SCN_03072015_110936.log

 

[Marie Olgin]

MBAR No Malware Found!

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Marie Olgin]

After clicking on one of the links to download ComboFix, browser was not responding. I closed browser by doing an "End Task" from task manager. Restarted in a different browser, same results. Nothing is responding now, including Windows. Is it okay if I do a reboot at this point?

 

[Marie Olgin]

FYI, posting from a different computer ATM

 

[Broni]

You can restart if you wish.
Also, uploaded Combofix for you here: https://www.sendspace.com/file/qbqzeq

 

[Marie Olgin]

Multiple attempts from the new site and from the other sites is not allowing me to download. It acts like it is downloading but then says "ComboFix.ext might have been moved or deleted."

 

[Broni]

Disable your AV program and try again.

 

[Marie Olgin]

ComboFix 15-03-01.01 - Marie 03/07/2015 16:33:58.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.3493 [GMT -7:00]
Running from: c:\users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ONNYWR98\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FinddBesstDeal
c:\program files (x86)\FinddBesstDeal\mwSGoy9zcHZQwU.dat
c:\program files (x86)\FinddBesstDeal\mwSGoy9zcHZQwU.tlb
c:\program files (x86)\PriiceCChop
c:\program files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.dat
c:\program files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.tlb
c:\program files (x86)\RoboSavEEr
c:\program files (x86)\RoboSavEEr\dTE45Fdi1aTDBY.dat
c:\program files (x86)\RoboSavEEr\dTE45Fdi1aTDBY.tlb
c:\program files (x86)\ShopaDrop
c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.dat
c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.exe
c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.tlb
c:\program files (x86)\SihopDrOp
c:\program files (x86)\SihopDrOp\YOlAZ9Tr6q8Qb2.dat
c:\program files (x86)\SihopDrOp\YOlAZ9Tr6q8Qb2.tlb
c:\programdata\1901603862025610039
c:\programdata\1901603862025610039\07870b539a388c2b96dc38569efab410.ini
c:\programdata\1901603862025610039\2544e9905b19ed4896dc38569efab410.ini
c:\programdata\1901603862025610039\2a0b23fa8d6e74d496dc38569efab410.ini
c:\programdata\1901603862025610039\465f8e59c1c2d77496dc38569efab410.ini
c:\programdata\1901603862025610039\48b7d16c1455ab2596dc38569efab410.ini
c:\programdata\1901603862025610039\4ab07dd0adbafc3696dc38569efab410.ini
c:\programdata\1901603862025610039\60b6132765a7b0ab96dc38569efab410.ini
c:\programdata\1901603862025610039\62dd3921369ec2f696dc38569efab410.ini
c:\programdata\1901603862025610039\8c84dcdc46445dd696dc38569efab410.ini
c:\programdata\1901603862025610039\c639ec01ae8d99a996dc38569efab410.ini
c:\programdata\1901603862025610039\cd5b15e575e1c3d096dc38569efab410.ini
c:\programdata\1901603862025610039\f392fc60cfeefae496dc38569efab410.ini
c:\programdata\1901603862025610039\f6f6eb7fa6ec985796dc38569efab410.ini
c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj
c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\background.html
c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\content.js
c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\lsdb.js
c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\manifest.json
c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\woisrEIxbT.js
c:\users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj
c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\background.html
c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\content.js
c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\lsdb.js
c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\manifest.json
c:\users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\woisrEIxbT.js
c:\users\John\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\background.html
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\content.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\lsdb.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\manifest.json
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\calhgleedaaigmhnoklfenlfhlbfdloo\246\TV.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\background.html
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\content.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\lOxZG1BDI.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\lsdb.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmipeblhclmbklgalmpgilfonejhlgb\175\manifest.json
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\background.html
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\content.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\lsdb.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\manifest.json
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj\156\woisrEIxbT.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\aFwY.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\background.html
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\content.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\lsdb.js
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmlpbcjkpppncefeoongifnpinjmegf\143\manifest.json
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ecmipeblhclmbklgalmpgilfonejhlgb
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ehloibeiaffhibffchiobihgcainmcep
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\000003.log
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\CURRENT
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOCK
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\LOG
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibgbdgngjflpkahkoabmiijlaggkinaj\MANIFEST-000002
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmebmmnpohfhoknnlpohjaembcipocaa
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpimjanmknifnoiajikmhmhmlihdccbd_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bpimjanmknifnoiajikmhmhmlihdccbd_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_calhgleedaaigmhnoklfenlfhlbfdloo_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_calhgleedaaigmhnoklfenlfhlbfdloo_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddkmnnjagobggenpodlgemgpgdhoapnp_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ddkmnnjagobggenpodlgemgpgdhoapnp_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlggapfljcnbmajohkhhapaoajopbncm_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecmipeblhclmbklgalmpgilfonejhlgb_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ecmipeblhclmbklgalmpgilfonejhlgb_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edefbbbcggajdncnoingicdckbhngpcj_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_edefbbbcggajdncnoingicdckbhngpcj_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehloibeiaffhibffchiobihgcainmcep_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hokidjkfnkghmbhmdjgeooaahehhiomh_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hokidjkfnkghmbhmdjgeooaahehhiomh_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ibgbdgngjflpkahkoabmiijlaggkinaj_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mmebmmnpohfhoknnlpohjaembcipocaa_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plmlpbcjkpppncefeoongifnpinjmegf_0.localstorage-journal
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_plmlpbcjkpppncefeoongifnpinjmegf_0.localstorage
c:\users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\bootstrap.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\chrome.manifest
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\content\bg.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\eUn@Z.org\install.rdf
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\bootstrap.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\chrome.manifest
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\content\bg.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\ifPpiqKr@u.net\install.rdf
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\bootstrap.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\chrome.manifest
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\content\bg.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\J@TVoJ.com\install.rdf
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\bootstrap.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\chrome.manifest
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\content\bg.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\rO@s.net\install.rdf
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\bootstrap.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\chrome.manifest
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\content\bg.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\extensions\zVa7@2Bh.org\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2015-02-08 to 2015-03-08 )))))))))))))))))))))))))))))))
.
.
2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\Marie\AppData\Local\temp
2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\hedev\AppData\Local\temp
2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\AppData\AppData\Local\temp
2015-03-08 00:02 . 2015-03-08 00:02 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2015-03-07 17:58 . 2015-03-07 17:59 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-03-07 17:58 . 2015-03-07 17:59 -------- d-----w- c:\programdata\RogueKiller
2015-02-26 08:18 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\SaVeNewwaApppz
2015-02-26 08:18 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\Jobisjob Alerts
2015-02-20 10:17 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\DigiSaaver
2015-02-20 10:17 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\SiteLauncher
2015-02-20 09:58 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\Omnifinder
2015-02-20 09:57 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\JoniCoupOin
2015-02-20 09:57 . 2015-02-20 09:57 -------- d-----w- c:\programdata\hfkenbbeejopejgcaleojmmccjfammga
2015-02-20 01:37 . 2015-03-07 16:59 -------- d-----w- c:\program files (x86)\EnnjeoyCOupoenn
2015-02-18 17:47 . 2015-03-06 00:09 20 ----a-w- c:\users\Marie\AppData\Roaming\appdataFr3.bin
2015-02-13 10:33 . 2015-02-13 10:32 320424 ----a-w- c:\windows\system32\javaws.exe
2015-02-13 10:33 . 2015-02-13 10:32 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-02-13 10:33 . 2015-02-13 10:32 189352 ----a-w- c:\windows\system32\javaw.exe
2015-02-13 10:33 . 2015-02-13 10:32 189352 ----a-w- c:\windows\system32\java.exe
2015-02-13 10:32 . 2015-02-13 10:32 -------- d-----w- c:\program files\Java
2015-02-13 10:30 . 2015-02-13 10:29 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-02-13 10:28 . 2015-02-13 10:28 -------- d-----w- c:\program files (x86)\Java
2015-02-12 23:40 . 2015-03-07 17:02 -------- d-----w- c:\program files (x86)\sayescoupon
2015-02-12 23:40 . 2015-02-12 23:40 -------- d-----w- c:\program files (x86)\Facebook Image Zoom and Downloader
2015-02-12 23:39 . 2015-02-12 23:39 -------- d-----w- c:\program files (x86)\PriceChoop
2015-02-12 23:38 . 2015-02-12 23:38 -------- d-----w- c:\programdata\ihcpkcjfihddglhjfoelilgaahgpecfd
2015-02-12 23:38 . 2015-02-19 03:04 -------- d-----w- c:\programdata\{c4b73411-ea95-7132-c4b7-73411ea9d047}
2015-02-12 21:45 . 2015-02-13 00:19 -------- d-----w- c:\users\Marie\AppData\Roaming\.evanMCLauncher
2015-02-12 11:07 . 2015-01-23 04:07 2339840 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 11:07 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-12 11:07 . 2015-01-23 03:59 816640 ----a-w- c:\windows\system32\jscript.dll
2015-02-12 10:29 . 2014-12-08 01:59 306176 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-12 10:29 . 2014-12-08 01:37 399360 ----a-w- c:\windows\system32\scesrv.dll
2015-02-12 10:29 . 2015-01-09 00:34 2790912 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 10:29 . 2014-11-26 01:42 847360 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 10:29 . 2014-11-26 02:05 564224 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-02-12 10:18 . 2015-01-13 01:51 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 10:18 . 2015-01-13 01:39 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-12 10:13 . 2015-01-15 06:53 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-02-12 10:13 . 2015-01-15 04:08 516536 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-11 11:16 . 2015-01-14 02:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-07 18:42 . 2014-05-15 02:33 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-07 18:42 . 2014-05-15 02:32 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-12 10:02 . 2006-11-02 12:35 116773704 ----a-w- c:\windows\system32\mrt.exe
2015-02-05 13:58 . 2012-04-11 14:02 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 13:58 . 2011-06-08 16:33 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-19 00:26 . 2015-01-14 10:10 139776 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"GizmoDriveDelegate"="c:\progra~2\GIZMO\GDRIVE.DLL" [2010-02-15 390752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-13 304568]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-20 295072]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-26 537992]
.
c:\users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Lancee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
Dropbox.lnk - c:\users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-10 42555824]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-15 981544]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 04:21 1084744 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 13:58]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
.
2015-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-26 16:04]
.
2015-03-08 c:\windows\Tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job
- c:\windows\system32\msfeedssync.exe [2015-02-11 01:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 23:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-24 6975520]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68}: NameServer = 170.65.228.4,170.65.232.77
FF - ProfilePath - c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.look-for-it.info/?pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Mirillis Action! - c:\users\Marie\Desktop\Minecraft\Action!\uninstall.exe
AddRemove-{317D8BB4-16C3-CFBD-3777-AED69667DA46} - c:\program files (x86)\NetoCoUpon\30TtggZq7DQrLp.exe
AddRemove-{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} - c:\program files (x86)\Facebook Image Zoom and Downloader\Facebook Image Zoom and Downloader.exe
AddRemove-{B5DB572D-EA87-D3B0-08F6-4D153EA6A783} - c:\program files (x86)\FinddBesstDeal\mwSGoy9zcHZQwU.exe
AddRemove-{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6} - c:\program files (x86)\ShopaDrop\ZRf3ohX3AVvRWP.exe
AddRemove-{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8} - c:\program files (x86)\RoboSavEEr\dTE45Fdi1aTDBY.exe
AddRemove-{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD} - c:\program files (x86)\PriiceCChop\kQJ5bsL0mTvPcK.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"=hex:51,66,7a,6c,4c,1d,38,12,a3,9d,40,
65,55,82,59,01,df,2a,d9,ec,ce,8f,07,32
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{F3FEE66E-E034-436A-86E4-9690573BEE8A}"=hex:51,66,7a,6c,4c,1d,38,12,00,e5,ed,
f7,06,ae,04,06,f9,f2,d5,d0,52,65,aa,9e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B0CDA128-B425-4EEF-A174-61A11AC5DBF8}"=hex:51,66,7a,6c,4c,1d,38,12,46,a2,de,
b4,17,fa,81,0b,de,62,22,e1,1f,9b,9f,ec
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a0,1a,ff,a4,55,1d,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@DACL=(02 0011)
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
@DACL=(02 0011)
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@DACL=(02 0011)
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@DACL=(02 0011)
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-03-07 17:06:11
ComboFix-quarantined-files.txt 2015-03-08 00:06
.
Pre-Run: 6,529,343,488 bytes free
Post-Run: 7,999,696,896 bytes free
.
- - End Of File - - 0F966B898B3B0216D487061C8C09F43A
5C616939100B85E558DA92B899A0FC36

 

[Broni]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[Marie Olgin]

# AdwCleaner v3.211 - Report created 25/05/2014 at 19:38:10
# Updated 26/05/2014 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : Marie - ADMIN-PC
# Running from : C:\Users\Marie\Desktop\adwcleaner_3.211.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : vToolbarUpdater15.2.0
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\eSafe
[!] Folder Deleted : C:\Program Files (x86)\BrowseFox
[!] Folder Deleted : C:\Program Files (x86)\File Type Helper
[!] Folder Deleted : C:\Program Files (x86)\lucky leap
[!] Folder Deleted : C:\Program Files (x86)\PC TEKNIX
[!] Folder Deleted : C:\Program Files (x86)\SearchProtect
[!] Folder Deleted : C:\Windows\SysWOW64\WNLT
[!] Folder Deleted : C:\Program Files\Uninstaller
[!] Folder Deleted : C:\Users\Admin`\AppData\LocalLow\Fast Free Converter
[!] Folder Deleted : C:\Users\Gilbert\AppData\LocalLow\Fast Free Converter
[!] Folder Deleted : C:\Users\John\AppData\Local\SearchProtect
[!] Folder Deleted : C:\Users\John\AppData\LocalLow\Fast Free Converter
[!] Folder Deleted : C:\Users\John\AppData\LocalLow\Search Settings
[!] Folder Deleted : C:\Users\Lancee\AppData\LocalLow\Fast Free Converter
[!] Folder Deleted : C:\Users\Lancee\AppData\LocalLow\Search Settings
[!] Folder Deleted : C:\Users\Marie\AppData\Local\Oxy
[!] Folder Deleted : C:\Users\Marie\AppData\Local\SearchProtect
[!] Folder Deleted : C:\Users\Marie\AppData\Local\WordLayers
[!] Folder Deleted : C:\Users\Marie\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Marie\AppData\LocalLow\Mysearchdial
[!] Folder Deleted : C:\Users\Marie\AppData\LocalLow\SweetPacks_A8
[!] Folder Deleted : C:\Users\Marie\AppData\Roaming\Oxy
[!] Folder Deleted : C:\Users\Mcx1\AppData\LocalLow\Fast Free Converter
[!] Folder Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\user.js
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B90F32AD-859E-4EDD-BFAE-C9216849520C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C08AB035-3820-4FA7-9420-B0259A4DA2B8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAADF07B-7D06-4AF4-B3CA-6144830077EC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DMUninstaller
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16545

-\\ Mozilla Firefox v29.0.1 (en-US)
[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
[ File : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\prefs.js ]

-\\ Google Chrome v35.0.1916.114
[ File : C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzztDtA0AtDyByByDyEtAtAtN0D0Tzu0CyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=517001664&ir=
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
[ File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtDtByE0EzztDtA0AtDyByByDyEtAtAtN0D0Tzu0CyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=517001664&ir=
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
[ File : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322521&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=58&CUI=&UM=5&UP=SPA9132157-AF9C-4335-B96B-26587B82A809&q={searchTerms}&SSPV=
Deleted [Extension] : bcjagnifjocnddgeknajocbkkhlgibem
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : gjkpcnacdgdlpfejlgflolpaigoicibh
Deleted [Extension] : mocblcnaofikinigmceddfghppkkjbog
*************************
AdwCleaner[R0].txt - [8899 octets] - [25/05/2014 19:37:12]
AdwCleaner[S0].txt - [8478 octets] - [25/05/2014 19:38:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8538 octets] ##########
# AdwCleaner v4.111 - Logfile created 07/03/2015 at 18:04:22
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : Marie - ADMIN-PC
# Running from : C:\Users\Marie\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
***** [ Services ] *****
Service Deleted : CouponPrinterService
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Deleted : C:\Program Files (x86)\Coupons
[!] Folder Deleted : C:\Program Files (x86)\DigiSaaver
[!] Folder Deleted : C:\Program Files (x86)\EnnjeoyCOupoenn
[!] Folder Deleted : C:\Program Files (x86)\JoniCoupOin
[!] Folder Deleted : C:\Program Files (x86)\PriceChoop
[!] Folder Deleted : C:\Program Files (x86)\SaVeNewwaApppz
[!] Folder Deleted : C:\Program Files (x86)\sayescoupon
[!] Folder Deleted : C:\Users\Marie\AppData\Roaming\RHEng
[!] Folder Deleted : C:\ProgramData\hfkenbbeejopejgcaleojmmccjfammga
[!] Folder Deleted : C:\ProgramData\ihcpkcjfihddglhjfoelilgaahgpecfd
[!] Folder Deleted : C:\ProgramData\hfkenbbeejopejgcaleojmmccjfammga
[!] Folder Deleted : C:\ProgramData\ihcpkcjfihddglhjfoelilgaahgpecfd
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.babylon.com_0.localstorage-journal
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_.P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_
Key Deleted : HKLM\SOFTWARE\Classes\P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_.P1dcfd84c_0196_4c0a_b4f9_fc54b8948868_.9
Key Deleted : HKLM\SOFTWARE\Classes\P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_.P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_
Key Deleted : HKLM\SOFTWARE\Classes\P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_.P4695f5da_b2a8_4937_af7a_e4430ce1e8e8_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_.Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_
Key Deleted : HKLM\SOFTWARE\Classes\Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_.Pc4b7da38_93c9_4654_ae3f_84f74c1819d5_.9
Key Deleted : HKLM\SOFTWARE\Classes\Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_.Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_
Key Deleted : HKLM\SOFTWARE\Classes\Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_.Pfaa52574_26de_44e0_a0b1_3f1f1bf9613c_.9
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{89310413-97E0-4F09-AA75-390A7F4D4918}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1dcfd84c-0196-4c0a-b4f9-fc54b8948868}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4695f5da-b2a8-4937-af7a-e4430ce1e8e8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c4b7da38-93c9-4654-ae3f-84f74c1819d5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{faa52574-26de-44e0-a0b1-3f1f1bf9613c}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{317D8BB4-16C3-CFBD-3777-AED69667DA46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D8A9D3D9-F414-952D-AC93-E5F96D47B5BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BAEF9F3A-D10C-40DF-819D-D21D9600AE1A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Start Savin
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.7
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16609

-\\ Mozilla Firefox v35.0.1 (x86 en-US)
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82&l=1&q=");
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "WebSearch");
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("extensions.x1xZBGJcsv87G6Cp.url", "hxxp://getjpit.info/sync2/?q=hfZ9oeZNATCMCyVUojw8rHUMg708BNmGWj8lkGhGheDUojw8rdsGrdaFrTaGqchIC7n0rjkErTsErdwHpdsHtNhVCT94tMVKhd9Gqdw8rTY8qTU6qHw9qTs7rHa8t[...]
[a00sgbe4.default-1396488589006\prefs.js] - Line Deleted : user_pref("extensions.yJWECB9gPE4XqgzJ.url", "hxxp://jobfirstnet.info/sync2/?q=hfZ9ofbEBM0ZtNbPhd9Fqjr4tMqLDe49CNU0llrMCMlNhd9FqjaGrjsGrHr4rHgMBzqUojw8rdsFrTsHqdCGrch7hfs0pihPBMn0rTnFqjs5qjg4qHCFqdgGq[...]
-\\ Google Chrome v40.0.2214.115
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search;_ylt=AwrTca0YrtxSGX8AirsPxQt.;_ylc=X1MDMjExNDcwMDU1OQRfcgMyBGJjawNhNHByYjJwOHVnYWlwJTI2YiUzRDQlMjZkJTNEcUVMbE1oaHBZRUtXRXVzNTU5NjNoQlBKVXBUYV9CSl95MVR0ZGctLSUyNnMlM0Q4biUyNmklM0R2X3I1MU5rMVc0b3pibFlfc0tPdwRmcgN5aHMtaXJvbnNvdXJjZS1mdWxseWhvc3RlZF8wMDMEbXRlc3RpZANudWxsBG5fcnNsdAMxMARuX3N1Z2cDMgRvcmlnaW4DdXMueWhzNC5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzM2BHF1ZXJ5A3doYXQgbGFuZ3VhZ2UgaXMgc3Bva2VuIGluIGhvbmcga29uZwR0X3N0bXADMTM5MDE5NDIxNDY4NAR2dGVzdGlkA251bGw-?gprid=2R0kAWPkSGSbp8Sj8.zLQA&pvid=aZkBrjIwNi6iZ2sWUegqWQ7iNzAuMVLcrhj_u.XI&p={searchTerms}&fr2=sb-top&hspart=ironsource&hsimp=yhs-fullyhosted_003&type=irmsd1103
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82
-\\ Chromium v
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search;_ylt=AwrTca0YrtxSGX8AirsPxQt.;_ylc=X1MDMjExNDcwMDU1OQRfcgMyBGJjawNhNHByYjJwOHVnYWlwJTI2YiUzRDQlMjZkJTNEcUVMbE1oaHBZRUtXRXVzNTU5NjNoQlBKVXBUYV9CSl95MVR0ZGctLSUyNnMlM0Q4biUyNmklM0R2X3I1MU5rMVc0b3pibFlfc0tPdwRmcgN5aHMtaXJvbnNvdXJjZS1mdWxseWhvc3RlZF8wMDMEbXRlc3RpZANudWxsBG5fcnNsdAMxMARuX3N1Z2cDMgRvcmlnaW4DdXMueWhzNC5zZWFyY2gueWFob28uY29tBHBvcwMwBHBxc3RyAwRwcXN0cmwDBHFzdHJsAzM2BHF1ZXJ5A3doYXQgbGFuZ3VhZ2UgaXMgc3Bva2VuIGluIGhvbmcga29uZwR0X3N0bXADMTM5MDE5NDIxNDY4NAR2dGVzdGlkA251bGw-?gprid=2R0kAWPkSGSbp8Sj8.zLQA&pvid=aZkBrjIwNi6iZ2sWUegqWQ7iNzAuMVLcrhj_u.XI&p={searchTerms}&fr2=sb-top&hspart=ironsource&hsimp=yhs-fullyhosted_003&type=irmsd1103
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=1539&r=2015/02/12&hid=10870625545251107856&lg=EN&cc=US&unqvl=82
*************************
AdwCleaner[R0].txt - [21386 bytes] - [25/05/2014 19:37:12]
AdwCleaner[S0].txt - [22221 bytes] - [25/05/2014 19:38:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22281 bytes] ##########

 

[Marie Olgin]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Marie on Sat 03/07/2015 at 18:53:46.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211671166}
~~~ Files
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Marie\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Marie\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Marie\appdata\local\{798F39E1-FA29-41E4-A7B0-3CDADE92E0D9}
Successfully deleted: [Empty Folder] C:\Users\Marie\appdata\local\{9BA9D08B-EFCB-4B10-A3EA-601803B06D8E}
Successfully deleted: [Empty Folder] C:\Users\Marie\appdata\local\{AC3FE87A-DBAB-4292-945F-72B6551A9817}
~~~ FireFox
Successfully deleted the following from C:\Users\Marie\AppData\Roaming\mozilla\firefox\profiles\a00sgbe4.default-1396488589006\prefs.js
user_pref("extensions.1wepBhT1IRPbiwDj.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
user_pref("extensions.1wepBhT1IRPbiwDj.url", "hxxp://styleuniit.com/sync2/?q=hfZ9ofV9CShEAen0rjkHpihTB6lKDzt4olljtNtVh7n0rjkErTwGrTr9rdrEtMFHhd9FqjaGrjsGrHn6rTaMDMlGojUMAe4Uoj
user_pref("extensions.IeCOtYqvqczmEKaF.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
user_pref("extensions.VJLYs3EJBSMhreWM.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
user_pref("extensions.x1xZBGJcsv87G6Cp.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
user_pref("extensions.yJWECB9gPE4XqgzJ.scode", "(function(){try{if(window.self.location.href.indexOf(\"rja5qHa7rTk8qdkGqjwFrdC5qjg\")>-1){return;}}catch(e){}try{var d=[[\"aceb
Emptied folder: C:\Users\Marie\AppData\Roaming\mozilla\firefox\profiles\a00sgbe4.default-1396488589006\minidumps [13 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/07/2015 at 19:05:53.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Marie Olgin]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Marie (administrator) on ADMIN-PC on 07-03-2015 19:26:00
Running from C:\Users\Marie\Desktop
Loaded Profiles: RA Media Server & Marie (Available profiles: RA Media Server & Marie & Gilbert & John & Lancee & Mcx1)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Apache Software Foundation) C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
() C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
(SingleClick Systems) C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Dropbox, Inc.) C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6975520 2009-02-24] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295072 2012-12-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Aim] => C:\Program Files (x86)\AIM\aim.exe [3634024 2009-10-01] (AOL LLC)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Run: [GizmoDriveDelegate] => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {01191ed9-0ab2-11e1-9ec3-001e4ce6a070} - M:\TL-Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {1efcc887-cadc-11e0-ae91-001e4ce6a070} - L:\TL_Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {672e82eb-8e03-11e0-9279-f2ded128ae64} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {77bf3be5-4b57-11e2-a3fa-001e4ce6a070} - L:\MotoCastSetup.exe -a
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {8c727fea-674b-11e0-9b57-001e4ce6a070} - K:\TL_Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad5-3b30-11de-af16-806e6f6e6963} - E:\RunGame.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad6-3b30-11de-af16-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {d776dd1a-b0ef-11e1-8676-001e4ce6a070} - G:\TL_Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Run: [GizmoDriveDelegate] => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Admin`\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lancee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {1B977252-65EC-DFCB-E752-794A37822658} URL = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {B06422FF-7A69-44E1-BFE5-E991BFEC709C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL =
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {f629d4d6-d9d2-4d72-b61c-34223be78085} URL = http://slirsredirect.search.aol.com...}&invocationType=tb50-ie-aim-chromesbox-en-us
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> DefaultScope {C2386BB2-AE84-4C26-8C1D-6DF90F2198A9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20131020&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> {C2386BB2-AE84-4C26-8C1D-6DF90F2198A9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US636D20131020&p={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-07] (Google Inc.)
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: HKLM-x32 {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-04-15] (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2013-04-15] (SAP, Walldorf)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/octet-stream - No CLSID Value
Filter: application/x-complus - No CLSID Value
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Filter: application/x-msdownload - No CLSID Value
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F65EBAD0-2C1F-4200-8091-F6EEAACE5C68}: [NameServer] 170.65.228.4,170.65.232.77
FireFox:
========
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-12-20] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-12-20] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @nsroblox.roblox.com/launcher -> C:\Users\Marie\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll [2012-12-18] ( Roblox Corporation)
FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/GoogleTalkPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/O1DPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-06-13] (Google)
FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @talk.google.com/O3DPlugin -> C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Marie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2355649138-3362126530-1860452381-1002: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Marie\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-12-20] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2012-11-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2012-11-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2012-11-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2012-11-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2012-11-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-17] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-12-20] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-06-13] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-06-13] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Marie\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-06-13] (Google)
FF Extension: WOT - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-29]
FF Extension: Pin It button - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\a00sgbe4.default-1396488589006\Extensions\pinterest@robertnyman.com.xpi [2014-06-20]
FF Extension: Word Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\ugnraew@jqhljqmpngx.net [2015-01-28]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-20]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-10-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-10-20]
FF HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Firefox\Extensions: [{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}] - C:\Users\Marie\AppData\Local\{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-07]
CHR Extension: (Google Drive) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-01]
CHR Extension: (YouTube) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
CHR Extension: (Google Search) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
CHR Extension: (SiteAdvisor) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-10-20]
CHR Extension: (RealDownloader) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-07]
CHR Extension: (Google Wallet) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-10-20]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2013-12-07] (BitRaider, LLC)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2010-02-14] (Arainia Solutions) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [1127224 2013-04-23] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-04-23] ()
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S2 fd8830a9; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\sayescoupon\sayescoupon.dll",serv
S2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [X]

 

[Marie Olgin]

==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2010-02-14] (Arainia Solutions LLC)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 htcusbnet; C:\Windows\System32\DRIVERS\htcusbnet.sys [153600 2010-12-15] (HTC Corporation)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [146312 2009-02-13] (NCP Engineering GmbH)
R1 omci; C:\Windows\System32\DRIVERS\omci.sys [26112 2008-08-21] (Dell Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-07] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [16896 2007-04-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2007-04-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [29696 2007-04-19] (LG Electronics Inc.)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments)
S3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2009-04-02] (Check Point Software Technologies)
S3 vna_ap; C:\Windows\System32\DRIVERS\vnaap.sys [161256 2009-04-02] (Check Point Software Technologies)
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Marie\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U2 CP_OMDRV; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 VNASC; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 19:26 - 2015-03-07 19:29 - 00042585 _____ () C:\Users\Marie\Desktop\FRST.txt
2015-03-07 19:25 - 2015-03-07 19:27 - 00000000 ____D () C:\FRST
2015-03-07 19:09 - 2015-03-07 19:09 - 02094592 _____ (Farbar) C:\Users\Marie\Desktop\FRST64.exe
2015-03-07 19:05 - 2015-03-07 19:05 - 00004089 _____ () C:\Users\Marie\Desktop\JRT.txt
2015-03-07 18:50 - 2015-03-07 18:50 - 01388333 _____ (Thisisu) C:\Users\Marie\Desktop\JRT.exe
2015-03-07 18:50 - 2015-03-07 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-07 17:55 - 2015-03-07 17:55 - 02126848 _____ () C:\Users\Marie\Desktop\adwcleaner_4.111.exe
2015-03-07 17:06 - 2015-03-07 17:06 - 00042664 _____ () C:\ComboFix.txt
2015-03-07 16:23 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-07 16:23 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-07 16:23 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-07 16:23 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-07 16:23 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-07 16:23 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-07 16:23 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-07 16:23 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-07 11:42 - 2015-03-07 12:15 - 00000000 ____D () C:\Users\Marie\Desktop\mbar
2015-03-07 11:41 - 2015-03-07 11:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Marie\Desktop\mbar-1.09.1.1004.exe
2015-03-07 10:58 - 2015-03-07 10:59 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-07 10:58 - 2015-03-07 10:59 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-07 10:57 - 2015-03-07 10:58 - 15568472 _____ () C:\Users\Marie\Desktop\RogueKiller.exe
2015-03-07 10:22 - 2015-03-07 10:22 - 00030231 _____ () C:\Users\Marie\Desktop\dds.txt
2015-03-07 10:22 - 2015-03-07 10:22 - 00016234 _____ () C:\Users\Marie\Desktop\attach.txt
2015-03-07 10:20 - 2015-03-07 10:20 - 00688992 ____R (Swearware) C:\Users\Marie\Desktop\dds.com
2015-03-07 10:13 - 2015-03-07 10:13 - 00012768 _____ () C:\mbam.txt
2015-02-26 01:18 - 2015-03-07 09:59 - 00000000 ____D () C:\Program Files (x86)\Jobisjob Alerts
2015-02-25 18:30 - 2015-02-25 18:30 - 00583921 _____ () C:\Users\Marie\Desktop\Aether Mod Installer.zip
2015-02-25 18:29 - 2015-02-25 18:29 - 01169408 _____ () C:\Users\Marie\Desktop\Aether Mod Installer.exe
2015-02-20 03:17 - 2015-03-07 09:59 - 00000000 ____D () C:\Program Files (x86)\SiteLauncher
2015-02-20 02:58 - 2015-03-07 09:59 - 00000000 ____D () C:\Program Files (x86)\Omnifinder
2015-02-18 20:04 - 2015-02-18 20:04 - 00001061 _____ () C:\Users\Marie\Desktop\mbam.txt
2015-02-18 20:00 - 2015-02-18 20:01 - 00000000 ____D () C:\Users\Marie\Desktop\Corolla
2015-02-18 11:05 - 2015-02-18 11:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Marie\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-18 10:47 - 2015-03-05 17:09 - 00000020 _____ () C:\Users\Marie\AppData\Roaming\appdataFr3.bin
2015-02-13 03:33 - 2015-02-13 03:32 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-02-13 03:33 - 2015-02-13 03:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-02-13 03:33 - 2015-02-13 03:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-02-13 03:33 - 2015-02-13 03:32 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-02-13 03:32 - 2015-02-13 03:32 - 00000000 ____D () C:\Program Files\Java
2015-02-13 03:30 - 2015-02-13 03:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-02-13 03:30 - 2015-02-13 03:28 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-02-13 03:30 - 2015-02-13 03:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-02-13 03:30 - 2015-02-13 03:28 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-02-13 03:28 - 2015-02-13 03:28 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-12 16:40 - 2015-02-12 16:40 - 00000000 ____D () C:\Program Files (x86)\Facebook Image Zoom and Downloader
2015-02-12 16:38 - 2015-02-18 20:04 - 00000000 ____D () C:\ProgramData\{c4b73411-ea95-7132-c4b7-73411ea9d047}
2015-02-12 14:45 - 2015-02-12 17:19 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.evanMCLauncher
2015-02-12 04:07 - 2015-01-22 21:07 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 04:07 - 2015-01-22 20:59 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-12 04:07 - 2015-01-22 20:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 04:07 - 2015-01-22 19:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-12 03:29 - 2015-01-08 17:34 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 03:29 - 2014-12-07 18:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-12 03:29 - 2014-12-07 18:37 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-12 03:29 - 2014-11-25 19:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-12 03:29 - 2014-11-25 18:42 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 03:18 - 2015-01-12 18:51 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 03:18 - 2015-01-12 18:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-12 03:13 - 2015-02-12 03:14 - 01373310 _____ () C:\Windows\dd_vstor40_x64MSI0966.txt
2015-02-12 03:13 - 2015-02-12 03:14 - 00020366 _____ () C:\Windows\dd_vstor40_x64UI0966.txt
2015-02-12 03:13 - 2015-01-14 23:53 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-12 03:13 - 2015-01-14 21:08 - 00516536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 04:16 - 2015-01-13 19:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 04:16 - 2015-01-13 18:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 04:16 - 2015-01-13 18:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 04:15 - 2015-01-13 20:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 04:15 - 2015-01-13 19:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 04:15 - 2015-01-13 19:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 04:15 - 2015-01-13 19:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 04:15 - 2015-01-13 19:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 04:15 - 2015-01-13 19:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 04:15 - 2015-01-13 19:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 04:15 - 2015-01-13 19:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 04:15 - 2015-01-13 19:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 04:15 - 2015-01-13 19:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 04:15 - 2015-01-13 19:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 04:15 - 2015-01-13 19:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 04:15 - 2015-01-13 19:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 04:15 - 2015-01-13 19:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 04:15 - 2015-01-13 19:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 04:15 - 2015-01-13 19:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 04:15 - 2015-01-13 19:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 04:15 - 2015-01-13 19:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 04:15 - 2015-01-13 19:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-11 04:15 - 2015-01-13 18:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 04:15 - 2015-01-13 18:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 04:15 - 2015-01-13 18:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 04:15 - 2015-01-13 18:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 04:15 - 2015-01-13 18:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 04:15 - 2015-01-13 18:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 04:15 - 2015-01-13 18:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 04:15 - 2015-01-13 18:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 04:15 - 2015-01-13 18:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 04:15 - 2015-01-13 18:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-11 04:15 - 2015-01-13 18:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 04:15 - 2015-01-13 18:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 04:15 - 2015-01-13 18:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 04:15 - 2015-01-13 18:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 04:15 - 2015-01-13 18:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 04:15 - 2015-01-13 18:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-11 04:15 - 2015-01-13 18:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-11 04:15 - 2015-01-13 18:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-05 06:16 - 2015-03-07 19:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0.job
2015-02-05 06:16 - 2015-02-05 06:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 19:27 - 2009-05-19 20:06 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job
2015-03-07 19:21 - 2014-11-14 01:11 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2.job
2015-03-07 19:16 - 2014-05-08 00:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56.job
2015-03-07 19:05 - 2009-05-07 11:02 - 01365469 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 18:58 - 2012-04-11 07:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 18:50 - 2013-10-20 13:48 - 00001753 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2015-03-07 18:48 - 2011-04-21 15:29 - 00000000 ___RD () C:\Users\Marie\Dropbox
2015-03-07 18:48 - 2011-04-21 15:10 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\Dropbox
2015-03-07 18:46 - 2014-06-13 03:22 - 00036680 _____ () C:\Windows\SecuniaPackage.log
2015-03-07 18:46 - 2014-05-27 18:41 - 00000863 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-07 18:46 - 2006-11-02 08:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-07 18:42 - 2014-12-18 21:48 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002
2015-03-07 18:42 - 2014-12-18 21:48 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002
2015-03-07 18:42 - 2009-05-16 20:41 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-07 18:41 - 2014-06-21 09:59 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500.job
2015-03-07 18:40 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 18:17 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 18:17 - 2006-11-02 08:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 18:12 - 2013-04-27 21:39 - 00756144 _____ () C:\Windows\PFRO.log
2015-03-07 18:08 - 2009-05-07 11:02 - 00002140 _____ () C:\Windows\bthservsdp.dat
2015-03-07 18:08 - 2006-11-02 08:42 - 00032634 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 18:04 - 2014-05-25 19:37 - 00000000 ____D () C:\AdwCleaner
2015-03-07 17:06 - 2014-05-25 19:01 - 00000000 ____D () C:\Qoobox
2015-03-07 17:06 - 2014-01-18 19:15 - 00000000 ____D () C:\Users\Marie\AppData\Local\Apps\2.0
2015-03-07 17:02 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-07 15:09 - 2011-06-03 11:32 - 00003686 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E20016A9-FAB2-47E1-AB21-0D7A8DF34D7A}
2015-03-07 14:40 - 2009-05-16 20:42 - 00000000 ____D () C:\Users\RA Media Server
2015-03-07 12:15 - 2013-06-21 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-07 11:42 - 2014-05-14 19:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 11:42 - 2014-05-14 19:32 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-07 10:03 - 2013-10-20 13:47 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-03 17:34 - 2014-03-11 13:43 - 00000000 ____D () C:\Users\Marie\AppData\Local\CrashDumps
2015-03-02 15:26 - 2010-02-13 20:41 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-02 14:39 - 2012-02-13 22:03 - 00000000 ____D () C:\Users\Marie\Documents\Rentals
2015-02-21 20:34 - 2015-01-22 17:58 - 00000070 _____ () C:\Users\Marie\.atl.properties
2015-02-20 12:58 - 2014-09-22 19:46 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002
2015-02-20 12:58 - 2014-09-22 19:46 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002
2015-02-19 23:22 - 2015-01-19 15:52 - 00000844 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-02-19 18:13 - 2013-10-12 00:18 - 00000000 ____D () C:\Users\Marie\Desktop\Minecraft
2015-02-18 20:05 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\tracing
2015-02-18 20:04 - 2014-03-21 00:26 - 00000000 ____D () C:\Users\RA Media Server\AppData\Local\CrashDumps
2015-02-18 20:04 - 2013-11-27 19:32 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2015-02-18 11:07 - 2014-05-14 19:33 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-18 11:07 - 2014-05-14 19:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-17 15:53 - 2009-05-26 09:36 - 00000000 ____D () C:\Users\Marie\Documents\Quicken
2015-02-15 22:51 - 2013-09-04 17:35 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.aether
2015-02-15 12:41 - 2006-11-02 05:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 12:38 - 2013-05-09 17:51 - 00037113 _____ () C:\Windows\setupact.log
2015-02-13 13:01 - 2012-09-27 08:02 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 21:40 - 2011-10-01 20:41 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.minecraft
2015-02-12 21:30 - 2013-09-02 09:16 - 00000000 ____D () C:\Minecraft_Backup
2015-02-12 16:58 - 2013-09-14 22:19 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\.technic
2015-02-12 03:49 - 2006-11-02 08:21 - 00482280 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:48 - 2014-04-02 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-12 03:29 - 2009-06-01 16:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 03:29 - 2006-11-02 05:34 - 00000262 _____ () C:\Windows\win.ini
2015-02-12 03:13 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:02 - 2006-11-02 05:35 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-05 07:58 - 2012-04-11 07:02 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 06:58 - 2012-04-11 07:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 06:58 - 2011-06-08 09:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 06:16 - 2014-11-14 01:11 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2
2015-02-05 06:16 - 2014-06-21 09:59 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500
==================== Files in the root of some directories =======
2011-08-22 21:00 - 2011-08-22 21:00 - 0000272 _____ () C:\Users\Marie\AppData\Roaming\.backup.dm
2015-02-18 10:47 - 2015-03-05 17:09 - 0000020 _____ () C:\Users\Marie\AppData\Roaming\appdataFr3.bin
2013-11-27 19:44 - 2013-11-27 19:44 - 0000125 _____ () C:\Users\Marie\AppData\Roaming\Camdata.ini
2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamLayout.ini
2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamShapes.ini
2013-11-27 19:44 - 2013-11-27 19:44 - 0004536 _____ () C:\Users\Marie\AppData\Roaming\CamStudio.cfg
2009-08-09 19:16 - 2012-12-31 14:48 - 0007859 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.cat
2009-08-09 19:16 - 2012-12-31 14:48 - 0001167 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.inf
2009-08-09 19:16 - 2012-12-31 14:48 - 0000033 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.log
2009-08-09 19:16 - 2012-12-31 14:48 - 0082816 _____ (VSO Software) C:\Users\Marie\AppData\Roaming\pcouffin.sys
2010-01-26 22:32 - 2010-01-26 22:32 - 0017043 _____ () C:\Users\Marie\AppData\Roaming\UserTile.png
2013-11-27 19:33 - 2013-11-27 19:33 - 0000096 _____ () C:\Users\Marie\AppData\Roaming\version2.xml
2013-12-22 08:13 - 2014-03-30 00:33 - 0000154 _____ () C:\Users\Marie\AppData\Roaming\WB.CFG
2009-06-01 16:04 - 2014-05-15 17:40 - 0009322 _____ () C:\Users\Marie\AppData\Roaming\wklnhst.dat
2013-11-17 10:52 - 2014-07-18 23:08 - 0001460 _____ () C:\Users\Marie\AppData\Local\d3d9caps64.dat
2013-07-14 15:14 - 2015-01-18 10:40 - 0018944 _____ () C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-18 17:44 - 2013-10-18 17:44 - 0156520 _____ () C:\Users\Marie\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-10-18 17:44 - 2013-10-18 17:44 - 0000002 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35error.txt
2013-10-18 17:44 - 2013-10-18 17:45 - 0465968 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35install.txt
2013-10-18 17:45 - 2013-10-18 17:45 - 2823280 _____ () C:\Users\Marie\AppData\Local\dd_NET_Framework35_x64_MSI0834.txt
2013-07-07 21:22 - 2013-07-07 21:22 - 0392148 _____ () C:\Users\Marie\AppData\Local\dd_vcredistMSI3EDC.txt
2013-07-07 21:22 - 2013-07-07 21:22 - 0013534 _____ () C:\Users\Marie\AppData\Local\dd_vcredistUI3EDC.txt
2013-03-09 18:52 - 2013-10-18 17:45 - 0029644 _____ () C:\Users\Marie\AppData\Local\uxeventlog.txt
2012-12-31 14:14 - 2012-12-31 14:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-25 18:56 - 2010-11-25 18:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Files to move or delete:
====================
C:\Users\Marie\jagex_runescape_preferences.dat
C:\Users\Marie\jagex_runescape_preferences2.dat
C:\Users\Public\WLC_011296735611.dat

Some content of TEMP:
====================
C:\Users\Marie\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll
C:\Users\Marie\AppData\Local\temp\Quarantine.exe
C:\Users\Marie\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-07 18:52
==================== End Of Log ============================

 

[Marie Olgin]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by Marie at 2015-03-07 19:29:56
Running from C:\Users\Marie\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 bit Windows Card Reader Driver (HKLM-x32\...\{58192647-B4DD-45E1-9C3C-1614B4A03897}) (Version: 1.1.0.0 - TEAC)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.16.3 - Mirillis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version: - )
AOL Toolbar (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\AOL Toolbar) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0917.0336 - )
Avidemux 2.6 (HKLM-x32\...\Avidemux 2.6 (64-bit)) (Version: 2.6.1.8321 - )
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CamStudio (HKLM-x32\...\CamStudio) (Version: - )
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon MP Navigator 2.2 (HKLM-x32\...\MP Navigator 2.2) (Version: - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )
ccc-core-static (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer Input Chrome Extension (remove only) (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Consumer Input Chrome Extension) (Version: 3.1.0.84 - Compete Inc.) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dell Client Configuration Utility - Powered by Altiris (HKLM-x32\...\{5CDEC102-451E-4D1D-A091-9D93F41532F5}) (Version: 3.0.1213.0 - Altiris)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Remote Access (HKLM-x32\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dropbox (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Dropbox) (Version: 1.6.11 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EA Download Manager (HKLM-x32\...\EADM) (Version: 7.2.0.32 - Electronic Arts, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.17 - NCH Software)
Facebook Image Zoom and Downloader (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
Five Nights at Freddy's DEMO (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\Five Nights at Freddy's DEMO) (Version: - )
GCalc 3 (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\GCalc 3) (Version: - gcalc.net)
GIMP 2.6.7 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - )
GIMPshop 2.2.8 (HKLM-x32\...\GIMPshop) (Version: 2.2.8 - The GIMP team (hack by Scott Moschella))
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{3544DED1-07DB-40C0-98F3-435A6DA195C7}) (Version: 3.0.14346 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}) (Version: 4.1.3.13728 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
Hauppauge MCE XP/Vista Software Encoder (2.0.26057) (HKLM-x32\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.26057 - Hauppauge Computer Works, Inc.)
Hauppauge WinTV (HKLM-x32\...\Hauppauge WinTV) (Version: - )
Hauppauge WinTV Soft PVR (HKLM-x32\...\Hauppauge WinTV Soft PVR) (Version: - )
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Horizon v2.7.3.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.3.0 - Daring Development Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5848A26C-E4BC-4A13-AA8D-810BA344475A}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{14ABDFC2-491B-4AF0-8134-CC5596D0EF57}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
Intel(R) Network Connections 13.1.33.0 (HKLM\...\PROSetDX) (Version: 13.1.33.0 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo FilterSDK for Hauppauge (HKLM-x32\...\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}) (Version: - InterVideo Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeePass Password Safe 1.21 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.21 - Dominik Reichl)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.7 - LG Electronics)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.6.0.8 - Logitech)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Luxor 2 (remove only) (HKLM-x32\...\Luxor2) (Version: - )
magicJack (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET 2.0 AJAX Extensions 1.0 (HKLM-x32\...\{082BDF7B-4810-4599-BF0D-E3AC44EC8524}) (Version: 1.0.61025 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Move Media Player (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPlayer (remove only) (HKLM-x32\...\MPlayer) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.2 - Notepad++ Team)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
Open Workbench (HKLM-x32\...\{1E9A9E08-0366-45EE-9B66-51852F8D9812}) (Version: 1.1.6 - CA)
OpenOffice.org 3.2 (HKLM-x32\...\{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}) (Version: 3.2.9502 - OpenOffice.org)
oPryzeLP MC360 Mod Tool (HKLM-x32\...\oPryzeLP MC360 Mod Tool) (Version: - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Presto! PageManager 7.15.14 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
Quicken 2009 (HKLM-x32\...\{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}) (Version: 18.1.4.14 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5783 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
ROBLOX Player for Marie (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Player for Marie (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 2 - SAP)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Serif PagePlus SE 1.0 (HKLM-x32\...\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}) (Version: 1.00 - Serif)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
Skins (x32 Version: 2008.0917.337.4556 - ATI) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snagit 11 (HKLM-x32\...\{E724600B-5568-47C7-ACDF-490D366719E2}) (Version: 11.4.0 - TechSmith Corporation)
SNC Client Encryption (HKLM-x32\...\SAP Channel Encryption) (Version: - SAP AG)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.25 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
The Sims Carnival SnapCity (HKLM-x32\...\{DF0B1D6F-DEC5-4831-00B7-FC2ACB464C31}) (Version: - Electronic Arts)
The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version: - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.15.34 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software 6.0.1.4303 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4303 - Dell)
WinDirStat 1.1.2 (HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
WModem_Installer (HKLM-x32\...\{4AFCAB25-A7BB-4C07-9EBD-291B0FC0E69D}) (Version: 2.19.0.0 - HTC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RA Media Server\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\RA Media Server\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevat (the data entry has 14 more characters).
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{FE0D8F60-5A07-40a1-85EC-4FFB7E0F2306}\localserver32 -> C:\Users\RA Media Server\AppData\Local\Roblox\Versions\version-037c042a4c1b49fd\RobloxApp.exe No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Marie\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\hpcdmc64.dll (HP)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{FE0D8F60-5A07-40a1-85EC-4FFB7E0F2306}\localserver32 -> C:\Users\Marie\AppData\Local\Roblox\Versions\version-037c042a4c1b49fd\RobloxApp.exe (ROBLOX Corporation)
==================== Restore Points =========================
20-02-2015 00:00:01 Scheduled Checkpoint
21-02-2015 00:00:01 Scheduled Checkpoint
22-02-2015 00:00:03 Scheduled Checkpoint
28-02-2015 06:51:55 Scheduled Checkpoint
01-03-2015 00:00:01 Scheduled Checkpoint
07-03-2015 11:21:45 After Rogue Killer, Before MBAR, 20150307 112100
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 05:34 - 2015-03-07 17:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

 

[Marie Olgin]

==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {13E5A490-7A17-4438-81ED-3A165EFA8BDC} - System32\Tasks\{A882F562-992F-42F7-A7FE-232AC52C78B4} => pcalua.exe -a "C:\Remote Programs\Cradle of Rome\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=554750;name=Cradle of Rome;dir=C:\Remote Programs\Cradle of Rome\;prvid=143;cmdid=1;prvdir=Default
Task: {271E0AE3-70F5-4100-AB4F-85FC4181BC30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {29FCA22B-A48B-40A6-A3DE-A593578875B4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {311CA17E-8B32-4464-8858-CE00765D2FAA} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2010-02-14] (Arainia Solutions)
Task: {364769BA-4B96-423E-854A-FB9D3CA79A68} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {37B6C963-155C-4216-8373-3FFCDC07FB17} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {383866BB-D42A-454A-BB88-B2F23F2EB7CB} - System32\Tasks\{C967AFD9-DD7B-4567-BDF6-24FAB0298C02} => pcalua.exe -a C:\Users\Marie\Downloads\BATKUSETUP.EXE -d C:\Users\Marie\Downloads
Task: {3A8743B6-D1D7-4A89-A9A9-293374589848} - System32\Tasks\Total Domination => chrome.exe
Task: {69EA1084-F492-432D-ABB8-B3B3E3BA9A0D} - System32\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {729EAEC5-C513-4458-A74D-0733507878AE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {787746BC-E92A-4616-9AD0-E7B9FF20133F} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {864932AB-EFB9-4612-9DB8-7495C9000C2C} - System32\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {8719A7DC-B4DB-4880-867D-137694D0357E} - System32\Tasks\Total Domination t => chrome.exe
Task: {8979E046-11EA-428A-9957-D6B6C3B66DC1} - System32\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {8D5CC6E7-3A95-4AA7-946E-C04DB98D1C6D} - System32\Tasks\{07CBC3BD-CA72-46DE-BCB2-E391316454A6} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {A1619FFD-D3F7-40FA-83DD-514B145D022E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {A76A2175-48BF-458F-933C-257634DF1254} - System32\Tasks\{E0CAEB8C-F9D7-4F55-9D29-204D8AF61223} => pcalua.exe -a C:\Users\Marie\Downloads\DCCU_3.0_A01.exe -d C:\Users\Marie\Downloads
Task: {AD5997DE-1123-4FFD-9E9C-25BCC0F8E534} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BBE1556A-F372-4C50-A309-D14B12E34E64} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Marie => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {BDD1000B-4236-4D5B-AAF4-F5D3DC5384A0} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {BF9B3EB5-318D-4960-B46D-60F3CE897746} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-29] (RealNetworks, Inc.)
Task: {C2421DD2-2D5E-4164-B668-B758336221DA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D0E8DDA6-AE36-451E-B16B-8794545E80CC} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {DA76FBD0-B8B3-4D46-8460-9A0ECFC5617C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F732E6F6-40B4-4FFC-8746-5EAA4CFC09F6} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {F75A28C2-0B9F-45D0-BF88-3D3EC60D6577} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2013-10-04] (TechSmith Corporation)
Task: {FA00FEE3-35B2-4E74-9F76-28A734E3755F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {FD836EDE-E64F-4629-B47E-F5C806160648} - System32\Tasks\{9BBF7C36-045C-460E-82BE-24B692D85163} => pcalua.exe -a C:\Users\Marie\Downloads\mpnmp530win222ea13.exe -d C:\Windows\system32
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8d722c6cf500.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6a8bbdc58d56.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfffe28ff177e2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04145fc9841d0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) ==============
2009-05-07 18:26 - 2008-10-17 03:24 - 00117248 _____ () C:\Windows\system32\atitmm64.dll
2007-09-14 11:35 - 2007-09-14 11:35 - 05730304 _____ () C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
2013-04-23 18:55 - 2013-04-23 18:55 - 01127224 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2013-04-15 20:06 - 2013-04-15 20:06 - 00022016 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-04-15 20:06 - 2013-04-15 20:06 - 00116736 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2013-04-15 20:06 - 2013-04-15 20:06 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2013-04-15 20:06 - 2013-04-15 20:06 - 00018432 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2013-04-23 16:40 - 2013-04-23 16:40 - 00035840 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2013-04-15 20:07 - 2013-04-15 20:07 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2013-04-15 20:07 - 2013-04-15 20:07 - 00029184 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2013-04-23 16:40 - 2013-04-23 16:40 - 00039936 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2013-04-15 20:06 - 2013-04-15 20:06 - 00639488 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2013-04-23 18:55 - 2013-04-23 18:55 - 00810808 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2012-11-29 20:31 - 2012-11-29 20:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2010-09-20 18:23 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2008-07-15 16:46 - 2008-07-15 16:46 - 00476160 _____ () C:\Windows\system32\btwhidcs.DLL
2008-07-15 16:57 - 2008-07-15 16:57 - 00167936 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-10-15 03:46 - 2014-10-15 03:46 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\fb06a0d5c2df42cca4a5c8ef48ff1ca7\VistaBridgeLibrary.ni.dll
2010-09-20 18:23 - 2006-09-19 16:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2009-05-07 16:19 - 2009-05-07 16:19 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-09-10 08:46 - 2008-09-10 08:46 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-09-25 12:32 - 2013-09-25 12:32 - 00089088 _____ () C:\Program Files (x86)\NCH Software\ExpressZip\ezcm64.dll
2008-05-19 14:47 - 2008-05-19 14:47 - 00450560 _____ () C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
2007-09-21 11:32 - 2007-09-21 11:32 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\apache\LIBMYSQL.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-09-24 05:27 - 2007-09-24 05:27 - 02035712 _____ () C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\LIBMYSQL.dll
2015-02-10 14:00 - 2015-02-10 14:00 - 00750080 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-07 18:46 - 2015-03-07 18:46 - 00043008 _____ () c:\users\marie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll
2015-02-10 14:00 - 2015-02-10 14:00 - 00047616 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 14:00 - 2015-02-10 14:00 - 00865280 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 14:00 - 2015-02-10 14:00 - 00200704 _____ () C:\Users\Marie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img35.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gizmo.lnk => C:\Windows\pss\Gizmo.lnk.CommonStartup
MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
MSCONFIG\startupreg: GizmoDriveDelegate => RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== Accounts: =============================
Administrator (S-1-5-21-2355649138-3362126530-1860452381-500 - Administrator - Disabled)
Gilbert (S-1-5-21-2355649138-3362126530-1860452381-1003 - Limited - Enabled) => C:\Users\Gilbert
Guest (S-1-5-21-2355649138-3362126530-1860452381-501 - Limited - Enabled)
John (S-1-5-21-2355649138-3362126530-1860452381-1004 - Limited - Enabled) => C:\Users\John
Lancee (S-1-5-21-2355649138-3362126530-1860452381-1005 - Limited - Enabled) => C:\Users\Lancee
Marie (S-1-5-21-2355649138-3362126530-1860452381-1002 - Administrator - Enabled) => C:\Users\Marie
Mcx1 (S-1-5-21-2355649138-3362126530-1860452381-1009 - Administrator - Enabled) => C:\Users\Mcx1
RA Media Server (S-1-5-21-2355649138-3362126530-1860452381-1001 - Administrator - Enabled) => C:\Users\RA Media Server
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-03-07 19:29:38.236
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-07 19:29:37.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-07 19:29:37.694
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-07 19:29:37.423
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-03-07 18:40:32.223
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vnaap.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-07 18:40:31.989
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vnaap.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-07 17:00:06.194
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-07 17:00:05.967
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-07 17:00:05.748
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-03-07 17:00:05.525
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 45%
Total physical RAM: 6134.26 MB
Available physical RAM: 3318.97 MB
Total Pagefile: 12381.98 MB
Available Pagefile: 9300.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:450.69 GB) (Free:4.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:6.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: EFAA31F4)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================

 

[Broni]

Uninstall:

Consumer Input Chrome Extension
Facebook Image Zoom and Downloader

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Marie Olgin]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by Marie at 2015-03-08 09:07:47 Run:1
Running from C:\Users\Marie\Desktop
Loaded Profiles: RA Media Server & Marie (Available profiles: RA Media Server & Marie & Gilbert & John & Lancee & Mcx1)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {01191ed9-0ab2-11e1-9ec3-001e4ce6a070} - M:\TL-Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {1efcc887-cadc-11e0-ae91-001e4ce6a070} - L:\TL_Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {672e82eb-8e03-11e0-9279-f2ded128ae64} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {77bf3be5-4b57-11e2-a3fa-001e4ce6a070} - L:\MotoCastSetup.exe -a
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {8c727fea-674b-11e0-9b57-001e4ce6a070} - K:\TL_Bootstrap.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad5-3b30-11de-af16-806e6f6e6963} - E:\RunGame.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {c16adad6-3b30-11de-af16-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\...\MountPoints2: {d776dd1a-b0ef-11e1-8676-001e4ce6a070} - G:\TL_Bootstrap.exe
GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
Toolbar: HKU\.DEFAULT -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Filter: application/octet-stream - No CLSID Value
Filter: application/x-complus - No CLSID Value
Filter: application/x-msdownload - No CLSID Value
S2 fd8830a9; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\sayescoupon\sayescoupon.dll",serv
S2 TracSrvWrapper; C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [X]
c:\Program Files (x86)\sayescoupon
S1 Beep; No ImagePath
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Marie\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U2 CP_OMDRV; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U2 VNASC; No ImagePath
2011-08-22 21:00 - 2011-08-22 21:00 - 0000272 _____ () C:\Users\Marie\AppData\Roaming\.backup.dm
2015-02-18 10:47 - 2015-03-05 17:09 - 0000020 _____ () C:\Users\Marie\AppData\Roaming\appdataFr3.bin
2013-11-27 19:44 - 2013-11-27 19:44 - 0000125 _____ () C:\Users\Marie\AppData\Roaming\Camdata.ini
2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamLayout.ini
2013-11-27 19:44 - 2013-11-27 19:44 - 0000408 _____ () C:\Users\Marie\AppData\Roaming\CamShapes.ini
2013-11-27 19:44 - 2013-11-27 19:44 - 0004536 _____ () C:\Users\Marie\AppData\Roaming\CamStudio.cfg
2009-08-09 19:16 - 2012-12-31 14:48 - 0007859 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.cat
2009-08-09 19:16 - 2012-12-31 14:48 - 0001167 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.inf
2009-08-09 19:16 - 2012-12-31 14:48 - 0000033 _____ () C:\Users\Marie\AppData\Roaming\pcouffin.log
2009-08-09 19:16 - 2012-12-31 14:48 - 0082816 _____ (VSO Software) C:\Users\Marie\AppData\Roaming\pcouffin.sys
2010-01-26 22:32 - 2010-01-26 22:32 - 0017043 _____ () C:\Users\Marie\AppData\Roaming\UserTile.png
2013-11-27 19:33 - 2013-11-27 19:33 - 0000096 _____ () C:\Users\Marie\AppData\Roaming\version2.xml
2013-12-22 08:13 - 2014-03-30 00:33 - 0000154 _____ () C:\Users\Marie\AppData\Roaming\WB.CFG
2009-06-01 16:04 - 2014-05-15 17:40 - 0009322 _____ () C:\Users\Marie\AppData\Roaming\wklnhst.dat
2013-11-17 10:52 - 2014-07-18 23:08 - 0001460 _____ () C:\Users\Marie\AppData\Local\d3d9caps64.dat
2013-07-14 15:14 - 2015-01-18 10:40 - 0018944 _____ () C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-18 17:44 - 2013-10-18 17:44 - 0156520 _____ () C:\Users\Marie\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2013-10-18 17:44 - 2013-10-18 17:44 - 0000002 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35error.txt
2013-10-18 17:44 - 2013-10-18 17:45 - 0465968 _____ () C:\Users\Marie\AppData\Local\dd_dotnetfx35install.txt
2013-10-18 17:45 - 2013-10-18 17:45 - 2823280 _____ () C:\Users\Marie\AppData\Local\dd_NET_Framework35_x64_MSI0834.txt
2013-07-07 21:22 - 2013-07-07 21:22 - 0392148 _____ () C:\Users\Marie\AppData\Local\dd_vcredistMSI3EDC.txt
2013-07-07 21:22 - 2013-07-07 21:22 - 0013534 _____ () C:\Users\Marie\AppData\Local\dd_vcredistUI3EDC.txt
2013-03-09 18:52 - 2013-10-18 17:45 - 0029644 _____ () C:\Users\Marie\AppData\Local\uxeventlog.txt
2012-12-31 14:14 - 2012-12-31 14:14 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-11-25 18:56 - 2010-11-25 18:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
C:\Users\Marie\jagex_runescape_preferences.dat
C:\Users\Marie\jagex_runescape_preferences2.dat
C:\Users\Public\WLC_011296735611.dat
C:\Users\Marie\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll
C:\Users\Marie\AppData\Local\temp\Quarantine.exe
C:\Users\Marie\AppData\Local\temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RA Media Server\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Marie\AppData\Local\Google\Update\1.3.21.149\GoogleUpdateOnDemand.exe" No File
Task: {364769BA-4B96-423E-854A-FB9D3CA79A68} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {C2421DD2-2D5E-4164-B668-B758336221DA} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

*****************
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01191ed9-0ab2-11e1-9ec3-001e4ce6a070}" => Key deleted successfully.
HKCR\CLSID\{01191ed9-0ab2-11e1-9ec3-001e4ce6a070} => Key not found.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1efcc887-cadc-11e0-ae91-001e4ce6a070}" => Key deleted successfully.
HKCR\CLSID\{1efcc887-cadc-11e0-ae91-001e4ce6a070} => Key not found.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{672e82eb-8e03-11e0-9279-f2ded128ae64}" => Key deleted successfully.
HKCR\CLSID\{672e82eb-8e03-11e0-9279-f2ded128ae64} => Key not found.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77bf3be5-4b57-11e2-a3fa-001e4ce6a070}" => Key deleted successfully.
HKCR\CLSID\{77bf3be5-4b57-11e2-a3fa-001e4ce6a070} => Key not found.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c727fea-674b-11e0-9b57-001e4ce6a070}" => Key deleted successfully.
HKCR\CLSID\{8c727fea-674b-11e0-9b57-001e4ce6a070} => Key not found.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c16adad5-3b30-11de-af16-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c16adad5-3b30-11de-af16-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c16adad6-3b30-11de-af16-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c16adad6-3b30-11de-af16-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d776dd1a-b0ef-11e1-8676-001e4ce6a070}" => Key deleted successfully.
HKCR\CLSID\{d776dd1a-b0ef-11e1-8676-001e4ce6a070} => Key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1005\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1004\User => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2355649138-3362126530-1860452381-1003\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => Key deleted successfully.
HKCR\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} => value deleted successfully.
HKCR\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326} => Key not found.
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} => value deleted successfully.
HKCR\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326} => Key not found.
HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Key not found.
HKCR\PROTOCOLS\Filter\Filter: application/octet-stream - No CLSID Value => Key not found.
HKCR\PROTOCOLS\Filter\Filter: application/x-complus - No CLSID Value => Key not found.
HKCR\PROTOCOLS\Filter\Filter: application/x-msdownload - No CLSID Value => Key not found.
fd8830a9 => Service deleted successfully.
TracSrvWrapper => Service deleted successfully.
"c:\Program Files (x86)\sayescoupon" => File/Directory not found.
Beep => Service deleted successfully.
AVGIDSHA => Service deleted successfully.
BRDriver64 => Service deleted successfully.
catchme => Service deleted successfully.
cpuz132 => Service deleted successfully.
CP_OMDRV => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
VNASC => Service deleted successfully.
C:\Users\Marie\AppData\Roaming\.backup.dm => Moved successfully.
C:\Users\Marie\AppData\Roaming\appdataFr3.bin => Moved successfully.
C:\Users\Marie\AppData\Roaming\Camdata.ini => Moved successfully.
C:\Users\Marie\AppData\Roaming\CamLayout.ini => Moved successfully.
C:\Users\Marie\AppData\Roaming\CamShapes.ini => Moved successfully.
C:\Users\Marie\AppData\Roaming\CamStudio.cfg => Moved successfully.
C:\Users\Marie\AppData\Roaming\pcouffin.cat => Moved successfully.
C:\Users\Marie\AppData\Roaming\pcouffin.inf => Moved successfully.
C:\Users\Marie\AppData\Roaming\pcouffin.log => Moved successfully.
C:\Users\Marie\AppData\Roaming\pcouffin.sys => Moved successfully.
C:\Users\Marie\AppData\Roaming\UserTile.png => Moved successfully.
C:\Users\Marie\AppData\Roaming\version2.xml => Moved successfully.
C:\Users\Marie\AppData\Roaming\WB.CFG => Moved successfully.
C:\Users\Marie\AppData\Roaming\wklnhst.dat => Moved successfully.
C:\Users\Marie\AppData\Local\d3d9caps64.dat => Moved successfully.
C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Marie\AppData\Local\dd_depcheck_NETFX_EXP_35.txt => Moved successfully.
C:\Users\Marie\AppData\Local\dd_dotnetfx35error.txt => Moved successfully.
C:\Users\Marie\AppData\Local\dd_dotnetfx35install.txt => Moved successfully.
C:\Users\Marie\AppData\Local\dd_NET_Framework35_x64_MSI0834.txt => Moved successfully.
C:\Users\Marie\AppData\Local\dd_vcredistMSI3EDC.txt => Moved successfully.
C:\Users\Marie\AppData\Local\dd_vcredistUI3EDC.txt => Moved successfully.
C:\Users\Marie\AppData\Local\uxeventlog.txt => Moved successfully.
C:\ProgramData\Ament.ini => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\Users\Marie\jagex_runescape_preferences.dat => Moved successfully.
C:\Users\Marie\jagex_runescape_preferences2.dat => Moved successfully.
C:\Users\Public\WLC_011296735611.dat => Moved successfully.
C:\Users\Marie\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmperbae7.dll => Moved successfully.
C:\Users\Marie\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Marie\AppData\Local\temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
"HKU\S-1-5-21-2355649138-3362126530-1860452381-1002_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{364769BA-4B96-423E-854A-FB9D3CA79A68}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{364769BA-4B96-423E-854A-FB9D3CA79A68}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C2421DD2-2D5E-4164-B668-B758336221DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2421DD2-2D5E-4164-B668-B758336221DA}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\ProgramData\TEMP => ":5D432CE3" ADS removed successfully.

The system needed a reboot.
==== End of Fixlog 09:07:48 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[Marie Olgin]

Results of screen317's Security Check version 0.99.97
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor
Secunia PSI (3.0.0.9016)
JavaFX 2.0.3
Java 7 Update 75
Java version 32-bit out of Date!
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.305
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox 35.0.1 Firefox out of Date!
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.115)
Google Chrome (GoogleUpdate.dll..)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

 

[Marie Olgin]

Farbar Service Scanner Version: 17-01-2015
Ran by Marie (administrator) on 08-03-2015 at 13:38:28
Running from "C:\Users\Marie\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

[Marie Olgin]

Sophos: 0 Threats Found